b6ce116fce1f31667af19c29fd7db5a6830471039beeafd16c55fc57d18e205a_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b6ce116fce1f31667af19c29fd7db5a6830471039beeafd16c55fc57d18e205a_NeikiAnalytics.exe
Size

3.7MB
MD5

9a7da2359adcfaf8163e2d0b980e4e30
SHA1

a374f61a07e5e6a57c488f2c55ff9fe1da12a618
SHA256

b6ce116fce1f31667af19c29fd7db5a6830471039beeafd16c55fc57d18e205a
SHA512

cc5c16ea501e9170f954d9236dd8dfa70f5253f730e4e4872daad04bd3c9e49e5003dd5ade84bf4df7c61387e4565028c064b71104b384ff9d0fb1ea3d222e3e
SSDEEP

98304:qRKo2vgdwLmk42mwTFyj0Sm8iPowlHA6Rm:qjDA7FK0SvLwlg9

Score

1^/10

Malware Config

Signatures

Files

b6ce116fce1f31667af19c29fd7db5a6830471039beeafd16c55fc57d18e205a_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

58ab4ef21b95bbe3340b829c70208e1f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9a:15:3e:01:3c:8d:3b:1c:c7:38:42:79:4a:af:cc:66
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14/05/2019, 00:00

Not After

13/05/2020, 23:59

Subject

CN=Microworld Technologies Inc.,O=Microworld Technologies Inc.,POSTALCODE=48335,STREET=39555 Orchard Hill Place\, Suite 600,L=Novi,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:15:3e:01:3c:8d:3b:1c:c7:38:42:79:4a:af:cc:66
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14/05/2019, 00:00

Not After

13/05/2020, 23:59

Subject

CN=Microworld Technologies Inc.,O=Microworld Technologies Inc.,POSTALCODE=48335,STREET=39555 Orchard Hill Place\, Suite 600,L=Novi,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f6:02:3f:f2:f8:49:03:ef:ff:6d:27:e0:07:a9:9c:d1:76:36:cf:7e:62:82:45:cf:b8:5d:2b:c0:e8:a4:0c:bc
Signer

Actual PE Digest

f6:02:3f:f2:f8:49:03:ef:ff:6d:27:e0:07:a9:9c:d1:76:36:cf:7e:62:82:45:cf:b8:5d:2b:c0:e8:a4:0c:bc

Digest Algorithm

sha256

PE Digest Matches

false

0b:23:28:0f:5f:69:7d:af:e3:d2:1a:c7:67:45:fc:03:13:1a:54:c7
Signer

Actual PE Digest

0b:23:28:0f:5f:69:7d:af:e3:d2:1a:c7:67:45:fc:03:13:1a:54:c7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

sndPlaySoundA

shlwapi

StrChrIA

netapi32

Netbios

ws2_32

recv
ntohs
getservbyport
gethostbyaddr
htons
inet_addr
socket
closesocket
send
WSAIoctl
WSARecv
select
inet_ntoa
gethostbyname
WSAGetLastError
WSASetLastError
ntohl
ioctlsocket
htonl
connect

winhttp

WinHttpConnect
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpCloseHandle
WinHttpSetDefaultProxyConfiguration
WinHttpOpen
WinHttpCrackUrl

kernel32

GetFileAttributesA
WriteFile
CloseHandle
GetFileSize
GetProcAddress
SetFileAttributesA
ReleaseMutex
CompareFileTime
MoveFileA
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationA
ResetEvent
FreeLibrary
LoadLibraryA
GetCurrentDirectoryA
WaitForMultipleObjects
GetCurrentProcessId
GetModuleFileNameA
LocalAlloc
TerminateThread
ReadFile
ResumeThread
CreateProcessA
CreatePipe
GetExitCodeProcess
GetLongPathNameA
GetProcessTimes
SetFilePointer
GetCurrentThreadId
GetSystemTime
FileTimeToSystemTime
MoveFileExA
UnmapViewOfFile
DeleteCriticalSection
SetFileTime
MapViewOfFile
InitializeCriticalSection
GetTimeFormatA
FlushInstructionCache
WriteProcessMemory
VirtualProtect
GetCurrentProcess
VirtualQuery
LoadLibraryExA
WideCharToMultiByte
GetModuleHandleW
FindNextFileW
GetComputerNameW
OpenEventA
MoveFileExW
CreateFileMappingA
GetFileAttributesW
ReadDirectoryChangesW
InterlockedExchangeAdd
lstrcmpW
lstrcmpiA
ProcessIdToSessionId
OpenFileMappingA
GetFullPathNameA
lstrcmpA
FileTimeToLocalFileTime
GetDiskFreeSpaceExA
GetDriveTypeA
WinExec
InitializeCriticalSectionAndSpinCount
GetPrivateProfileSectionNamesA
GetVersion
TerminateProcess
GetCurrentThread
OpenProcess
HeapFree
GetProcessHeap
HeapAlloc
GetDiskFreeSpaceA
lstrcpynA
AreFileApisANSI
FindFirstFileA
SystemTimeToFileTime
CreateThread
CreateFileA
LocalFileTimeToFileTime
FindNextFileA
GetSystemDefaultLangID
WritePrivateProfileStringA
WritePrivateProfileSectionA
GetTimeZoneInformation
GlobalMemoryStatus
GlobalMemoryStatusEx
GetSystemInfo
GetLocaleInfoA
SizeofResource
LoadResource
FindResourceA
SetThreadPriority
InterlockedExchange
GetStartupInfoA
DeleteFileW
DeleteFileA
FindFirstFileW
GetShortPathNameW
WriteProfileStringA
SetEndOfFile
GetFileTime
CreateDirectoryW
FlushFileBuffers
SetPriorityClass
SetProcessWorkingSetSize
SetFileAttributesW
SetEnvironmentVariableA
GetEnvironmentVariableA
_llseek
OpenMutexA
CopyFileW
GetProfileStringA
GetWindowsDirectoryA
GetThreadLocale
VirtualFreeEx
VirtualAllocEx
GetPrivateProfileSectionA
ExpandEnvironmentStringsA
ReadProcessMemory
HeapReAlloc
QueryDosDeviceA
QueryDosDeviceW
DuplicateHandle
CreateMutexA
GetThreadSelectorEntry
GetSystemPowerStatus
CreateRemoteThread
SetSystemTime
SystemTimeToTzSpecificLocalTime
OutputDebugStringW
OutputDebugStringA
UnlockFileEx
UnlockFile
QueryPerformanceCounter
LockFileEx
LockFile
LoadLibraryW
HeapCompact
HeapValidate
HeapSize
HeapDestroy
HeapCreate
GetVersionExW
GetTempPathW
GetSystemTimeAsFileTime
GetFullPathNameW
GetFileAttributesExW
GetDiskFreeSpaceW
FormatMessageW
CreateMutexW
CreateFileMappingW
InterlockedCompareExchange
WaitForSingleObjectEx
GetExitCodeThread
RemoveDirectoryA
GetSystemDirectoryA
GetShortPathNameA
SetCurrentDirectoryA
SetLastError
GetLocalTime
GetDateFormatA
GetComputerNameA
WaitForSingleObject
CreateEventA
EnterCriticalSection
LeaveCriticalSection
CreateFileW
DeviceIoControl
InterlockedDecrement
SetEvent
InterlockedIncrement
MultiByteToWideChar
GetTempPathA
GetTempFileNameA
GetModuleHandleA
FormatMessageA
LocalFree
lstrlenA
GetLastError
FindClose
GetPrivateProfileStringA
GetTickCount
Sleep
GetVersionExA
lstrcatA
lstrcpyA
CreateDirectoryA
CopyFileA
ExitThread
RtlUnwind
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetFileType
GetCommandLineA
GetCPInfo
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetConsoleCP
GetConsoleMode
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringA
CompareStringW
SetFilePointerEx
GetFileSizeEx
GetFileInformationByHandle

user32

GetDesktopWindow
FindWindowExA
SendInput
OpenDesktopA
CloseDesktop
GetForegroundWindow
GetUserObjectSecurity
CreateCursor
LoadCursorA
SetSystemCursor
DestroyCursor
BringWindowToTop
SetActiveWindow
SetForegroundWindow
IsIconic
EnumWindows
SetCursorPos
GetClassNameA
GetWindowTextA
SendMessageA
GetSystemMetrics
ShowWindow
IsWindowVisible
RegisterWindowMessageA
PostMessageA
CharUpperA
RegisterClassA
CreateWindowExA
DefWindowProcA
PostQuitMessage
SystemParametersInfoA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
CharLowerA
GetCursorPos
MessageBoxA
CloseWindowStation
OpenInputDesktop
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationA
wsprintfA
AttachThreadInput
GetWindowRect
CopyImage
RedrawWindow
GetWindowLongA
PostThreadMessageA
LoadIconA
SetTimer
GetWindowThreadProcessId

gdi32

GetStockObject

winspool.drv

EnumPrintersW

advapi32

GetUserNameA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
CreateServiceA
SetServiceStatus
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
StartServiceA
ControlService
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
ImpersonateLoggedOnUser
LookupAccountNameW
DuplicateTokenEx
RegCloseKey
RegQueryValueExA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyA
RegDeleteKeyA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegNotifyChangeKeyValue
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryInfoKeyA
RevertToSelf
RegEnumValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
OpenThreadToken
RegCreateKeyExA
LookupAccountNameA
CreateProcessAsUserA
DeleteService
DeregisterEventSource
ReportEventA
RegisterEventSourceA
LookupAccountSidA
GetTokenInformation
IsValidSid
GetSecurityDescriptorOwner
EnumDependentServicesA
GetSidSubAuthority
GetSidSubAuthorityCount
FreeSid
EqualSid
AllocateAndInitializeSid
ChangeServiceConfigA
QueryServiceConfigA
GetSecurityDescriptorSacl
DuplicateToken

shell32

SHCreateDirectoryExA
SHGetMalloc
SHGetDesktopFolder
SHGetPathFromIDListA

ole32

CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CoInitialize
CoUninitialize

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit
SysStringLen

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 748KB - Virtual size: 747KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58ab4ef21b95bbe3340b829c70208e1f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

9a:15:3e:01:3c:8d:3b:1c:c7:38:42:79:4a:af:cc:66Certificate

Extended Key Usages

Key Usages

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

9a:15:3e:01:3c:8d:3b:1c:c7:38:42:79:4a:af:cc:66Certificate

Extended Key Usages

Key Usages

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

f6:02:3f:f2:f8:49:03:ef:ff:6d:27:e0:07:a9:9c:d1:76:36:cf:7e:62:82:45:cf:b8:5d:2b:c0:e8:a4:0c:bcSigner

0b:23:28:0f:5f:69:7d:af:e3:d2:1a:c7:67:45:fc:03:13:1a:54:c7Signer

Headers

DLL Characteristics

File Characteristics

Imports

winmm

shlwapi

netapi32

ws2_32

winhttp

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 437KB - Virtual size: 436KB

.data Size: 202KB - Virtual size: 972KB

.rsrc Size: 748KB - Virtual size: 747KB

.reloc Size: 168KB - Virtual size: 168KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

9a:15:3e:01:3c:8d:3b:1c:c7:38:42:79:4a:af:cc:66
Certificate

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

9a:15:3e:01:3c:8d:3b:1c:c7:38:42:79:4a:af:cc:66
Certificate

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

f6:02:3f:f2:f8:49:03:ef:ff:6d:27:e0:07:a9:9c:d1:76:36:cf:7e:62:82:45:cf:b8:5d:2b:c0:e8:a4:0c:bc
Signer

0b:23:28:0f:5f:69:7d:af:e3:d2:1a:c7:67:45:fc:03:13:1a:54:c7
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 437KB - Virtual size: 436KB

.data
Size: 202KB - Virtual size: 972KB

.rsrc
Size: 748KB - Virtual size: 747KB

.reloc
Size: 168KB - Virtual size: 168KB