1aec6a6942e16cac25bb5d7c9e251310_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

1aec6a6942e16cac25bb5d7c9e251310_NEIKI
Size

784KB
MD5

1aec6a6942e16cac25bb5d7c9e251310
SHA1

1eac739c406f8f3f0012822d0be96c911ce92f9d
SHA256

4d60016a55c8be57dcbbdd296ee1c0fe6adb40c53e9b6720af4d183073e43a18
SHA512

3d6bc7be212f0ea4d573a93991b3af768e49926a3a386cca0a2c04a3f9153975c30c705e57b0dffd8923c9110d434af45dfa751d17aa47731ed45b04dd6a86b8
SSDEEP

12288:0xVakN9nqy0udydQDiMKypx1BWdZoaoxxAcZza7uzm+x7C7:0/dN9nqwdy0iMBT1BUZNWZZG7uy+x7C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1aec6a6942e16cac25bb5d7c9e251310_NEIKI

Files

1aec6a6942e16cac25bb5d7c9e251310_NEIKI
.dll windows:4 windows x86 arch:x86

10920d006b426dc3dbb89f60493b01e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\cm\build\public\Sysinfo2.0-02-05-09\sysinfo\dist\release\services\sysinfo\ver2_0_0_0\SysInfo.pdb

Imports

shlwapi

PathRemoveFileSpecA
PathAppendA
PathFileExistsA
PathIsDirectoryA
PathCanonicalizeA

winmm

timeGetTime
waveOutGetNumDevs

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

iphlpapi

GetAdaptersInfo

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryExA
FindCloseUrlCache
FindNextUrlCacheEntryExA

kernel32

HeapAlloc
CreateProcessA
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcessId
CloseHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
GetVersionExA
ReleaseMutex
GetLastError
OpenMutexA
Sleep
LocalFree
Process32Next
OpenProcess
Process32First
TerminateProcess
GetExitCodeProcess
GetPrivateProfileSectionA
HeapCreate
HeapDestroy
ReadFile
WriteFile
GetCommState
SetCommState
BuildCommDCBA
EscapeCommFunction
lstrcpyA
SetCommTimeouts
GetTickCount
GetCommTimeouts
SetupComm
PurgeComm
CreateFileA
GetVolumeInformationA
GlobalMemoryStatus
GetDiskFreeSpaceA
GetModuleFileNameA
GetModuleHandleA
GetDriveTypeA
GetLogicalDrives
GetWindowsDirectoryA
GetFileAttributesA
GetUserDefaultLangID
GetSystemDirectoryA
SetEvent
WaitForSingleObject
CreateEventA
InterlockedExchange
GetACP
GetLocaleInfoA
WritePrivateProfileStringA
SetCurrentDirectoryA
GetCurrentDirectoryA
FindNextFileA
lstrlenA
GetLongPathNameA
CreateDirectoryA
GetProfileStringA
ResumeThread
DeleteFileA
FormatMessageA
GetTempPathA
OutputDebugStringA
GetFileAttributesExA
GlobalFree
GlobalAlloc
GetCurrentProcess
SetThreadLocale
GetSystemInfo
lstrcpynA
GetCurrentThreadId
GetPrivateProfileIntA
GetPrivateProfileStringW
GetModuleFileNameW
GetProcessHeap
LoadLibraryExW
CreateEventW
ResetEvent
InterlockedCompareExchange
CompareStringA
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesW
MoveFileA
MoveFileW
CreateDirectoryW
CreateSemaphoreA
ReleaseSemaphore
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateThread
WaitForMultipleObjects
IsBadReadPtr
IsBadWritePtr
OpenEventA
lstrlenW
GetVersion
GetCurrentThread
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetEnvironmentVariableA
GetThreadContext
SuspendThread
VirtualQuery
SetUnhandledExceptionFilter
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
VirtualFree
VirtualAlloc
VirtualProtect
GetTimeZoneInformation
GetOEMCP
HeapSize
HeapReAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
LCMapStringW
LCMapStringA
CreateThread
ExitThread
GetCommandLineA
GetLocalTime
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
FindClose
HeapFree
GetPrivateProfileStringA
GetModuleHandleW
lstrcmpiA
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetFullPathNameA
SetFilePointer
FlushFileBuffers
IsBadCodePtr
SetEndOfFile
SetStdHandle
SetEnvironmentVariableA
GetLocaleInfoW
ExitProcess

user32

FindWindowA
TranslateMessage
DispatchMessageA
PeekMessageA
SendMessageCallbackA
RegisterClassA
UnregisterClassA
DestroyWindow
PostMessageA
SendMessageA
GetWindowTextA
GetWindowThreadProcessId
GetWindowLongA
EnumWindows
MessageBoxA
wsprintfA
WaitForInputIdle
CharPrevA
SetFocus
AttachThreadInput
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
KillTimer
SetTimer
GetKeyState
GetMessageA
DefWindowProcA
CreateWindowExA

gdi32

GetDeviceCaps
DeleteDC
CreateDCA

advapi32

OpenProcessToken
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
GetTokenInformation
AllocateAndInitializeSid
EqualSid
OpenServiceA
ControlService
OpenSCManagerA
RegDeleteKeyA
RegEnumValueA
RegOpenKeyA
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW

shell32

ShellExecuteA

ole32

CoInitialize
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoGetInterfaceAndReleaseStream
CreateBindCtx
CoTaskMemFree
StringFromCLSID
CoRegisterMessageFilter
CoUninitialize

oleaut32

VariantClear
SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayUnlock
SafeArrayCreate
SafeArrayLock
SafeArrayCopy
SafeArrayDestroy
VariantInit
VariantChangeType
SysAllocString
VariantTimeToSystemTime
VarCmp
VariantCopy

xprt5

_XprtCanonicalizeScreenName@8
?TrimLeft@TBstr@XPRT@@QAEAAV12@XZ
?Format@TBstr@XPRT@@QAAXPBGZZ
?Empty@TBstr@XPRT@@QAEXXZ
?Assign@TBstr@XPRT@@QAEAAV12@G@Z
??0TBstr@XPRT@@QAE@GH@Z
?TrimRight@TBstr@XPRT@@QAEAAV12@G@Z
?GetTime64@TTime@XPRT@@QBE_JXZ
?Format@TTime@XPRT@@QBE?AVTBstr@2@PBG@Z
?TrimLeft@TBstr@XPRT@@QAEAAV12@G@Z
?TrimRight@TBstr@XPRT@@QAEAAV12@XZ
_XprtStringToUtf8@16
_XprtUrlEncode@8
?WaitForExit@TThread@XPRT@@QAE_NPAH@Z
?WriteStartElement@TXmlWriter@XPRT@@QAE_NPBD@Z
?WriteStartDocument@TXmlWriter@XPRT@@QAE_NXZ
?WriteEndElement@TXmlWriter@XPRT@@QAE_NXZ
?WriteAttribute@TXmlWriter@XPRT@@QAE_NPBD0@Z
?WriteCharacterData@TXmlWriter@XPRT@@QAE_NPBD@Z
??1TFile@XPRT@@UAE@XZ
?ReverseFind@TBstr@XPRT@@QBEHG@Z
?GetData@TMemStream@XPRT@@QBEPBXXZ
?GetLength@TMemStream@XPRT@@UBE_JXZ
?Open@TFile@XPRT@@QAE_NPBGI_N@Z
?Remove@TBstr@XPRT@@QAEHG@Z
??0TFile@XPRT@@QAE@XZ
?WriteEndDocument@TXmlWriter@XPRT@@QAE_NXZ
??0TMemStream@XPRT@@QAE@XZ
??0TXmlWriter@XPRT@@QAE@AAVTStream@1@@Z
??1TMemStream@XPRT@@UAE@XZ
??1TXmlWriter@XPRT@@UAE@XZ
?GetAt@TBstr@XPRT@@QBEGH@Z
?Set@TTime@XPRT@@QAEXHHHHHH@Z
_XprtAtomicIncrement@4
xprt_strcmp
xprt_memmove
_XprtMemAlloc@4
xprt_memset
_XprtAtomicDecrement@4
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?Find@TBstr@XPRT@@QBEHGH@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
?AppendFileNameToSpec@TFile@XPRT@@SA?AVTBstr@2@PBG0@Z
?DirSpecFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?Insert@TBstr@XPRT@@QAEHHPBG@Z
?Unlock@TSpinLock@XPRT@@QAEXXZ
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
xprt_ucslcpy
xprt_iswdigit
_XprtStringLen@4
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
??0TMessageDigest@XPRT@@QAE@XZ
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
xprt_memcpy
xprt_strlen
_XprtInitialize@8
_XprtUninitialize@0
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
?IsOpen@TFile@XPRT@@QBE_NXZ
?Copy@TBstr@XPRT@@QBEPAGXZ
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
_XprtGetMilliseconds@0
_XprtDestroyThread@8
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?IsEmpty@TBstr@XPRT@@QBE_NXZ
?Find@TBstr@XPRT@@QBEHPBGH@Z
?GetLength@TBstr@XPRT@@QBEHXZ
?Left@TBstr@XPRT@@QBE?AV12@H@Z
?Right@TBstr@XPRT@@QBE?AV12@H@Z
?Append@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
??0TBstr@XPRT@@QAE@PBDPBG@Z
?Detach@TBstr@XPRT@@QAEPAGXZ
??0TBstr@XPRT@@QAE@XZ
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Compare@TBstr@XPRT@@QBEHPBG@Z
??0TBstr@XPRT@@QAE@PBG@Z
??0TBstr@XPRT@@QAE@ABV01@@Z
?Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z
??1TBstr@XPRT@@QAE@XZ
kSystemEncoding
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
?GetString@TBstr@XPRT@@QBEPBGXZ
?AppendFormat@TBstr@XPRT@@QAAXPBGZZ
?MakeLower@TBstr@XPRT@@QAEAAV12@XZ
?TestAccess@TFile@XPRT@@SA_NPBGI@Z
?Add@TPtrArray@XPRT@@QAEHPAX@Z
??1TPtrArray@XPRT@@QAE@XZ
??0TPtrArray@XPRT@@QAE@XZ
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
?CompareNoCase@TBstr@XPRT@@QBEHPBG@Z
??2TXprtAllocated@XPRT@@SAPAXI@Z
??0TThread@XPRT@@QAE@XZ
?Create@TThread@XPRT@@QAE_NP6AHPAX@Z0_N@Z
??3TXprtAllocated@XPRT@@SAXPAX@Z
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Replace@TBstr@XPRT@@QAEHPBG0@Z
?Insert@TBstr@XPRT@@QAEHHG@Z
?Append@TBstr@XPRT@@QAEAAV12@PBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
_XprtCreateThread@8
?Lock@TSpinLock@XPRT@@QAEXXZ
_XprtMemFree@4
?Write@TFile@XPRT@@UAEHPBXH@Z

Exports

Exports

??0CMultiOS@@QAE@ABV0@@Z
??0CMultiOS@@QAE@XZ
??1CMultiOS@@UAE@XZ
??4CMultiOS@@QAEAAV0@ABV0@@Z
??_7CMultiOS@@6B@
?getLastErrorMsg@CMultiOS@@IAEXXZ
?getOSClassPointer@@YAPAVCMultiOS@@XZ
EEGetModuleInterop
checkRegistryForInstalledModem
deleteOSObject
detectNIC
detectUSB
getCurrentOSPlatform
getPortIRQAddress
instantiateOSObject
ipReleaseAndRenew
queryProcessorInfo
shellExecute
showAddRemoveApps
showCommandLine
showComputerCheckup
showDefragDrive
showDeviceConflicts
showInternetOptCntPanel
showNetworkPanel
showTaskManager
uninstallAOLAdapter

Sections

.text
Size: 548KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10920d006b426dc3dbb89f60493b01e2

Headers

File Characteristics

PDB Paths

Imports

shlwapi

winmm

version

iphlpapi

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

xprt5

Exports

Exports

Sections

.text Size: 548KB - Virtual size: 544KB

.rdata Size: 100KB - Virtual size: 98KB

.data Size: 48KB - Virtual size: 79KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 80KB - Virtual size: 76KB

.text
Size: 548KB - Virtual size: 544KB

.rdata
Size: 100KB - Virtual size: 98KB

.data
Size: 48KB - Virtual size: 79KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 80KB - Virtual size: 76KB