167598d36c2d0b8de467b63ca17aaed6afff98bb0ba690fa659d928d5ac3d3db_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

167598d36c2d0b8de467b63ca17aaed6afff98bb0ba690fa659d928d5ac3d3db_NeikiAnalytics.exe
Size

221KB
MD5

20f5147d00c59f611c07dc885cfe70c0
SHA1

2aa7b9a3f37afadea24b96df1ef9a6877bde55e4
SHA256

167598d36c2d0b8de467b63ca17aaed6afff98bb0ba690fa659d928d5ac3d3db
SHA512

2d37c1540d92f00ae5079138c10a22c0213ea92d0de1a82f7b02e92770265685147b84b5737fb256f3c1ad399bec8f80e39fa5a4003ca2b85e7f7c024d0cdc97
SSDEEP

3072:FwejF3lwNXqF9JrIryjB+TDPgRbQIOfcTqz9cA+Hb6J0PjcorJvf:Fwzq2ukTjaQIOfcTqzRNmL9H

Score

1^/10

Malware Config

Signatures

Files

167598d36c2d0b8de467b63ca17aaed6afff98bb0ba690fa659d928d5ac3d3db_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

d4e507ac1b5a2afbda411ac31ef3daaa

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:fe
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

82:1b:9c:70:76:58:0d:f8:81:cc:25:3f:5d:d1:0b:aa
Certificate

Issuer

CN=COMODO Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/07/2011, 00:00

Not After

26/07/2014, 23:59

Subject

CN=Andrey Borodin,O=Andrey Borodin,POSTALCODE=394088,STREET=An. Ovseenko 23a-106,L=Voronezh,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:47:e9:e7:ec:b2:6f:7c:92:42:2b:fd:5b:15:4d:b4:33:21:c4:b3
Signer

Actual PE Digest

6c:47:e9:e7:ec:b2:6f:7c:92:42:2b:fd:5b:15:4d:b4:33:21:c4:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringW
CreateEventW
CloseHandle
SetEvent
WaitForMultipleObjects
Sleep
GetLastError
WriteFile
WideCharToMultiByte
SetFilePointer
CreateFileW
GetLocalTime
MultiByteToWideChar
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetACP
IsValidCodePage
GetOEMCP
HeapReAlloc
LoadLibraryExW

user32

wsprintfW
SetRect

ole32

CoTaskMemAlloc
CoTaskMemFree

Exports

Exports

ItvFormat_GetUnit

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4e507ac1b5a2afbda411ac31ef3daaa

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:feCertificate

Key Usages

82:1b:9c:70:76:58:0d:f8:81:cc:25:3f:5d:d1:0b:aaCertificate

Extended Key Usages

Key Usages

6c:47:e9:e7:ec:b2:6f:7c:92:42:2b:fd:5b:15:4d:b4:33:21:c4:b3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 138KB - Virtual size: 137KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 9KB - Virtual size: 19KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:fe
Certificate

82:1b:9c:70:76:58:0d:f8:81:cc:25:3f:5d:d1:0b:aa
Certificate

6c:47:e9:e7:ec:b2:6f:7c:92:42:2b:fd:5b:15:4d:b4:33:21:c4:b3
Signer

.text
Size: 138KB - Virtual size: 137KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 9KB - Virtual size: 19KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB