6a283c559a155b09641a2924551acbc0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

6a283c559a155b09641a2924551acbc0_NEIKI
Size

9.0MB
MD5

6a283c559a155b09641a2924551acbc0
SHA1

48ad3d29bf9d3e3e3f40bfd9558c345af47856b6
SHA256

b572f47e7e2c2fc63f9801223dde710d4e8a2ecbbdac267f5b31e2817c152f3c
SHA512

53c6c4af95e2a8505c9966fdb33df1604553971f3cfd7e3f4aa06b23641c5dc6b01558df8a5cb72cc64d2e65963530ddb670ec490dbd34d0c3c9c64dda2187c3
SSDEEP

49152:UXikvrw+rH0jmrdyREfwH5pVlTJhXYKfzaxUtaS3xDgJhqxEcRPnRvGiezAPyKe2:3ttXxfTtagxDgJh4RJ+iezD527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a283c559a155b09641a2924551acbc0_NEIKI

Files

6a283c559a155b09641a2924551acbc0_NEIKI
.exe windows:4 windows x64 arch:x64

814df80bc1029c53a4fd136f99c024e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Users\Chunyung\Documents\Visual Studio 2005\Projects\RtkNGui\x64\release\RtkNGUI64.pdb

Imports

dwmapi

DwmExtendFrameIntoClientArea

winmm

mmioRead
mmioSeek
mmioAscend
mmioDescend
mmioOpenW
mmioClose
timeGetTime
mciSendStringW
mmioCreateChunk
mmioGetInfo
mmioAdvance
mmioSetInfo
mmioWrite

imm32

ImmDisableIME

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dsound

ord3
ord1
ord6

rpcrt4

UuidToStringW
RpcStringFreeW

kernel32

MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
OpenMutexW
IsBadReadPtr
GetSystemInfo
RaiseException
lstrcmpA
GetVersionExA
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetModuleHandleA
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
SetThreadPriority
SuspendThread
GetCurrentProcessId
WritePrivateProfileStringW
GetThreadLocale
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemPowerStatus
TlsAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlPcToFileHeader
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemTimeAsFileTime
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
HeapSize
SetStdHandle
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
RtlVirtualUnwind
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
OpenFileMappingW
WriteConsoleA
GetConsoleOutputCP
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
WriteConsoleW
GetStdHandle
AllocConsole
DeleteFileW
GetTempPathW
ResetEvent
GetSystemDirectoryA
ResumeThread
DuplicateHandle
GetPrivateProfileIntW
GetFileSize
GetPrivateProfileStringW
CompareFileTime
SystemTimeToFileTime
DeviceIoControl
GetSystemTime
GetWindowsDirectoryW
GetTimeZoneInformation
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetThreadExecutionState
GetFileAttributesW
WaitForMultipleObjects
GetExitCodeThread
WriteFile
CreateFileW
Sleep
LoadLibraryA
GetSystemDirectoryW
SearchPathW
GetUserDefaultUILanguage
FindResourceExW
FreeLibrary
MulDiv
TerminateThread
CreateThread
CreateEventW
GetCPInfo
FreeResource
lstrlenA
lstrcmpiW
GetVersionExW
GetVersion
GetTickCount
FormatMessageW
SetEvent
GetModuleHandleW
SetLastError
lstrcpyW
WideCharToMultiByte
lstrlenW
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
CreateProcessW
GetCurrentProcess
IsWow64Process
WaitForSingleObject
GetCurrentThreadId
SetThreadUILanguage
GetModuleFileNameW
GetUserGeoID
MultiByteToWideChar
FindNextFileW
FindFirstFileW
FindClose
GetProcAddress
LoadLibraryW
LockResource
SizeofResource
LocalFree
LocalAlloc
CloseHandle
GetLastError
CreateMutexW
FindResourceW
LoadResource
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
LeaveCriticalSection
GetLocalTime
ReleaseMutex
TlsGetValue

user32

EndPaint
IsDialogMessageW
MoveWindow
IsWindowEnabled
CheckMenuItem
EnableMenuItem
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetActiveWindow
GetMessageW
CharUpperW
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
WindowFromPoint
DestroyMenu
UnregisterClassW
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
SetScrollInfo
DefWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuStringW
FindWindowW
UnregisterDeviceNotification
RegisterDeviceNotificationW
UnhookWindowsHookEx
GetMonitorInfoW
MonitorFromWindow
GetShellWindow
ExitWindowsEx
RegisterWindowMessageW
GetClassInfoW
SetMenuDefaultItem
SetWindowPos
SetWindowTextW
LoadIconW
IsWindow
CreateMenu
GetSubMenu
ModifyMenuW
DeleteMenu
GetMenuItemInfoW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetMenuState
DestroyIcon
GrayStringW
DrawIconEx
DrawTextExW
LoadBitmapW
DrawTextW
TabbedTextOutW
BeginPaint
DrawEdge
GetTopWindow
DestroyCursor
LoadImageW
SetClassLongW
GetClassLongW
TranslateAcceleratorW
GetSysColorBrush
SetWindowLongPtrW
GetScrollInfo
CallWindowProcW
GetWindowLongPtrW
GetCursorPos
SetTimer
KillTimer
GetDlgCtrlID
SetWindowLongW
ValidateRect
GetClassNameW
ScreenToClient
FillRect
AppendMenuW
SystemParametersInfoW
EqualRect
GetComboBoxInfo
SetCursor
LoadCursorW
InflateRect
GetMessagePos
SetRect
SetRectEmpty
ReleaseCapture
FrameRect
IsRectEmpty
SetCapture
ReleaseDC
GetDC
PtInRect
DispatchMessageW
TranslateMessage
PostQuitMessage
PeekMessageW
SetForegroundWindow
SetClassLongPtrW
AttachThreadInput
GetWindowThreadProcessId
ShowWindow
GetWindowLongW
LockWindowUpdate
SetParent
SetWindowRgn
GetWindowRgn
IsWindowVisible
GetDesktopWindow
CallNextHookEx
MessageBoxW
GetForegroundWindow
SetWindowsHookExW
GetAncestor
SetScrollPos
SetScrollRange
CopyRect
OffsetRect
SetActiveWindow
UnionRect
ChildWindowFromPointEx
WindowFromDC
ShowScrollBar
GetSystemMetrics
GetParent
GetWindow
GetWindowRect
RedrawWindow
FindWindowExW
SetProcessDPIAware
PostMessageW
SetCaretPos
ClientToScreen
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
GetCapture
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
UpdateWindow
GetCaretPos
InvalidateRect
EnableWindow
GetClientRect
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
CreatePopupMenu
GetDlgItem
GetSysColor
SendMessageW
GetFocus
DestroyWindow
GetMessageTime
MapWindowPoints
UnregisterClassA
TrackPopupMenu
GetKeyState
GetScrollRange
GetScrollPos
UpdateLayeredWindow
GetMenu
IntersectRect
TrackPopupMenuEx

gdi32

Ellipse
Escape
PatBlt
GetBkMode
PtVisible
RectVisible
SetBkMode
SetMapMode
LineTo
MoveToEx
SetTextAlign
SetViewportOrgEx
GetDeviceCaps
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
SetTextColor
ScaleWindowExtEx
CreateBitmap
DPtoLP
GetClipBox
SetPixel
EnumFontFamiliesExW
CreateFontW
CreatePen
GetCurrentObject
ExtTextOutW
CreateFontIndirectW
RestoreDC
SaveDC
CreateSolidBrush
GetMapMode
CreateCompatibleBitmap
SetDIBColorTable
ExtCreateRegion
CreateDIBSection
GetObjectW
CombineRgn
DeleteObject
CreateRectRgn
CreateCompatibleDC
SelectObject
DeleteDC
GetTextExtentPoint32W
BitBlt
OffsetViewportOrgEx
GetStockObject
GetPixel
TextOutW
SetBkColor

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueW
RegCloseKey
RegQueryValueExW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyExW
RegNotifyChangeKeyValue
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW

shell32

Shell_NotifyIconW
ShellExecuteExW
SHGetFolderPathW
SHGetKnownFolderPath
SHGetSpecialFolderPathW

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord380

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
SHStrDupW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoCreateGuid
CreateStreamOnHGlobal
PropVariantClear
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
StringFromGUID2
CoInitialize
CoFreeUnusedLibrariesEx
CoInitializeSecurity
FreePropVariantArray
PropVariantCopy
CoTaskMemAlloc

oleaut32

SysFreeString
VariantChangeType
SafeArrayCreate
VariantClear
VariantInit
SysAllocString

gdiplus

GdipDeleteGraphics
GdipBitmapUnlockBits
GdipCloneImage
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipCreateBitmapFromHBITMAP
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDrawImageI
GdipCreateFromHDC
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipImageRotateFlip
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipCreateBitmapFromHICON
GdipSetSmoothingMode
GdipDrawImageRect
GdipCreatePen1
GdipDeletePen
GdipDrawLineI
GdipGetFontUnit
GdipGetFontStyle
GdipGetFontSize
GdipGetLogFontW
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipDeleteFont
GdipMeasureString
GdipDeleteFontFamily
GdipGetFamily
GdipCreateFont
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipDeleteBrush
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipCloneBrush
GdipSetTextRenderingHint
GdipDrawString
GdipDrawImage
GdipDisposeImage
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipSetInterpolationMode

wininet

InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpOpenRequestW
InternetOpenW
InternetQueryDataAvailable

Exports

Exports

?AsSysSvr_RegisterNotify@@3P6AHPEAUHWND__@@PEB_W@ZEA
?AsSysSvr_UnregisterNotify@@3P6AHPEAUHWND__@@PEB_W@ZEA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

814df80bc1029c53a4fd136f99c024e2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dwmapi

winmm

imm32

setupapi

version

dsound

rpcrt4

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

wininet

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 480KB - Virtual size: 480KB

.data Size: 104KB - Virtual size: 135KB

.pdata Size: 102KB - Virtual size: 102KB

.rsrc Size: 6.8MB - Virtual size: 6.8MB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 480KB - Virtual size: 480KB

.data
Size: 104KB - Virtual size: 135KB

.pdata
Size: 102KB - Virtual size: 102KB

.rsrc
Size: 6.8MB - Virtual size: 6.8MB