098dc6c2565ccb67280c6cec9c909ce70abfc4e4572dc9bdc2c4fb61ec7c42f4_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

098dc6c2565ccb67280c6cec9c909ce70abfc4e4572dc9bdc2c4fb61ec7c42f4_NeikiAnalytics.exe
Size

262KB
MD5

ba6f1727b9a1cbe52f0c7cc825672a10
SHA1

2b2d929f5d7180c17efb791cbde5a18f9cbc9651
SHA256

098dc6c2565ccb67280c6cec9c909ce70abfc4e4572dc9bdc2c4fb61ec7c42f4
SHA512

20a76595e6ce180f7a92c985f7a32ca76d97c27539f4d9c92a6e9d0cc8f88dc11bb06713ffeebf1b475dc384b98d7f68653e55acc6651ee07bc0fcec79a0d9a3
SSDEEP

6144:gSMdT1BCdhKaZFG+ap9tIg/0rQgROl1WvC4M4HkY:RMdT1BCdhKaZVamqgwNY

Score

1^/10

Malware Config

Signatures

Files

098dc6c2565ccb67280c6cec9c909ce70abfc4e4572dc9bdc2c4fb61ec7c42f4_NeikiAnalytics.exe
.dll windows:4 windows x64 arch:x64

5fd6a87e8bfbf9c5aa790ccdecfaece4

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/07/2017, 11:49

Not After

25/07/2020, 11:49

Subject

SERIALNUMBER=CHE-113.666.835,CN=Acronis International GmbH,O=Acronis International GmbH,STREET=Rheinweg 9,L=Schaffhausen,ST=Schaffhausen,C=CH,1.3.6.1.4.1.311.60.2.1.2=#130c53636861666668617573656e,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/07/2017, 11:49

Not After

25/07/2020, 11:49

Subject

SERIALNUMBER=CHE-113.666.835,CN=Acronis International GmbH,O=Acronis International GmbH,STREET=Rheinweg 9,L=Schaffhausen,ST=Schaffhausen,C=CH,1.3.6.1.4.1.311.60.2.1.2=#130c53636861666668617573656e,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:ee:c7:53:1a:3a:4b:71:11:c2:d4:70:fd:d7:47:74:b1:30:f5:67:f9:8e:4c:2a:1c:79:d4:c8:52:f8:99:0b
Signer

Actual PE Digest

cd:ee:c7:53:1a:3a:4b:71:11:c2:d4:70:fd:d7:47:74:b1:30:f5:67:f9:8e:4c:2a:1c:79:d4:c8:52:f8:99:0b

Digest Algorithm

sha256

PE Digest Matches

true

2c:c5:09:e8:08:8d:55:c5:27:c1:d8:cc:2d:44:42:e3:3b:25:70:00
Signer

Actual PE Digest

2c:c5:09:e8:08:8d:55:c5:27:c1:d8:cc:2d:44:42:e3:3b:25:70:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\3\exe\vsa64\release\english\ftrace.pdb

Imports

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
GetUserNameW
RegCloseKey
RegQueryInfoKeyA
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
OpenProcessToken
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueA
SetSecurityInfo

user32

CharToOemA
RegisterClassExW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SendNotifyMessageW
PostMessageW
CreateDialogIndirectParamW
WinHelpW
VkKeyScanExW
VkKeyScanW
SystemParametersInfoW
SetWindowTextW
ModifyMenuW
AppendMenuW
GetClipboardFormatNameW
SendMessageW
RegisterClipboardFormatW
DispatchMessageW
PeekMessageW

gdi32

EnumFontFamiliesExW
GetTextMetricsW
CreateFontIndirectW

shell32

ShellExecuteW
ShellExecuteExW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

msvcp80

?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_K_W_K@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@AEBV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD_K@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@AEBV10@PEB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@AEBV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@AEBV10@_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KAEBV12@_K@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA?AV12@_K0@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2_KB
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@_K_W@Z
?allocate@?$allocator@_W@std@@QEAAPEA_W_K@Z
?deallocate@?$allocator@_W@std@@QEAAXPEA_W_K@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IEAAX_N_K@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAX_K@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0AEBV12@@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV12@PEBD_K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@_K0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_K_W_K@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAX_K_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXAEAV12@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAX_K@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_K_W_K@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@PEBD@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W_K@Z

msvcr80

_get_invalid_parameter_handler
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??3@YAXPEAX@Z
__CxxFrameHandler3
??0exception@std@@QEAA@XZ
??_V@YAXPEAX@Z
??2@YAPEAX_K@Z
_CxxThrowException
??0exception@std@@QEAA@AEBV01@@Z
_purecall
_wcsicmp
memcpy
memchr
memset
memmove_s
free
__C_specific_handler
swscanf
abort
strchr
memcmp
_wgetenv
??0exception@std@@QEAA@AEBQEBDH@Z
_callnewh
__lconv_init
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
_beginthreadex
sprintf
sscanf
_vsnprintf
_initterm_e
_initterm
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_set_invalid_parameter_handler
_wputenv

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualFree
VirtualAlloc
Sleep
CreateEventA
SetEvent
WaitForSingleObject
RaiseException
SetLastError
CloseHandle
GetCurrentThread
GetCurrentProcess
lstrcmpiW
LocalFree
LocalAlloc
GetLastError
GetVersion
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetSystemInfo
SetEnvironmentVariableW
GetEnvironmentVariableW
WriteConsoleW
GetNumberFormatW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetModuleFileNameW
SetComputerNameW
GetComputerNameW
GetStartupInfoW
CreateProcessW
LoadLibraryExW
LoadLibraryW
ExpandEnvironmentStringsW
OutputDebugStringW
GetFullPathNameW
MoveFileExW
MoveFileW
CopyFileW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
GetTempFileNameW
GetTempPathW
FormatMessageW
CreateFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindFirstFileW
FindNextFileW

Exports

Exports

AddEventFuncStub
FreeLibraryHandler
GlobalTraceStub
RemoveEventFuncStub
TraceErrorEvent
TraceEvent
TraceEventWithFields

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fd6a87e8bfbf9c5aa790ccdecfaece4

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3Certificate

Extended Key Usages

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3Certificate

Extended Key Usages

Key Usages

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

cd:ee:c7:53:1a:3a:4b:71:11:c2:d4:70:fd:d7:47:74:b1:30:f5:67:f9:8e:4c:2a:1c:79:d4:c8:52:f8:99:0bSigner

2c:c5:09:e8:08:8d:55:c5:27:c1:d8:cc:2d:44:42:e3:3b:25:70:00Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

user32

gdi32

shell32

comdlg32

msvcp80

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 141KB - Virtual size: 141KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 5KB - Virtual size: 17KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

cd:ee:c7:53:1a:3a:4b:71:11:c2:d4:70:fd:d7:47:74:b1:30:f5:67:f9:8e:4c:2a:1c:79:d4:c8:52:f8:99:0b
Signer

2c:c5:09:e8:08:8d:55:c5:27:c1:d8:cc:2d:44:42:e3:3b:25:70:00
Signer

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 5KB - Virtual size: 17KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB