45279ff3e1eb63c6d893eaf1ff8e093698d2a5d64ec8925e15ab6843dd776142_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

45279ff3e1eb63c6d893eaf1ff8e093698d2a5d64ec8925e15ab6843dd776142_NeikiAnalytics.exe
Size

247KB
MD5

828234f46811e6d81f8791c5085f47b0
SHA1

b69317f2666f37d13c370d2b9de221d2a6861a23
SHA256

45279ff3e1eb63c6d893eaf1ff8e093698d2a5d64ec8925e15ab6843dd776142
SHA512

94dcfd694959116bef25c4df01da13ea4bec7619328c27d5bce214e7bab5677d30c2c67e757e0fd597364917750a2d847cec15dd8124b4195481444aa7db0873
SSDEEP

3072:2kaYUdx+pfgLczn58pzb9G7Rh0MIjPNiX29iKbO046mIX7KZGtu9:daYUOpfy+SzbwcM8AsbO0h7Kr9

Score

1^/10

Malware Config

Signatures

Files

45279ff3e1eb63c6d893eaf1ff8e093698d2a5d64ec8925e15ab6843dd776142_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

57f3d0f235120aae220d570ac3513f23

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:9d:17:8a:d3:34:ac:df:47:c8:a0:d1:5b:b5:0e:6e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

18/03/2014, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:df:a4:e6:7a:0c:55:b9:60:7b:a5:f4:31:ce:94:24:65:90:17:c7
Signer

Actual PE Digest

09:df:a4:e6:7a:0c:55:b9:60:7b:a5:f4:31:ce:94:24:65:90:17:c7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\DCE_7.1\src\TrendSystemCleaner\RegBootClean\Win32\Release\RegBootClean.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

DuplicateHandle
CreateFileMappingW
GetFileAttributesW
MapViewOfFile
SetLastError
GetTickCount
UnmapViewOfFile
GetPrivateProfileStringW
SetFilePointer
InitializeCriticalSection
CreateFileW
WriteFile
ReadFile
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetExitCodeProcess
DeleteCriticalSection
LocalFree
GetCurrentProcessId
OpenProcess
DeleteFileW
GetWindowsDirectoryW
GetModuleFileNameW
FreeConsole
CreateProcessW
SetErrorMode
CloseHandle
GetProcAddress
GetLastError
LoadLibraryW
GetCurrentProcess
FreeLibrary
SetEndOfFile
CompareStringA
CompareStringW
Sleep
SetEnvironmentVariableA
GetTimeZoneInformation
LoadLibraryA
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetDriveTypeW
FindFirstFileW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetCurrentDirectoryA
GetFullPathNameW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

advapi32

OpenServiceW
QueryServiceStatus
RegQueryValueExW
OpenSCManagerW
CloseServiceHandle
GetSecurityDescriptorDacl
RegSetValueExW
RegCloseKey
GetLengthSid
AddAce
RegOpenKeyExW
RegSetKeySecurity
AddAccessAllowedAce
GetSecurityDescriptorOwner
InitializeAcl
RegDeleteValueW
GetNamedSecurityInfoW
GetSecurityInfo
RegGetKeySecurity
GetAce
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
RegDeleteKeyW
InitializeSecurityDescriptor
RegQueryInfoKeyW
GetAclInformation
RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ControlService

setupapi

InstallHinfSectionW

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57f3d0f235120aae220d570ac3513f23

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

1a:9d:17:8a:d3:34:ac:df:47:c8:a0:d1:5b:b5:0e:6eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

09:df:a4:e6:7a:0c:55:b9:60:7b:a5:f4:31:ce:94:24:65:90:17:c7Signer

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

advapi32

setupapi

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 176B

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

1a:9d:17:8a:d3:34:ac:df:47:c8:a0:d1:5b:b5:0e:6e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

09:df:a4:e6:7a:0c:55:b9:60:7b:a5:f4:31:ce:94:24:65:90:17:c7
Signer

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 176B