13be5dae4a8c99a71798ccea8c70d6c0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

13be5dae4a8c99a71798ccea8c70d6c0_NEIKI
Size

297KB
MD5

13be5dae4a8c99a71798ccea8c70d6c0
SHA1

5e60ff2967650760038210493378df493a99f7f7
SHA256

843a8f4205070b633d84fb805e4fefe202ea5c9d9d70c4d39cfdc60a174a90ae
SHA512

b275788c4020518fe3056dbf02dff31c35910af298c5846a92e0d7814fe77e0f87119b1df21c4a342798381fc2c9a3b575a69a2839d7a0067c4b6122fed75b29
SSDEEP

6144:q6k/Tn/GWGUnOzCqxRzFSSDsL54r9yoMwMchySiwmeO:q+W3nOzCaDSDuiBchbkeO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13be5dae4a8c99a71798ccea8c70d6c0_NEIKI

Files

13be5dae4a8c99a71798ccea8c70d6c0_NEIKI
.exe windows:5 windows x86 arch:x86

b28689d6d32d29602a8ce9db9357199d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Kinoni\webcam\EpocCamSvc\Release\KinoniSvc.pdb

Imports

wtsapi32

WTSQueryUserToken

gdiplus

GdipFree
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipCreatePen1
GdipDeletePen
GdiplusStartup
GdipCloneImage
GdiplusShutdown
GdipDrawImageRectRect
GdipDrawImageRectI
GdipDrawImageI
GdipGraphicsClear
GdipDrawEllipse
GdipCreateFromHDC
GdipSetImageAttributesColorKeys
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics

ws2_32

WSAGetLastError
recv
accept
send
closesocket
htons
htonl
ntohl
gethostname
gethostbyname
inet_ntoa
WSAStartup
connect
select
__WSAFDIsSet
socket
bind
getsockname
WSASetServiceA
listen
setsockopt
getsockopt
ioctlsocket

kernel32

SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
GetStdHandle
IsValidCodePage
GetOEMCP
GetCPInfo
Sleep
ExitProcess
InterlockedDecrement
GetModuleHandleW
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
lstrlenA
WideCharToMultiByte
GetACP
SetEvent
CloseHandle
DeviceIoControl
WaitForMultipleObjects
CreateFileA
ReleaseMutex
WaitForSingleObject
OpenMutexA
CreateThread
CreateEventA
FreeLibrary
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetTickCount
WTSGetActiveConsoleSessionId
ReadFile
WriteFile
SetNamedPipeHandleState
WaitNamedPipeA
GetLastError
CreateMutexA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
SetWaitableTimer
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
LoadResource
SizeofResource
FindResourceA
ResetEvent
GetModuleHandleA
GetModuleFileNameA
CreateWaitableTimerA
lstrcmpiA
GetOverlappedResult
SetThreadPriority
SetCommState
SetCommTimeouts
SetCommMask
PurgeComm
SetLastError
RaiseException
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
FlushFileBuffers
GetFileType
GetStartupInfoW
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
HeapSize
LoadLibraryW
HeapReAlloc
GetStringTypeW
SetStdHandle
WriteConsoleW
CreateFileW
GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapSetInformation
GetCommandLineA
HeapAlloc
HeapFree
EncodePointer
DecodePointer
GetCurrentThreadId
ExitThread
RtlUnwind

user32

ReleaseDC
GetDC
DrawTextA

gdi32

CreateCompatibleDC
SetBkColor
SetBkMode
CreateFontA
CreateDIBSection
SetTextColor
SelectObject
DeleteObject
DeleteDC

advapi32

StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
CreateServiceA
CloseServiceHandle
ChangeServiceConfig2A
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DuplicateTokenEx
CreateProcessAsUserA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b28689d6d32d29602a8ce9db9357199d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

gdiplus

ws2_32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 13KB - Virtual size: 696KB

.rsrc Size: 165KB - Virtual size: 165KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 13KB - Virtual size: 696KB

.rsrc
Size: 165KB - Virtual size: 165KB

.reloc
Size: 11KB - Virtual size: 11KB