b5eee8d3a728ac7dbf4693b02bba2bfa4bd02b473ea22ed7066b57a35a68a7f3_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b5eee8d3a728ac7dbf4693b02bba2bfa4bd02b473ea22ed7066b57a35a68a7f3_NeikiAnalytics.exe
Size

141KB
MD5

89a001c218bf1b73cc9ecbfcdb42e140
SHA1

6ebf7ada66cc883c7d01e8966c3f7dafb4051a13
SHA256

b5eee8d3a728ac7dbf4693b02bba2bfa4bd02b473ea22ed7066b57a35a68a7f3
SHA512

e4494320ae00a352952af065e6abd8b180da68ea8e6eb5333e632998878e468ae0656e673be00c5ccffc7be23603106dff935507610990dd04a1cdacd9ac9d7f
SSDEEP

3072:5OwF8uBGehLhW4URToq9vu+aW61KJtHgUunOX9CUE54NqS6YN14zoj:59FTVhNW4Uloq1uSfmUuOX9CDvSXNbj

Score

1^/10

Malware Config

Signatures

Files

b5eee8d3a728ac7dbf4693b02bba2bfa4bd02b473ea22ed7066b57a35a68a7f3_NeikiAnalytics.exe
.sys windows:6 windows x86 arch:x86

57807e584edb3a5405c7fe35bc437b7d

Code Sign

33:00:00:00:5a:ed:2f:f4:e4:20:99:3f:3a:00:00:00:00:00:5a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2014, 17:13

Not After

23/08/2015, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:26:9b:ce:dc:14:90:5b:aa:80:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/07/2014, 19:26

Not After

23/01/2015, 19:26

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

23:59:81:96:05:9b:b5:a5:b5:e4:05:76:66:ae:e1:09:e5:7a:4d:65
Signer

Actual PE Digest

23:59:81:96:05:9b:b5:a5:b5:e4:05:76:66:ae:e1:09:e5:7a:4d:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

classpnp.pdb

Imports

ntoskrnl.exe

RtlQueryRegistryValues
ZwCreateKey
RtlInitUnicodeString
IoOpenDeviceRegistryKey
ZwOpenKey
IoFreeIrp
IoFreeMdl
RtlCompareMemory
IoStopTimer
EtwWrite
IoGetDriverObjectExtension
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeQueryTimeIncrement
KeQuerySystemTime
_allmul
IoQueueWorkItem
IoAllocateWorkItem
IoReuseIrp
IofCallDriver
KeInitializeEvent
MmBuildMdlForNonPagedPool
IoAllocateMdl
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
ObfDereferenceObject
IoBuildDeviceIoControlRequest
IoGetAttachedDeviceReference
KeInitializeMutex
IoAllocateIrp
IoStartTimer
IoInitializeTimer
KeLeaveCriticalRegion
KeSetEvent
KeEnterCriticalRegion
KeGetCurrentThread
_vsnprintf
IoGetIoPriorityHint
EtwRegister
EtwUnregister
IoWMIWriteEvent
MmGetSystemRoutineAddress
IoWMIRegistrationControl
IofCompleteRequest
DbgPrintEx
IoUnregisterPriorityCallback
_allshl
_alldiv
IoGetPagingIoPriority
IoStartNextPacket
MmUnlockPages
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoInitializeIrp
KeSetTimerEx
KeTickCount
ZwClose
IoRegisterPriorityCallback
RtlCopyUnicodeString
IoAllocateDriverObjectExtension
IoStartPacket
IoSetHardErrorOrVerifyDevice
memmove
IoDeleteDevice
IoCreateDevice
RtlInitString
ObReferenceObjectByPointer
IoInvalidateDeviceRelations
MmProbeAndLockPages
KefReleaseSpinLockFromDpcLevel
KeBugCheckEx
KefAcquireSpinLockAtDpcLevel
_alldvrm
IoDetachDevice
ZwSetValueKey
KeInitializeDpc
KeInitializeTimer
ObfReferenceObject
KeBugCheck
KeDelayExecutionThread
RtlDeleteRegistryValue
_vsnwprintf
RtlTimeToTimeFields
InterlockedPopEntrySList
PoStartNextPowerIrp
PoCallDriver
PoSetPowerState
PoQueryWatchdogTime
InterlockedPushEntrySList
MmUnmapLockedPages
ExVerifySuite
IoBuildPartialMdl
KeCancelTimer
_aulldiv
KeSetTimer
KeInsertQueueDpc
strncmp
RtlWriteRegistryValue
IoReadPartitionTableEx
_aullrem
_allrem
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoGetDeviceObjectPointer
IoBuildSynchronousFsdRequest
RtlCompareUnicodeString
RtlAppendUnicodeStringToString
RtlInitAnsiString
IoGetConfigurationInformation
IoAttachDeviceToDeviceStack
KeRegisterBugCheckReasonCallback
KeDeregisterBugCheckReasonCallback
RtlUnwind
IoFreeWorkItem
KeWaitForSingleObject
KeReleaseMutex
memset
memcpy
ExAllocatePoolWithTag
IoReportTargetDeviceChangeAsynchronous
IoGetDeviceProperty
ExFreePoolWithTag
EtwEventEnabled
EtwProviderEnabled

hal

KeReleaseInStackQueuedSpinLock
KeGetCurrentIrql
KeQueryPerformanceCounter
KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeAcquireInStackQueuedSpinLock

Exports

Exports

ClassAcquireChildLock
ClassAcquireRemoveLockEx
ClassAsynchronousCompletion
ClassBuildRequest
ClassCheckMediaState
ClassClaimDevice
ClassCleanupMediaChangeDetection
ClassCompleteRequest
ClassCreateDeviceObject
ClassDebugPrint
ClassDeleteSrbLookasideList
ClassDeviceControl
ClassDisableMediaChangeDetection
ClassEnableMediaChangeDetection
ClassFindModePage
ClassForwardIrpSynchronous
ClassGetDescriptor
ClassGetDeviceParameter
ClassGetDriverExtension
ClassGetFsContext
ClassGetVpb
ClassInitialize
ClassInitializeEx
ClassInitializeMediaChangeDetection
ClassInitializeSrbLookasideList
ClassInitializeTestUnitPolling
ClassInternalIoControl
ClassInterpretSenseInfo
ClassInvalidateBusRelations
ClassIoComplete
ClassIoCompleteAssociated
ClassMarkChildMissing
ClassMarkChildrenMissing
ClassModeSense
ClassNotifyFailurePredicted
ClassQueryTimeOutRegistryValue
ClassReadDriveCapacity
ClassReleaseChildLock
ClassReleaseQueue
ClassReleaseRemoveLock
ClassRemoveDevice
ClassResetMediaChangeTimer
ClassScanForSpecial
ClassSendDeviceIoControlSynchronous
ClassSendIrpSynchronous
ClassSendNotification
ClassSendSrbAsynchronous
ClassSendSrbSynchronous
ClassSendStartUnit
ClassSetDeviceParameter
ClassSetFailurePredictionPoll
ClassSetMediaChangeState
ClassSignalCompletion
ClassSpinDownPowerHandler
ClassSplitRequest
ClassStopUnitPowerHandler
ClassUpdateInformationInRegistry
ClassWmiCompleteRequest
ClassWmiFireEvent
DllUnload

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57807e584edb3a5405c7fe35bc437b7d

Code Sign

33:00:00:00:5a:ed:2f:f4:e4:20:99:3f:3a:00:00:00:00:00:5aCertificate

Extended Key Usages

33:00:00:00:26:9b:ce:dc:14:90:5b:aa:80:00:00:00:00:00:26Certificate

Extended Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:07:02:dc:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

23:59:81:96:05:9b:b5:a5:b5:e4:05:76:66:ae:e1:09:e5:7a:4d:65Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 3KB

PAGE Size: 28KB - Virtual size: 27KB

.edata Size: 2KB - Virtual size: 2KB

PAGE Size: 2KB - Virtual size: 2KB

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 6KB - Virtual size: 6KB

33:00:00:00:5a:ed:2f:f4:e4:20:99:3f:3a:00:00:00:00:00:5a
Certificate

33:00:00:00:26:9b:ce:dc:14:90:5b:aa:80:00:00:00:00:00:26
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:07:02:dc:00:00:00:00:00:0b
Certificate

23:59:81:96:05:9b:b5:a5:b5:e4:05:76:66:ae:e1:09:e5:7a:4d:65
Signer

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 3KB

PAGE
Size: 28KB - Virtual size: 27KB

.edata
Size: 2KB - Virtual size: 2KB

PAGE
Size: 2KB - Virtual size: 2KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 6KB - Virtual size: 6KB