a5323fe0958c79d941063f34cd1780e556fe1f82705156c5f727549c97c66216_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a5323fe0958c79d941063f34cd1780e556fe1f82705156c5f727549c97c66216_NeikiAnalytics.exe
Size

333KB
MD5

e84d49dbad626398352876b3a76ee5f0
SHA1

d4c8a293664b2eb174faa9f039e37cc35b5d26b9
SHA256

a5323fe0958c79d941063f34cd1780e556fe1f82705156c5f727549c97c66216
SHA512

622e65ae4972759c4ace27f978445df36a876459458a17ff91c456e1b6c42fea281d90f5603a6f8b0b2958bed61d1f966a77c380622fb99335de8db1cf166959
SSDEEP

3072:qMo90qE4w4fzJTOt5jk1TKyaPYaQSDoHx1+LhiZPSlrjYn:/UvSiKyawaQScaK/

Score

1^/10

Malware Config

Signatures

Files

a5323fe0958c79d941063f34cd1780e556fe1f82705156c5f727549c97c66216_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

2801122c1e7aebb188eab7254acd32f0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:8b:b7:ff:00:11:98:7d:c9:69:87:52:15:0d:7b:6c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30/04/2012, 00:00

Not After

22/05/2014, 23:59

Subject

CN=TrustView Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TrustView Inc.,L=Taipei,ST=Taipei,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:db:d2:19:f4:36:f6:ca:2d:64:93:1d:04:59:7c:f1:6a:e9:b1:7b
Signer

Actual PE Digest

ea:db:d2:19:f4:36:f6:ca:2d:64:93:1d:04:59:7c:f1:6a:e9:b1:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\liuyongworkdir\odpv320130806\temp\PolicyCtrl\Win32\Release\PolicyCtrl.pdb

Imports

kernel32

OutputDebugStringA
CloseHandle
GetCurrentProcessId
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetThreadContext
ResumeThread
CreateProcessA
CreateProcessW
TerminateProcess
GetCurrentThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
VirtualQuery
VirtualAlloc
VirtualFree
OpenThread
SuspendThread
Sleep
GetThreadPriority
SetThreadPriority
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
WaitNamedPipeW
WriteFile
ReadFile
CreateFileW
SetFilePointer
CreateFileA
GetModuleHandleA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
DisableThreadLibraryCalls
OutputDebugStringW
VirtualProtectEx
CreateMutexW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
HeapReAlloc
HeapDestroy
HeapCreate
FlushFileBuffers
GetConsoleMode
GetConsoleCP
DeleteCriticalSection
GetStartupInfoA
SetHandleCount
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
HeapFree
HeapAlloc
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement

user32

WindowFromPoint
CallNextHookEx
GetWindowThreadProcessId
MessageBoxW
UnhookWindowsHookEx
SetWindowsHookExW

ws2_32

send
sendto
WSASend
WSASendTo
socket

Exports

Exports

InstallRemoteHook
UnstallRemoteHook

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TVPolic
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2801122c1e7aebb188eab7254acd32f0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

79:8b:b7:ff:00:11:98:7d:c9:69:87:52:15:0d:7b:6cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ea:db:d2:19:f4:36:f6:ca:2d:64:93:1d:04:59:7c:f1:6a:e9:b1:7bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ws2_32

Exports

Exports

Sections

.text Size: 121KB - Virtual size: 121KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 155KB - Virtual size: 163KB

.TVPolic Size: 512B - Virtual size: 4B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

79:8b:b7:ff:00:11:98:7d:c9:69:87:52:15:0d:7b:6c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ea:db:d2:19:f4:36:f6:ca:2d:64:93:1d:04:59:7c:f1:6a:e9:b1:7b
Signer

.text
Size: 121KB - Virtual size: 121KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 155KB - Virtual size: 163KB

.TVPolic
Size: 512B - Virtual size: 4B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB