89210d090febd1c916046f44e5246a24e4352af113d5d9557b8b70de1877e844_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

89210d090febd1c916046f44e5246a24e4352af113d5d9557b8b70de1877e844_NeikiAnalytics.exe
Size

977KB
MD5

70b6c1d4ce14dfdd4e1d211e718c36d0
SHA1

804e5301e8e15f972a11bae69c2a9e1783fb1a34
SHA256

89210d090febd1c916046f44e5246a24e4352af113d5d9557b8b70de1877e844
SHA512

09578dba433ced5449392d92b02deab8a130f318a88a8a7f4637b33495f50d30ca1ecbf63900a2ebf9316c59208eeef992cd902caa6adb05b1526b5ba4b05e6d
SSDEEP

24576:xqxfds+o6pS/B0BEOVxtQM0K1L8XxE/mwmOOMjUV:cSZc7L1L8XxE/JmrMjUV

Score

1^/10

Malware Config

Signatures

Files

89210d090febd1c916046f44e5246a24e4352af113d5d9557b8b70de1877e844_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

1f7caab7012bef846fbdf6fce1bf3788

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:0b:eb:a1:a8:2b:d0:b1:b1:50:68:5d:6f:07:75:4a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2019, 00:00

Not After

29/03/2020, 23:59

Subject

CN=Dragonsoft Security Associates\, Inc.,O=Dragonsoft Security Associates\, Inc.,L=New Taipei,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

22/07/2014, 00:00

Not After

21/07/2024, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:e7:f6:b5:96:eb:91:30:78:ca:3b:04:51:58:b8:41:86:a3:d2:05
Signer

Actual PE Digest

f6:e7:f6:b5:96:eb:91:30:78:ca:3b:04:51:58:b8:41:86:a3:d2:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\JenkinsWorkspace\publish\Tools\webapi\GPOAction.pdb

Imports

advapi32

CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
GetTokenInformation
RegQueryValueExA
CryptReleaseContext
DuplicateToken
RegEnumKeyExA
CryptAcquireContextA
RegOpenKeyExA
RegQueryInfoKeyA
AllocateAndInitializeSid
CryptCreateHash
RegEnumValueA
FreeSid
GetUserNameA
CheckTokenMembership
RegOpenKeyA
CryptDestroyHash
RegCloseKey
CryptHashData
CreateWellKnownSid
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptGenRandom

ws2_32

accept
listen
WSAStartup
ioctlsocket
ntohl
gethostname
inet_ntop
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
htonl

wldap32

ord41
ord50
ord60
ord211
ord46
ord143
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

normaliz

IdnToAscii

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetModuleFileNameW
GetDateFormatW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetEnvironmentVariableA
GetDriveTypeW
MoveFileExW
GetCurrentDirectoryW
GetFullPathNameW
FlushFileBuffers
GetConsoleCP
DeleteFileW
RtlUnwind
GetCurrentProcessId
SetFilePointerEx
LoadLibraryExW
ExitThread
GetCurrentThreadId
FileTimeToSystemTime
MultiByteToWideChar
GetLastError
LocalAlloc
FileTimeToLocalFileTime
LocalFree
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
QueryPerformanceCounter
RaiseException
HeapSize
DecodePointer
DeleteCriticalSection
CreateFileA
GetCurrentProcess
CompareFileTime
WaitForSingleObject
ExpandEnvironmentStringsA
InitializeCriticalSection
WideCharToMultiByte
Sleep
GetConsoleMode
GetExitCodeProcess
GetComputerNameExA
CreateProcessA
ReadFile
CreateDirectoryA
SetCurrentDirectoryA
GetStdHandle
FindFirstFileA
GetProcAddress
RemoveDirectoryA
CopyFileA
SetStdHandle
FindClose
MoveFileA
GlobalMemoryStatusEx
GetModuleFileNameA
FindNextFileA
GetModuleHandleA
CreateMutexA
GetVersionExA
CloseHandle
DeleteFileA
FormatMessageA
SetFilePointer
SystemTimeToFileTime
SetFileTime
WriteFile
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetDateFormatA
GetFileSize
UnmapViewOfFile
GetTickCount
GetLocalTime
GetFileInformationByHandle
SetLastError
VerSetConditionMask
FreeLibrary
LoadLibraryA
VerifyVersionInfoA
GetTickCount64
EnterCriticalSection
LeaveCriticalSection
SleepEx
WaitForSingleObjectEx
GetFileType
PeekNamedPipe
WaitForMultipleObjects
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
GetModuleHandleExW
ExitProcess
GetCPInfo
SystemTimeToTzSpecificLocalTime
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetStringTypeW
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
CreateFileW
GetFileAttributesA
ReadConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
OutputDebugStringW
WriteConsoleW
SetEndOfFile
lstrlenA
InitializeCriticalSectionEx

user32

GetDesktopWindow
wsprintfA
ShowWindow
IsWindow
FindWindowA

shell32

ShellExecuteExA
SHFileOperationA

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

SafeArrayUnaccessData
SysAllocStringLen
VarBstrCat
VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
VariantTimeToSystemTime
SafeArrayAccessData
SysStringLen
VariantClear
SysFreeString
SysAllocString

bcrypt

BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptGetProperty

winhttp

WinHttpSendRequest
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReceiveResponse

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 780KB - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f7caab7012bef846fbdf6fce1bf3788

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0a:0b:eb:a1:a8:2b:d0:b1:b1:50:68:5d:6f:07:75:4aCertificate

Extended Key Usages

Key Usages

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8Certificate

Extended Key Usages

Key Usages

f6:e7:f6:b5:96:eb:91:30:78:ca:3b:04:51:58:b8:41:86:a3:d2:05Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ws2_32

wldap32

normaliz

version

kernel32

user32

shell32

ole32

oleaut32

bcrypt

winhttp

iphlpapi

Sections

.text Size: 780KB - Virtual size: 779KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 34KB - Virtual size: 34KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0a:0b:eb:a1:a8:2b:d0:b1:b1:50:68:5d:6f:07:75:4a
Certificate

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

f6:e7:f6:b5:96:eb:91:30:78:ca:3b:04:51:58:b8:41:86:a3:d2:05
Signer

.text
Size: 780KB - Virtual size: 779KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 34KB - Virtual size: 34KB