ad8c5e1e57d67f371ae8b72ce171d25b7107f45a1222499e439419f3e9d9e203_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ad8c5e1e57d67f371ae8b72ce171d25b7107f45a1222499e439419f3e9d9e203_NeikiAnalytics.exe
Size

2.6MB
MD5

fe9f29a700dac35f01b46d032380a4b0
SHA1

f6b37c5f8e6d8cbccb74fb4be84dde28861c9a8f
SHA256

ad8c5e1e57d67f371ae8b72ce171d25b7107f45a1222499e439419f3e9d9e203
SHA512

eb835d67291c828a41e5db03a6ca93ca890eea0b21a9a9c48afc387d5cae0b180a2d5733bbfb35d2f2e0b762c07b820bd4aaae3956d1b6f5dd914b4796a0fff2
SSDEEP

3072:OhNCnmgFWvOUISETP7mLcSSkvkdRVWuffT4j4ycYPW/seYqv:PmpUTPokkvkdRVWSL93UK

Score

1^/10

Malware Config

Signatures

Files

ad8c5e1e57d67f371ae8b72ce171d25b7107f45a1222499e439419f3e9d9e203_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

4ff9a7347f4b6c3dbff279421f5aa22f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7b:39:8f:f8:0d:f3:08:71:d7:0d:c9:86:3f:22:5a:56
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/12/2015, 00:00

Not After

15/01/2019, 23:59

Subject

CN=X-Rite Incorporated,O=X-Rite Incorporated,L=Grand Rapids,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:65:d0:1a:93:a8:c0:4d:91:0f:74:b6:12:4f:74:09:7e:b0:fb:28:ac:f5:2f:ae:fc:14:eb:16:68:9d:6d:b4
Signer

Actual PE Digest

79:65:d0:1a:93:a8:c0:4d:91:0f:74:b6:12:4f:74:09:7e:b0:fb:28:ac:f5:2f:ae:fc:14:eb:16:68:9d:6d:b4

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp71

?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr71

_controlfp
__set_app_type
__p__fmode
__p__commode
__CxxFrameHandler
malloc
free
_except_handler3
??3@YAXPAX@Z
__security_error_handler
_setmbcp
memset
_stricmp
__RTDynamicCast
_strdup
sscanf
_CIpow
gmtime
time
sprintf
fclose
fopen
memmove
strstr
strrchr
strchr
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_access
fread
fseek
ftell
exit
_callnewh
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

mfc71

ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4265
ord4250
ord2430
ord6275
ord1084
ord2371
ord757
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord2731
ord1920
ord2931
ord5224
ord5226
ord3948
ord5230
ord5213
ord5566
ord2838
ord2990
ord4481
ord4261
ord3333
ord566
ord4568
ord6067
ord6090
ord5705
ord1743
ord1716
ord4031
ord5975
ord1054
ord3682
ord3591
ord1903
ord4444
ord4443
ord4790
ord4204
ord4781
ord4980
ord4591
ord4777
ord4386
ord4401
ord4399
ord4381
ord4384
ord4379
ord4864
ord4861
ord3974
ord3946
ord5151
ord1908
ord5214
ord4282
ord3344
ord1361
ord1964
ord4273
ord565
ord756
ord5174
ord2264
ord4306
ord3648
ord3466
ord4041
ord2869
ord2096
ord1648
ord1592
ord6014
ord4197
ord3929
ord5355
ord3987
ord1912
ord2081
ord2077
ord2039
ord1353
ord1343
ord1350
ord4241
ord5145
ord6269
ord5202
ord5172
ord1962
ord2982
ord3318
ord553
ord742
ord2875
ord1651
ord1595
ord4198
ord1352
ord1345
ord1351
ord4966
ord5161
ord2984
ord3325
ord562
ord751
ord5012
ord2939
ord943
ord4019
ord4015
ord1395
ord4125
ord2003
ord2145
ord2144
ord5725
ord5859
ord4299
ord5165
ord5205
ord2537
ord4952
ord784
ord5894
ord395
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord2402
ord5200
ord1599
ord1655
ord1656
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2408
ord2413
ord2394
ord2410
ord934
ord930
ord932
ord928
ord923
ord5960
ord1600
ord4277
ord4722
ord3403
ord1306
ord2173
ord4185
ord5073
ord5148
ord4244
ord1402
ord3945
ord1617
ord1620
ord5915
ord1557
ord2424
ord2425
ord5356
ord4904
ord4135
ord4309
ord5009
ord2615
ord1913
ord2246
ord635
ord2372
ord1207
ord3832
ord5584

kernel32

ExitProcess
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
DeleteCriticalSection
InitializeCriticalSection
GetStartupInfoA
GetTickCount
GlobalFlags
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FindNextFileA
FindClose
GetCurrentDirectoryA
GlobalSize
FindResourceA
LoadResource
LockResource
SizeofResource
FindFirstFileA
GetModuleHandleA
GetCommandLineA
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
CloseHandle
GetLastError
GetVersionExA
GetModuleFileNameA

user32

DrawMenuBar
GetMenuItemCount
GetMenuItemInfoA
ShowCursor
SetCursor
LoadCursorA
SystemParametersInfoA
RedrawWindow
SetWindowPos
MessageBoxA
ScreenToClient
GetDC
ReleaseDC
MoveWindow
GetKeyState
GetMenu
IsDialogMessageA
LoadStringA
GetWindowRect
GetClientRect
GetParent
SendMessageA
GetDesktopWindow
SetActiveWindow
UpdateWindow
EnableMenuItem
EnableWindow
IsZoomed
ShowWindow
IsIconic
SetForegroundWindow
RegisterWindowMessageA
GetSystemMenu
RemoveMenu

gdi32

DeleteObject
GetDeviceCaps
SetDeviceGammaRamp
GetDeviceGammaRamp
GetICMProfileA
DeleteDC
CreateDCA
CreatePen
CreateSolidBrush

advapi32

RegEnumKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyA

shell32

DragQueryFileA
DragFinish
DragAcceptFiles

comctl32

InitCommonControlsEx

ole32

OleUninitialize
OleInitialize

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 572KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4ff9a7347f4b6c3dbff279421f5aa22f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7b:39:8f:f8:0d:f3:08:71:d7:0d:c9:86:3f:22:5a:56Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

79:65:d0:1a:93:a8:c0:4d:91:0f:74:b6:12:4f:74:09:7e:b0:fb:28:ac:f5:2f:ae:fc:14:eb:16:68:9d:6d:b4Signer

Headers

File Characteristics

Imports

msvcp71

msvcr71

mfc71

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 572KB - Virtual size: 570KB

.data Size: 36KB - Virtual size: 40KB

Shared Size: 8KB - Virtual size: 4KB

Size: 2.0MB - Virtual size: 2.0MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7b:39:8f:f8:0d:f3:08:71:d7:0d:c9:86:3f:22:5a:56
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

79:65:d0:1a:93:a8:c0:4d:91:0f:74:b6:12:4f:74:09:7e:b0:fb:28:ac:f5:2f:ae:fc:14:eb:16:68:9d:6d:b4
Signer

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 572KB - Virtual size: 570KB

.data
Size: 36KB - Virtual size: 40KB

Shared
Size: 8KB - Virtual size: 4KB