5089b8907c4ff068e50054281eb3b1e0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

5089b8907c4ff068e50054281eb3b1e0_NEIKI
Size

580KB
MD5

5089b8907c4ff068e50054281eb3b1e0
SHA1

ed121c8b189356ad69dc2c5a0b0b077014085c8b
SHA256

c93a96469f0d9bcec5d52bf55f53c642ac18be32e44437440e250fbb321f1763
SHA512

a5e1419dec3b5a3586f7366d5035c291147fdbccf743160928f18d341edea68a26d3d39ca6f1b72ff2a06e7548a5dacb08e35d01cf59632fa162b157294d1295
SSDEEP

12288:FYPH6J7WYUjoU6N9gSRiTh9qvhh36uMls5YxKpo/ZPms45:F8H6J7WYUjoU+9xYqr7MtD/Z/45

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5089b8907c4ff068e50054281eb3b1e0_NEIKI

Files

5089b8907c4ff068e50054281eb3b1e0_NEIKI
.dll windows:6 windows x64 arch:x64

ff74539ad832836b7422fe9be799893c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python312

PyDict_SetItem
PyDict_New
PyUnicode_Type
_PyUnicode_IsWhitespace
PyThread_free_lock
PyObject_CallFinalizerFromDealloc
_PyDict_GetItem_KnownHash
PyObject_IsInstance
PyNumber_Index
PyMem_Free
PyExc_StopIteration
PyList_Type
PyErr_NoMemory
PyDict_GetItemString
PyUnicode_DecodeLatin1
PyObject_GetItem
PyUnicode_Splitlines
PyModuleDef_Init
PyObject_GC_Track
PyBytes_FromStringAndSize
PyGILState_Ensure
PyDict_DelItem
PyUnstable_Code_NewWithPosOnlyArgs
PyUnicode_Compare
PyThread_get_thread_ident
PyObject_IsSubclass
PyExc_TypeError
PyUnicode_Tailmatch
PyMem_Realloc
PyEval_GetBuiltins
_PyObject_NextNotImplemented
PyExc_AttributeError
PyDict_Copy
PyObject_Str
PyExc_NameError
PyUnicode_AsUTF8String
PyTuple_Pack
PyMem_Malloc
PyList_AsTuple
PyExc_IndexError
Py_EnterRecursiveCall
PyExc_ImportError
_Py_TrueStruct
PyUnicode_DecodeASCII
PyExc_SystemError
PyObject_SetItem
_PyObject_GC_New
PyType_Modified
PyTraceBack_Type
PyGILState_Check
PyUnicode_FromString
PyLong_FromSize_t
PyObject_VectorcallDict
PyUnicode_Format
PyBuffer_Release
PyObject_Call
PyByteArray_Type
PyType_Type
PySequence_Tuple
PyEval_RestoreThread
PyUnicode_FromStringAndSize
_PyObject_GetDictPtr
PyGC_Disable
PyFloat_FromDouble
PyThread_acquire_lock
PyLong_FromLongLong
PyDict_Size
PyDict_SetItemString
PySequence_Contains
PyTuple_New
PyLong_AsLongLong
_Py_NoneStruct
PyGILState_Release
PyLong_AsUnsignedLongLong
PyFloat_AsDouble
PyUnicode_FromOrdinal
PyDict_Contains
PyModule_GetName
PyObject_GetAttr
PyThread_allocate_lock
PyInterpreterState_GetID
PyDict_GetItemWithError
PyErr_SetNone
PyExc_UnboundLocalError
PyUnicode_Concat
PyObject_Hash
PyObject_GC_UnTrack
PyLong_FromLong
PyObject_SetAttrString
PyMethod_New
PyExc_RuntimeError
_PyThreadState_UncheckedGet
PyList_SetSlice
PyEval_SaveThread
PyTraceBack_Here
_PyObject_GenericGetAttrWithDict
PyCapsule_New
PyException_SetTraceback
PyTuple_Size
PyUnicode_Decode
PyObject_RichCompareBool
PyObject_GenericGetAttr
PyBytes_Type
PyList_Append
PyErr_Clear
_PyDict_Pop
PyNumber_Remainder
PyObject_GetAttrString
PyType_Ready
PyImport_AddModule
PyObject_GC_IsFinalized
PyList_New
PyVectorcall_Function
Py_Version
PyObject_GetBuffer
PyLong_FromSsize_t
PyUnicode_FromFormat
PyObject_Init
PyObject_ClearWeakRefs
PyDescr_IsData
PyErr_Occurred
PyLong_AsLong
PyErr_Fetch
PyObject_GC_Del
PyCapsule_GetPointer
PyThread_release_lock
PyErr_ExceptionMatches
PyObject_Free
PyErr_NormalizeException
PyObject_Format
PyImport_ImportModuleLevelObject
PyModule_GetDict
PyImport_GetModuleDict
PyTuple_GetItem
_Py_Dealloc
PyImport_ImportModule
PyExc_OverflowError
PyUnicode_Join
PyErr_Restore
PyType_IsSubtype
Py_LeaveRecursiveCall
PyLong_Type
PyMethod_Type
PyModule_NewObject
PyFloat_Type
PyNumber_InPlaceAdd
PyImport_GetModule
PyExc_KeyError
_Py_FalseStruct
PyTuple_Type
PyBool_Type
PyExc_DeprecationWarning
PyObject_RichCompare
PyDict_Type
PyErr_Format
PyDict_Next
PyExc_ValueError
PyErr_WarnFormat
PyNumber_Add
PyObject_GetIter
PyUnicode_AsASCIIString
PyErr_WriteUnraisable
PyIter_Next
PyErr_SetString
PyLong_AsSsize_t
PyBytes_FromFormat
PyUnicode_New
_PyType_Lookup
_Py_ascii_whitespace
PyTuple_GetSlice
PyFrame_New
PyErr_PrintEx
PyExc_RuntimeWarning
PyErr_WarnEx
PyList_Insert
PyErr_GivenExceptionMatches
PyCode_NewEmpty
PyErr_SetObject
PyException_GetTraceback
PyExc_Exception
PyThreadState_Get
PyOS_snprintf
PyCFunction_Type
PyUnicode_InternFromString
PyObject_SetAttr
PyGC_Enable
PyBaseObject_Type
PyObject_IsTrue
PyUnicode_AsEncodedString

kernel32

GetModuleFileNameA
LoadLibraryExA
GetLastError
GetProcAddress
FreeLibrary
FormatMessageA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
DisableThreadLibraryCalls
IsDebuggerPresent
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

vcruntime140

memcpy
__intrinsic_setjmp
memcmp
memchr
strstr
strchr
longjmp
strrchr
__C_specific_handler
memset
__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

getc
__stdio_common_vfprintf
fflush
feof
fread
fopen
tmpnam
ferror
fwrite
fgets
fclose
clearerr
_pclose
__acrt_iob_func
__stdio_common_vsprintf
tmpfile
setvbuf
_fseeki64
_ftelli64
_popen
ungetc
freopen

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc

api-ms-win-crt-string-l1-1-0

strpbrk
isxdigit
strcoll
islower
ispunct
iscntrl
isdigit
strspn
isalpha
isalnum
toupper
isspace
isgraph
isupper
tolower
strncmp

api-ms-win-crt-runtime-l1-1-0

abort
system
strerror
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
exit
_errno

api-ms-win-crt-math-l1-1-0

ldexp
frexp
acos
asin
atan2
ceil
cos
exp
floor
fmod
log
log10
pow
tan
sqrt
sin

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv

api-ms-win-crt-time-l1-1-0

_mktime64
clock
_difftime64
_time64
strftime
_localtime64
_gmtime64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-filesystem-l1-1-0

rename
remove

Exports

Exports

PyInit_lua54

Sections

.text
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff74539ad832836b7422fe9be799893c

Headers

DLL Characteristics

File Characteristics

Imports

python312

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 465KB - Virtual size: 464KB

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 11KB - Virtual size: 16KB

.pdata Size: 20KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 465KB - Virtual size: 464KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 11KB - Virtual size: 16KB

.pdata
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 2KB - Virtual size: 1KB