189512ae6b75d416e0019aba60445f10_NEIKI

General

Target

189512ae6b75d416e0019aba60445f10_NEIKI
Size

9KB
MD5

189512ae6b75d416e0019aba60445f10
SHA1

818ddec3ee7532b39d4c8bb5c77d8f932f454d92
SHA256

1f50b5d6030b8e0d84fa261d1f3c3b65e796d99da8517d41aec0078054f93958
SHA512

a44437ae7e2fd1dc74677c439ff366371b773f53de972a9d9741fbf4305affc13f14c7a32e9075ebbf873149868300cad38fc36e9bc131a00806dafb00e32716
SSDEEP

192:y5q3u6wD4Mj10AJcdZsqvVDJTOLrTDMQiAxq7UT:Mq3hw0i10AJ6VDcvMQiy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
189512ae6b75d416e0019aba60445f10_NEIKI

Files

189512ae6b75d416e0019aba60445f10_NEIKI
.dll windows:5 windows x86 arch:x86

73351bee15db9832de10a3bd24f51ce4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FormatMessageW
LocalFree
WideCharToMultiByte
GetProcessHeap
GlobalFree
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentThread
GetLastError
GetCurrentProcess
GlobalAlloc
lstrcpynW
lstrcpyW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent

advapi32

LsaFreeMemory
StartServiceW
ControlService
DeleteService
QueryServiceStatus
OpenServiceW
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
LsaEnumerateAccountRights
LsaNtStatusToWinError
LsaClose
LsaAddAccountRights
LsaRemoveAccountRights
LookupAccountNameW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
LsaOpenPolicy

msvcr90

free
wcsstr
malloc
_wcslwr
_wcsicmp
_except_handler4_common
_crt_debugger_hook
_stricmp
memset
wcslen
_itow

Exports

Exports

GetServiceNameFromDisplayName
GrantLogonAsAService
HasLogonAsAService
IsProcessUserAdministrator
IsServiceInstalled
IsServiceRunning
RemoveLogonAsAService
SendServiceCommand

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73351bee15db9832de10a3bd24f51ce4

Headers

File Characteristics

Imports

kernel32

advapi32

msvcr90

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 840B

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 512B - Virtual size: 496B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 840B

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 512B - Virtual size: 496B