8baa47993485903b72499be20298b27757a961a31921a982cef6b68d491d2480_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8baa47993485903b72499be20298b27757a961a31921a982cef6b68d491d2480_NeikiAnalytics.exe
Size

466KB
MD5

74a1f52448483a6dde6c071392911ac0
SHA1

c4d499cf30ff09ef4ccbeb6f7be08c1fc31d478b
SHA256

8baa47993485903b72499be20298b27757a961a31921a982cef6b68d491d2480
SHA512

aa6c6f0cc2155625fdec54f2c0454be8cb7464449d8a685d3957ee3f437de6f4467143907fc386358d68ea48767971f0361f058b7d2b9dc38cad7ad6e560f5b2
SSDEEP

6144:9iwNCpQh0Oktc15YyKBhmD1E0vGCoWmJZfNPJF4/+3ioKt51JNrC:rtNkxyKBh6SkoWmJZ17ioKtzrC

Score

1^/10

Malware Config

Signatures

Files

8baa47993485903b72499be20298b27757a961a31921a982cef6b68d491d2480_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

881f80f3dc40365a7e2cbba1af9a4129

Code Sign

1c:13:50:1c:f7:f4:05:07:3d:cd:53:47:62:5c:c5:65
Certificate

Issuer

CN=StartCom Class 3 Object CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL

Not Before

05/02/2016, 14:11

Not After

05/02/2019, 14:11

Subject

CN=Körtner & Muth GmbH,O=Körtner & Muth GmbH,L=Hamburg,ST=Hamburg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

78:22:43:a1:53:df:28:0a:1f:fa:e1:5c:d0:28:4c:86
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

16/12/2015, 01:00

Not After

16/12/2030, 01:00

Subject

CN=StartCom Class 3 Object CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:45:02:eb:63:15:0c:a5:b1:95:23:f1:53:56:91:2f:e5
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:ad:22:95:9b:86:30:1e:eb:2d:ef:f3:33:27:b5:17:4f:66:15:02
Signer

Actual PE Digest

5b:ad:22:95:9b:86:30:1e:eb:2d:ef:f3:33:27:b5:17:4f:66:15:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryW
LockFileEx
UnlockFileEx
FindClose
FindFirstFileW
GetTempPathW
GetTempFileNameW
GetDiskFreeSpaceW
LocalFree
GetLastError
LocalAlloc
MoveFileExW
GetVersionExW
CloseHandle
CreateFileW
Sleep
WaitForSingleObject
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetThreadLocale
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
LCMapStringW
ReadFile
CreateProcessW
GetCurrentProcess
WriteFile
GetModuleFileNameW
LoadLibraryA
GetCurrentThread
lstrlenW
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
lstrcmpW
GlobalLock
LoadResource
FindResourceW
LockResource
GlobalFree
GlobalUnlock
GetModuleHandleW
lstrcpyW
GlobalFindAtomW
GlobalAddAtomW
lstrcatW
GetVersion
lstrlenA
GetModuleHandleA
InterlockedDecrement
SetLastError
MulDiv
InterlockedIncrement
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpynW
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcmpiW
GlobalFlags
WritePrivateProfileStringW
GetCurrentDirectoryW
GetProcessVersion
SizeofResource
SetErrorMode
SetFilePointer
FlushFileBuffers
SetEndOfFile
DeleteFileW
GetFullPathNameW
GetFileAttributesW
SetFileAttributesW
GetStartupInfoW
ExitProcess
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
GetFileInformationByHandle
PeekNamedPipe
GetFileType
SetStdHandle
SetEnvironmentVariableW
SetCurrentDirectoryW
GetDriveTypeA
FindNextFileW
RemoveDirectoryW
DeleteFileA
RaiseException
TerminateProcess
GetTimeZoneInformation
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetUnhandledExceptionFilter
LCMapStringA
IsBadReadPtr
IsBadCodePtr
GetExitCodeProcess
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetLocaleInfoW
CompareStringA
SetEnvironmentVariableA
GetProfileStringA
GlobalAddAtomA
FindResourceA

user32

LoadIconW
SendMessageW
PostMessageW
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
EnableWindow
MessageBeep
GetParent
OffsetRect
PtInRect
EqualRect
GetWindow
GetWindowRect
GetClassNameW
SetWindowLongW
GetWindowLongW
SetTimer
UpdateWindow
IsRectEmpty
GetFocus
IsWindow
IsChild
GetTopWindow
ModifyMenuW
GetSubMenu
GetMenuItemID
GetMenuItemCount
CallWindowProcW
GetClassInfoW
InvalidateRect
EndPaint
GetSysColor
BeginPaint
SetCaretPos
FillRect
PostQuitMessage
SetCursor
MessageBoxW
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExW
GetCursorPos
PeekMessageW
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
LoadBitmapW
GetMenuCheckMarkDimensions
GetDlgItem
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
EndDialog
GetWindowPlacement
SystemParametersInfoW
IntersectRect
RegisterWindowMessageW
SetWindowPos
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropW
GetPropW
UnhookWindowsHookEx
SetPropW
CreateWindowExW
DefWindowProcW
GetDlgCtrlID
GetWindowTextW
GetWindowTextLengthW
GetMenu
RegisterClassW
wsprintfW
WinHelpW
GetCapture
CopyRect
ScreenToClient
AdjustWindowRectEx
SetFocus
MapWindowPoints
SendDlgItemMessageA
SendDlgItemMessageW
IsDialogMessageW
SetWindowTextW
MoveWindow
ShowWindow
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
TabbedTextOutW
DrawTextW
GrayStringW
LoadStringW
DestroyMenu
InflateRect
LoadCursorW
GetSysColorBrush
GetPropA
SetPropA
SetWindowLongA
GetClassNameA
IsWindowUnicode
SendMessageA
GetWindowLongA
SetWindowsHookExA
RemovePropA
CallWindowProcA
CharNextA
DefWindowProcA
DefDlgProcA
GetClassInfoA
DrawFocusRect
DrawTextA
GetWindowTextA
ExcludeUpdateRgn
ShowCaret
HideCaret
GetWindowTextLengthA
UnregisterClassW

gdi32

Rectangle
CreateFontIndirectW
ExtTextOutW
GetTextMetricsW
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetObjectW
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
DeleteObject
GetDeviceCaps
CreatePen
CreateSolidBrush
PtVisible
RectVisible
TextOutW
Escape
PatBlt
DPtoLP
ExtTextOutA
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap

comdlg32

GetSaveFileNameW
GetOpenFileNameW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW

comctl32

ord17

Sections

.text
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

881f80f3dc40365a7e2cbba1af9a4129

Code Sign

1c:13:50:1c:f7:f4:05:07:3d:cd:53:47:62:5c:c5:65Certificate

Extended Key Usages

Key Usages

78:22:43:a1:53:df:28:0a:1f:fa:e1:5c:d0:28:4c:86Certificate

Extended Key Usages

Key Usages

11:21:45:02:eb:63:15:0c:a5:b1:95:23:f1:53:56:91:2f:e5Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

5b:ad:22:95:9b:86:30:1e:eb:2d:ef:f3:33:27:b5:17:4f:66:15:02Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 280KB - Virtual size: 276KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 20KB - Virtual size: 44KB

SHARED Size: 4KB - Virtual size: 12B

.rsrc Size: 104KB - Virtual size: 103KB

1c:13:50:1c:f7:f4:05:07:3d:cd:53:47:62:5c:c5:65
Certificate

78:22:43:a1:53:df:28:0a:1f:fa:e1:5c:d0:28:4c:86
Certificate

11:21:45:02:eb:63:15:0c:a5:b1:95:23:f1:53:56:91:2f:e5
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

5b:ad:22:95:9b:86:30:1e:eb:2d:ef:f3:33:27:b5:17:4f:66:15:02
Signer

.text
Size: 280KB - Virtual size: 276KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 20KB - Virtual size: 44KB

SHARED
Size: 4KB - Virtual size: 12B

.rsrc
Size: 104KB - Virtual size: 103KB