0d5ca1e438c82a299c066497c3ce57039517ddf367853a836a1584db3312d0ed_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0d5ca1e438c82a299c066497c3ce57039517ddf367853a836a1584db3312d0ed_NeikiAnalytics.exe
Size

495KB
MD5

75c701e31bbe2d797e648c80829e9710
SHA1

f1081e85d50010c3bf10e1f1ba40ac166ece698d
SHA256

0d5ca1e438c82a299c066497c3ce57039517ddf367853a836a1584db3312d0ed
SHA512

f3ecab07b3ba47ff3d77c0d8386886bb2cdb863e2557560d80b0de8f04b5b7e2690d901f2c6e261e551af7db5f906b87ccece6a26e4ba99029e850434831e8cf
SSDEEP

6144:DCM2c2CaVPsqlc0Td2l9pdHHIT98M0q4roww7FuAj4masXqOWmjWrUO:N2c2/s6c0cvIH4rxw7FuAj4hsXGl

Score

1^/10

Malware Config

Signatures

Files

0d5ca1e438c82a299c066497c3ce57039517ddf367853a836a1584db3312d0ed_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

af139f9919a525319739507d9f356982

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

69:b3:f0:85:55:16:b8:86:5a:44:a9:b1:e4:1b:f7:9c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/06/2012, 00:00

Not After

13/06/2013, 23:59

Subject

CN=南京德普达电子技术有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=南京德普达电子技术有限公司,L=南京,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

87:f2:8e:14:28:02:33:7c:71:a5:41:8c:00:04:5f:cc:15:78:2b:3e
Signer

Actual PE Digest

87:f2:8e:14:28:02:33:7c:71:a5:41:8c:00:04:5f:cc:15:78:2b:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mixerClose

wininet

InternetFindNextFileA
FtpDeleteFileA
FtpPutFileA
FtpCreateDirectoryA
FtpGetFileA
FtpFindFirstFileA
InternetCloseHandle
InternetReadFile
FtpOpenFileA
FtpSetCurrentDirectoryA
InternetWriteFile
InternetConnectA
InternetSetOptionA
InternetOpenA

msimg32

TransparentBlt

comctl32

InitCommonControlsEx
ImageList_EndDrag
ImageList_DragMove
ImageList_BeginDrag
ImageList_DragShowNolock
CreateToolbarEx
ImageList_Destroy
ImageList_LoadImageA
ord17

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetModuleFileNameA
lstrcatA
lstrcatW
GlobalFree
GlobalUnlock
lstrcpyW
GlobalLock
GlobalAlloc
MulDiv
CreateThread
GetVersion
Sleep
CloseHandle
WriteFile
CreateFileA
lstrlenW
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
ReadFile
GetCurrentThreadId
WriteProfileStringA
GetProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStringA
WritePrivateProfileStringA
WinExec
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateDirectoryA
CopyFileA
GetTempFileNameA
FreeLibrary
lstrcpyA
LoadLibraryA
GetLocalTime
GetModuleHandleA
GetExitCodeThread
GetLastError
GetSystemDirectoryA
GetDriveTypeA
GetLogicalDriveStringsA
RemoveDirectoryA
GetDiskFreeSpaceExA
lstrcmpiA
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
HeapFree
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCommandLineA
GetStartupInfoA
GetFileAttributesA
GetTimeZoneInformation
GetSystemTimeAsFileTime
RtlUnwind
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
HeapAlloc
ExitProcess
GetCurrentProcess
GetStdHandle
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
VirtualProtect
FreeEnvironmentStringsA
GetSystemInfo
VirtualQuery
SetFilePointer
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
InitializeCriticalSection
SetStdHandle
HeapSize
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFullPathNameA
GetCurrentDirectoryA
GetProcAddress

user32

GetWindowTextLengthA
PostQuitMessage
RegisterClassExA
GetClassInfoExA
UpdateWindow
WaitMessage
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
SetForegroundWindow
GetClassNameA
IsWindow
GetSubMenu
GetMenuItemID
DeleteMenu
InsertMenuA
CheckRadioButton
IsDlgButtonChecked
CheckDlgButton
InvertRect
DrawFocusRect
SendNotifyMessageA
ReleaseDC
GetDC
IntersectRect
GetMenuStringA
TrackPopupMenuEx
KillTimer
PostThreadMessageA
GetWindowDC
GetSysColorBrush
SetPropA
SetTimer
PostMessageA
MsgWaitForMultipleObjects
PeekMessageA
GetPropA
DefWindowProcA
CallWindowProcA
GetParent
GetWindowTextA
FrameRect
GetFocus
BeginPaint
EndPaint
ClientToScreen
GetCursorPos
FillRect
DrawTextA
InvalidateRect
LoadCursorA
SetWindowPos
ReleaseCapture
SetCapture
SetCursor
LoadIconA
LoadMenuA
DialogBoxParamA
DialogBoxIndirectParamA
CreateDialogParamA
SetWindowLongA
GetWindowRect
ScreenToClient
GetDesktopWindow
GetDlgItemInt
SetDlgItemInt
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
EnableWindow
RegisterDeviceNotificationA
LoadAcceleratorsA
SetCursorPos
TrackPopupMenu
CheckMenuItem
GetMenuItemCount
RemoveMenu
EnableMenuItem
ModifyMenuA
CreatePopupMenu
AppendMenuA
DestroyMenu
SetFocus
DestroyWindow
GetClientRect
GetWindowLongA
CreateWindowExA
InflateRect
MoveWindow
SendMessageA
LoadImageA
ShowWindow
MessageBoxA
EndDialog
GetSysColor
LoadStringA
SetActiveWindow
SetDlgItemTextA
GetMenu
RemovePropA

gdi32

SelectObject
MoveToEx
GetObjectA
SetBkColor
CreatePen
GetDeviceCaps
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreatePatternBrush
LineTo
CreateSolidBrush
DeleteObject
GetStockObject
ExtCreatePen
CreateFontA
SetTextColor
SetBkMode

winspool.drv

OpenPrinterA
GetPrinterA
AddFormA
SetPrinterA
ClosePrinter
DeleteFormA

comdlg32

GetSaveFileNameA
ChooseColorA
GetOpenFileNameA

advapi32

RegCreateKeyExA
RegQueryValueExW
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegCreateKeyA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

ole32

CLSIDFromProgID
CLSIDFromString
OleRun
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
StgCreateDocfile
StgOpenStorage
CoCreateGuid

oleaut32

VariantInit
VariantClear
SysAllocStringLen
VariantCopy
SysFreeString
SysAllocString
VariantChangeType

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af139f9919a525319739507d9f356982

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

69:b3:f0:85:55:16:b8:86:5a:44:a9:b1:e4:1b:f7:9cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

87:f2:8e:14:28:02:33:7c:71:a5:41:8c:00:04:5f:cc:15:78:2b:3eSigner

Headers

File Characteristics

Imports

winmm

wininet

msimg32

comctl32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 312KB - Virtual size: 311KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 132KB - Virtual size: 130KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

69:b3:f0:85:55:16:b8:86:5a:44:a9:b1:e4:1b:f7:9c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

87:f2:8e:14:28:02:33:7c:71:a5:41:8c:00:04:5f:cc:15:78:2b:3e
Signer

.text
Size: 312KB - Virtual size: 311KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 132KB - Virtual size: 130KB