63892ffbe515a48084e7f98ceab3c9d0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

63892ffbe515a48084e7f98ceab3c9d0_NEIKI
Size

4.6MB
MD5

63892ffbe515a48084e7f98ceab3c9d0
SHA1

67b8aab8edab09af5a76f94baa4d3b315eff74c6
SHA256

b6747adf0615b7a88541682eceb6a93a08ddce85264a02cd11c69eca3d992c5d
SHA512

a4721a6b6991515d25890293e31a1bafe2df5e02c81d97d394601fc0761a7620a4045859aa73a44c05ad1abebc42c72a588d5b39c3865a3bd3761edcf685dde6
SSDEEP

98304:n6bAR+ywHYCXwQMzuXSFLOAkGkzdnEVomFHKnP:7+bH1KuXSFLOyomFHKnP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63892ffbe515a48084e7f98ceab3c9d0_NEIKI

Files

63892ffbe515a48084e7f98ceab3c9d0_NEIKI
.exe windows:6 windows x64 arch:x64

7126cba14d01154f008a73cfd34d1833

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Develop\ODBCQueryTool\bin_ReleaseUnicodex64\QueryReWriter.pdb

Imports

kernel32

GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
LCMapStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
WriteConsoleW
ExitProcess
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
SetEnvironmentVariableW
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
RtlPcToFileHeader
RtlUnwindEx
lstrlenW
lstrcpynW
SetCurrentDirectoryW
GetACP
UnmapViewOfFile
FlushViewOfFile
SetFilePointerEx
RaiseException
OutputDebugStringW
FreeEnvironmentStringsW
GetStringTypeW
GetSystemInfo
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetTempFileNameW
GetTickCount
SearchPathW
GetProfileIntW
Sleep
GetTickCount64
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
SetErrorMode
FindResourceExW
GetWindowsDirectoryW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
GetTempPathW
SetFilePointer
GetFileSize
GetFileAttributesW
CreateFileW
DeleteFileW
GetCurrentDirectoryW
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalFlags
GetThreadLocale
FileTimeToSystemTime
GlobalGetAtomNameW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
ResumeThread
SetThreadPriority
WaitForSingleObject
CloseHandle
VerifyVersionInfoW
VerSetConditionMask
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcpyW
lstrcmpA
GetVersionExW
GetCurrentThread
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
GetCurrentProcessId
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
SizeofResource
LoadLibraryW
GetModuleHandleExW
GetModuleFileNameW
OutputDebugStringA
WideCharToMultiByte
SetLastError
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
GetStdHandle

user32

SetRect
WindowFromPoint
InvalidateRect
KillTimer
SetTimer
IntersectRect
RealChildWindowFromPoint
SetCursor
ShowOwnedPopups
GetCursorPos
TranslateMessage
GetMessageW
EnumDisplayMonitors
LoadCursorW
SetLayeredWindowAttributes
DrawIconEx
IsRectEmpty
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawStateW
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
BringWindowToTop
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
PtInRect
EqualRect
CreateMenu
DestroyCursor
GetParent
EnableWindow
UnregisterClassW
LoadIconW
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
UnpackDDElParam
ReuseDDElParam
EnumChildWindows
TrackMouseEvent
CopyImage
GetAsyncKeyState
WaitMessage
SetCapture
DeleteMenu
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
ReleaseCapture
SetForegroundWindow
GetForegroundWindow
LoadAcceleratorsW
TranslateAcceleratorW
LoadMenuW
CreatePopupMenu
InsertMenuItemW
DestroyIcon
LoadImageW
GetScrollInfo
IsIconic
SendMessageW
GetSystemMetrics
GetClientRect
DrawIcon
MessageBeep
PostMessageW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
OpenClipboard
CloseClipboard
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
IsWindow
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
wsprintfW
FlashWindowEx
AdjustWindowRect
ClipCursor
BroadcastSystemMessageW
GetClipboardData
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongW
GetDesktopWindow
DestroyMenu
GetMenuItemInfoW
GetSysColor
CopyRect
InflateRect
SystemParametersInfoW
IsZoomed
GetWindowRect
SetRectEmpty
OffsetRect
MessageBoxW
GetWindowThreadProcessId
GetLastActivePopup
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetDC
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
FillRect
SendDlgItemMessageA
IsChild
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetClassNameW
GetWindow
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsMenu
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
GetDlgCtrlID
SetFocus
GetFocus
GetKeyState
GetCapture
GetMenu
SetClipboardData
EmptyClipboard
SetParent
MonitorFromPoint
CharUpperW
GetSystemMenu
NotifyWinEvent
SetCursorPos
UnionRect
LockWindowUpdate
EnableScrollBar
GetDoubleClickTime
GetIconInfo
CopyIcon
GetMenuDefaultItem
SetMenuDefaultItem
ModifyMenuW
DestroyAcceleratorTable
SetClassLongPtrW
GetUpdateRect
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyW
CreateAcceleratorTableW
GetKeyNameTextW
HideCaret
InvertRect
FrameRect
RegisterClipboardFormatW
SubtractRect
CharUpperBuffW
UpdateLayeredWindow
IsClipboardFormatAvailable
PostThreadMessageW
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SetMenu
TrackPopupMenu
UpdateWindow
GetWindowRgn
GetComboBoxInfo

gdi32

IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetTextAlign
MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateEllipticRgn
CreateRectRgnIndirect
Ellipse
GetBkColor
GetTextColor
PatBlt
CreatePolygonRgn
GetViewportExtEx
Polyline
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetMapMode
SetRectRgn
DPtoLP
GetRgnBox
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetCurrentObject
CreateFontW
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
GetTextMetricsW
CopyMetaFileW
Arc
SelectObject
ExtTextOutW
GetObjectW
GetTextExtentPoint32W
CreateFontIndirectW
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateDCW
DeleteDC
GetWindowExtEx
Polygon

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryValueW

shell32

DragFinish
ShellExecuteW
SHGetFileInfoW
SHAppBarMessage
SHGetSpecialFolderLocation
DragQueryFileW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageInfo
ImageList_GetIcon

shlwapi

PathRemoveFileSpecW
StrFormatKBSizeW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW

uxtheme

GetCurrentThemeName
GetThemeSysColor
GetWindowTheme
DrawThemeText
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeParentBackground
CloseThemeData
GetThemeColor
DrawThemeBackground
OpenThemeData

ole32

CoRegisterMessageFilter
CoRevokeClassObject
CoInitializeEx
IsAccelerator
OleTranslateAccelerator
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
OleUninitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
OleDestroyMenuDescriptor
OleInitialize

oleaut32

SafeArrayDestroy
SysFreeString
OleCreateFontIndirect
VarBstrFromDate
VarDateFromStr
VariantCopy
VarUdateFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
SysStringLen
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen

oledlg

OleUIBusyW

gdiplus

GdipDisposeImage
GdipCloneImage
GdipDrawImageRectI
GdipFree
GdipAlloc
GdiplusShutdown
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdiplusStartup
GdipGetImageGraphicsContext

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7126cba14d01154f008a73cfd34d1833

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

comdlg32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 688KB - Virtual size: 687KB

.data Size: 35KB - Virtual size: 65KB

.pdata Size: 113KB - Virtual size: 113KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 69KB - Virtual size: 68KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 688KB - Virtual size: 687KB

.data
Size: 35KB - Virtual size: 65KB

.pdata
Size: 113KB - Virtual size: 113KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 69KB - Virtual size: 68KB