70162dfb6487e1e150a6a0c63e8ef350_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

70162dfb6487e1e150a6a0c63e8ef350_NEIKI
Size

166KB
MD5

70162dfb6487e1e150a6a0c63e8ef350
SHA1

afa01117dd9a3bfdb154a27e88c42cb166b23306
SHA256

6b18dc9150b5a66e4106adef6a37944027d42cad6886ffd7fd1ec49c7c92c3a6
SHA512

a9391d616e1a5ba8ae9c6a3aa9ef188b4b641367cbfcb7e423307806b8d69fa6abe6b8af4e23eb9a32db8ccfee27648b29c7a7c8dca0175e092ace669fb60f07
SSDEEP

3072:RrOlLTf3Slrf2jfRefttFK1gbofVMsEpWU/:8vf3SlL2dotigovEkQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70162dfb6487e1e150a6a0c63e8ef350_NEIKI

Files

70162dfb6487e1e150a6a0c63e8ef350_NEIKI
.exe windows:6 windows x64 arch:x64

9fb060c2977a9d9b782440b98d410c3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
CreateFileW
WriteConsoleW
GetProcAddress
OpenProcess
GetModuleHandleA
DuplicateHandle
GetCurrentProcess
ConnectNamedPipe
CreateThread
CloseHandle
GetCurrentThread
WaitForSingleObject
CreateNamedPipeW
ReadFile
GetProcessHeap
HeapAlloc
GetLastError
HeapFree
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
WideCharToMultiByte
GetFileType
LCMapStringW
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree

user32

SetProcessWindowStation
CloseDesktop
GetUserObjectInformationW
SetUserObjectSecurity
GetUserObjectSecurity
OpenWindowStationW
CloseWindowStation
GetProcessWindowStation
OpenDesktopW
wsprintfW

advapi32

AddAccessAllowedAce
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
EqualSid
CloseServiceHandle
OpenSCManagerW
CreateProcessWithTokenW
ImpersonateLoggedOnUser
OpenProcessToken
CreateProcessAsUserW
OpenServiceW
DuplicateTokenEx
QueryServiceStatusEx
GetTokenInformation
ImpersonateNamedPipeClient
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
GetAce
AllocateAndInitializeSid
CopySid
AddAce
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid

ole32

CoTaskMemAlloc
CoInitialize
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoGetInstanceFromIStorage
CoUninitialize
CLSIDFromString

rpcrt4

RpcServerRegisterIf2
RpcEpRegisterA
RpcImpersonateClient
NdrServerCall2
NdrServerCallAll
RpcServerInqBindings
RpcServerUseProtseqEpA
RpcServerListen
RpcServerRegisterAuthInfoA

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fb060c2977a9d9b782440b98d410c3e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

ntdll

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 5KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB