5c52603bedf2291743bd9426d703892da0882f3bcf9bc97adf48a1177ee49084_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5c52603bedf2291743bd9426d703892da0882f3bcf9bc97adf48a1177ee49084_NeikiAnalytics.exe
Size

270KB
MD5

7f1b72c40c5ac83e2fb042d62319ad40
SHA1

e6b153350c680616bab056f61b9011f2e9fc13e2
SHA256

5c52603bedf2291743bd9426d703892da0882f3bcf9bc97adf48a1177ee49084
SHA512

0d7cc4dd14b4fc0c617b424ba08bea585d721972e2114581fc7c1be690cc86f443083ff10350bb14862a2373950af26ef29e5f7802889356118c73f2edfe86d0
SSDEEP

6144:tG/RlgEf1jeoLhCrlbdFrAGKPTzy1uk1nU2EL5LfLFK:tYzcBBeGKrzy1J1ndE6

Score

1^/10

Malware Config

Signatures

Files

5c52603bedf2291743bd9426d703892da0882f3bcf9bc97adf48a1177ee49084_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

9fac7d3b0a6c34dc756d9c81d0318e65

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:f1:bc:ce:b9:b0:86:67:c7:70:f5:56:15:38:63:49
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

10/10/2011, 00:00

Not After

07/11/2013, 23:59

Subject

CN=JetBrains s.r.o.,OU=SOFTWARE,O=JetBrains s.r.o.,L=Prague,ST=NA,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
WriteFile
CreateFileW
Sleep
GetTickCount
GetTempFileNameW
GetTempPathW
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
HeapCreate
GetStartupInfoW
HeapSetInformation
RtlUnwind
EncodePointer
DecodePointer
GetModuleFileNameW
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
ExitProcess
GetCPInfo
MulDiv
lstrcmpW
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
WideCharToMultiByte
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetLastError
lstrlenW
lstrcpynW
lstrcpynA
GetVersionExW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThreadId
CreateEventW
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
SetEvent
WaitForSingleObject
HeapSize
CloseHandle

user32

DialogBoxParamW
MessageBoxW
EndDialog
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetActiveWindow
LoadAcceleratorsW
CreateAcceleratorTableW
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
GetCursorPos
SetDlgItemTextW
LoadMenuW
DestroyWindow
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
MoveWindow
CharNextW
GetSysColor
SystemParametersInfoW
TrackPopupMenu
SetForegroundWindow
FindWindowW
GetDoubleClickTime
KillTimer
SetTimer
SetMenuItemInfoW
GetMenuState
GetSubMenu
SetCursor
CreateWindowExW
PtInRect
IsWindow
MessageBeep
TrackPopupMenuEx
AnimateWindow
LoadStringA
PostQuitMessage
LoadStringW
CallWindowProcW
MonitorFromPoint
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
DestroyMenu
CreatePopupMenu
InvalidateRect
PostThreadMessageW
SetFocus
GetClassInfoExW
LoadCursorW
wsprintfW
LoadImageW
RegisterClassExW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
SendMessageW
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
ShowWindow
SetWindowPos
GetWindowLongW
SetWindowLongW
PostMessageW
RegisterWindowMessageW
UnregisterClassA

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
DeleteObject
SelectObject

advapi32

RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW
Shell_NotifyIconW

ole32

OleUninitialize
CoTaskMemRealloc
CoInitialize
CoUninitialize
StringFromCLSID
CoTaskMemFree
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2

oleaut32

SysAllocString
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysStringLen

winhttp

WinHttpReadData
WinHttpOpen
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpCloseHandle

comctl32

InitCommonControlsEx

urlmon

CoInternetSetFeatureEnabled

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fac7d3b0a6c34dc756d9c81d0318e65

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1b:f1:bc:ce:b9:b0:86:67:c7:70:f5:56:15:38:63:49Certificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winhttp

comctl32

urlmon

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 13KB - Virtual size: 21KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 20KB - Virtual size: 19KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:f1:bc:ce:b9:b0:86:67:c7:70:f5:56:15:38:63:49
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 13KB - Virtual size: 21KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 20KB - Virtual size: 19KB