4dcd07182f7bfe199b4bbfddb99a1fa0_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4dcd07182f7bfe199b4bbfddb99a1fa0_NEIKI
Size

120KB
MD5

4dcd07182f7bfe199b4bbfddb99a1fa0
SHA1

ff141a0315c6578efe13960a608adbcc1c1087db
SHA256

f082474cfd6d3e9334f9973dff2e3ca2d2344a5be1a603af6bd524a728ff7dc6
SHA512

185e03c9ce9adfa3da40026dacc18ea14dade31d0be354c455e33bf54edd38dc8d1eb2d1ceb1cd41a4412830ddd67aa87cb28430a6ef2d0d0f338313583dc87c
SSDEEP

3072:KdnZSe/z6fCfnZ+agdRB2FCI3xHSwcLwPSQullv62:w1mq/EagdRB2FCI3xHSwcLwPyllv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dcd07182f7bfe199b4bbfddb99a1fa0_NEIKI

Files

4dcd07182f7bfe199b4bbfddb99a1fa0_NEIKI
.dll windows:4 windows x86 arch:x86

571938fefebfbd282fa2eb6201f6b1e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
_setjmp3
sprintf
exit
longjmp

kernel32

DisableThreadLibraryCalls
FreeLibrary
GetSystemTime
GetModuleFileNameA
GetEnvironmentVariableA
InterlockedExchange
GetCommandLineA
GetModuleHandleA
GetLastError
GetProcAddress
LoadLibraryA
Sleep

user32

MessageBoxA
CharUpperA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

DS0CNTR0RETR0MIN0MAX
DS0DECPE
DS0ECDIR
DS0INTERDATE
DS0IVS0VAL
DS0IVS0VAL0FINE
DS0ML0ACQ
DS0ML0STP
DS0RETR0APP
DS0RIV0MOB
DS0VEDI0TAB0RED
DS0VEDI0VALOR0GG
DSCHIUDI
DSDIR0FILENAME
DSERR
DSMLSTP
SUB0DS
_mFdllinfo

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ