4a70ec12e64d1c30d07862ae2293955bfe5ea4b3a1e137e3d8c94a0f10901725_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4a70ec12e64d1c30d07862ae2293955bfe5ea4b3a1e137e3d8c94a0f10901725_NeikiAnalytics.exe
Size

1.7MB
MD5

d134cfffeecfb01037177ccec5e5f0b0
SHA1

07aed9d5740d6ea54e820943426d86ef3a5f6a6d
SHA256

4a70ec12e64d1c30d07862ae2293955bfe5ea4b3a1e137e3d8c94a0f10901725
SHA512

7d113ac14735d0457f2888f8ac0302226ce941c4aed3ec951a4238749a614540208f0d614fdcfdbe07e77977d91b0fbaaeaa33dfb6c89aea2a972d7844ebdc97
SSDEEP

49152:Y05f3Q60NQ2ByAzvdYPxus6cF47Vkj7URLHkJigQU/CIabjKoh9WINX:FQ6+Q2ByAzvdYPAxeQDbrFIabjKoh9Wa

Score

1^/10

Malware Config

Signatures

Files

4a70ec12e64d1c30d07862ae2293955bfe5ea4b3a1e137e3d8c94a0f10901725_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x86 arch:x86

b8e67b348a4e4a9bb0f329e45c9aa85b

Code Sign

33:00:00:00:88:59:0e:3c:51:1f:e2:6a:67:00:01:00:00:00:88
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

26-07-2012 20:50

Not After

26-10-2013 20:50

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:02:8e:42:00:00:00:00:00:1f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09-01-2012 22:25

Not After

09-04-2013 22:25

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:c0:0f:80:09:ea:77:d4:c8:42:75:af:6c:fb:3d:93:72:35:34:1f
Signer

Actual PE Digest

d9:c0:0f:80:09:ea:77:d4:c8:42:75:af:6c:fb:3d:93:72:35:34:1f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

P:\Target\x86\ship\groove\x-none\grooveex.pdb

Imports

msvcr100

_lock
__dllonexit
_unlock
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
memmove
_vsnprintf_s
_snwprintf_s
bsearch
memcpy
wcsncat_s
wcscat_s
_wsplitpath_s
_wfullpath
div
wcsncpy_s
free
_recalloc
swprintf_s
??_V@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
??2@YAPAXI@Z
_invalid_parameter_noinfo_noreturn
memcpy_s
memmove_s
??_U@YAPAXI@Z
memset
malloc
realloc
wcschr
wcscpy_s
wcsncmp
_onexit
wcsrchr
wcsstr
wcstok_s
_wcsicmp
_wcsnicmp
_set_errno
_get_errno
calloc
_ltow_s
_ultow_s
wcstod
wcstol
wcstoul
_vsnwprintf_s
localeconv
_HUGE
strncpy_s
_wtof
_wtoi
_snprintf_s
vswprintf_s
swscanf_s
_localtime64_s
_beginthread
_beginthreadex
_endthreadex
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
_ftime64_s
?what@exception@std@@UBEPBDXZ
memcmp
towlower
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
wcspbrk
??3@YAXPAX@Z
__lconv_init
??0exception@std@@QAE@ABQBDH@Z
wcscmp
vsprintf_s
_i64tow_s

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

atl100

ord68
ord26
ord53
ord52
ord51
ord50
ord64
ord15
ord11
ord10
ord27
ord61
ord44
ord43
ord58
ord23
ord31
ord30
ord32
ord56
ord49

advapi32

AddAccessDeniedAce
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
TraceEvent
GetLengthSid
IsValidSid
UnregisterTraceGuids
EventWrite
RegQueryValueExA
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegGetValueW
RegOpenKeyExA
RegEnumValueW
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorDacl
FreeSid
EqualSid
CreateWellKnownSid
CopySid
CheckTokenMembership
AllocateAndInitializeSid
GetTraceEnableFlags
AddAccessAllowedAce
EventUnregister
EventRegister

gdi32

GetDeviceCaps
RestoreDC
DeleteMetaFile
SetMapMode
SetTextAlign
CreateRectRgnIndirect
CreateMetaFileW
CloseMetaFile
SetViewportOrgEx
LPtoDP
SetLayout
DeleteObject
DeleteDC
SaveDC
TextOutW
SetWindowExtEx
SetWindowOrgEx

kernel32

GetUserDefaultUILanguage
WaitForMultipleObjectsEx
CreateMutexA
CreateEventA
CreateProcessA
CreateFileMappingA
OpenMutexA
HeapSetInformation
VirtualProtect
WerRegisterMemoryBlock
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
UnhandledExceptionFilter
IsProcessorFeaturePresent
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetStringTypeExW
FlsAlloc
FlsGetValue
FlsFree
GetModuleHandleExW
LoadLibraryA
GetFileType
GetModuleFileNameA
GetShortPathNameA
GetCurrentThread
RtlCaptureStackBackTrace
GetFileAttributesW
OutputDebugStringA
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetVersion
GetVersionExW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
FlushInstructionCache
VirtualQuery
CloseHandle
LocalAlloc
LocalFree
FindAtomW
GetCurrentThreadId
FreeLibrary
LoadLibraryExW
lstrlenA
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
GetCommandLineW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
GetFileSize
GetLongPathNameW
GetTempFileNameW
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
WriteFile
GetTempPathW
IsDebuggerPresent
DebugBreak
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
HeapFree
InitializeCriticalSection
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
Sleep
GetCurrentProcessId
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GlobalMemoryStatusEx
GetSystemTime
GetTickCount
IsWow64Process
GlobalLock
GlobalUnlock
WaitForMultipleObjects
FormatMessageW
lstrcmpiW
lstrlenW
CreateSemaphoreW
CopyFileW
MoveFileW
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
GetFileInformationByHandleEx
GetTimeFormatW
GetStringTypeW
GetACP
GetLocaleInfoW
GetNumberFormatW
GetCurrencyFormatW
ConvertDefaultLocale
EnumSystemLocalesW
GetSystemInfo
SetUnhandledExceptionFilter
GetDateFormatW
GetCurrentDirectoryW
CompareFileTime
FileTimeToLocalFileTime
GetDiskFreeSpaceExW
LocalFileTimeToFileTime
SetFileTime
ReleaseSemaphore
GetWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
LoadResource
LockResource
SizeofResource
GlobalMemoryStatus
FindResourceW
QueueUserWorkItem
GlobalAlloc
InitializeCriticalSectionEx
IsValidLocale
GetSystemDefaultLCID
CompareStringEx
LCIDToLocaleName
LocaleNameToLCID
GetUserDefaultLocaleName
GetSystemDefaultLocaleName
GetUserDefaultLangID
GetLocaleInfoEx
EnumCalendarInfoExEx
EnumSystemLocalesEx
GetDateFormatEx
GetCalendarInfoEx
EnumDateFormatsExEx
EnumTimeFormatsEx
GetProcessHeap
GetThreadUILanguage
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount64
DuplicateHandle
WaitForSingleObjectEx
GlobalFree
RaiseFailFastException
GetFileAttributesExW
GetSystemDirectoryW
GetNativeSystemInfo
GetProductInfo
GetUserGeoID

ole32

CoCreateInstance
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
CreateDataAdviseHolder
CoCreateGuid
ProgIDFromCLSID
IIDFromString
CoTaskMemAlloc
CoTaskMemFree
StringFromIID
StringFromCLSID
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoUninitialize
CLSIDFromString
CLSIDFromProgID

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantInit
OleCreatePropertyFrame
DispCallFunc
LoadTypeLi
VarDateFromStr
VariantTimeToSystemTime
GetErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLibEx
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
SafeArrayCreateVector
SafeArrayGetVartype
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SafeArrayDestroy
SysReAllocStringLen
SysAllocStringLen
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ExecuteSPFSVerbW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 233KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8e67b348a4e4a9bb0f329e45c9aa85b

Code Sign

33:00:00:00:88:59:0e:3c:51:1f:e2:6a:67:00:01:00:00:00:88Certificate

Extended Key Usages

Key Usages

61:02:8e:42:00:00:00:00:00:1fCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

d9:c0:0f:80:09:ea:77:d4:c8:42:75:af:6c:fb:3d:93:72:35:34:1fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr100

msvcp100

atl100

advapi32

gdi32

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 233KB - Virtual size: 237KB

.rsrc Size: 343KB - Virtual size: 343KB

.reloc Size: 67KB - Virtual size: 66KB

33:00:00:00:88:59:0e:3c:51:1f:e2:6a:67:00:01:00:00:00:88
Certificate

61:02:8e:42:00:00:00:00:00:1f
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

d9:c0:0f:80:09:ea:77:d4:c8:42:75:af:6c:fb:3d:93:72:35:34:1f
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 233KB - Virtual size: 237KB

.rsrc
Size: 343KB - Virtual size: 343KB

.reloc
Size: 67KB - Virtual size: 66KB