1fa752f568c944fcbd4e2a6fab7e4120_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

1fa752f568c944fcbd4e2a6fab7e4120_NEIKI
Size

3.8MB
MD5

1fa752f568c944fcbd4e2a6fab7e4120
SHA1

cb20a5656881fc6f66edebdb637431602d91519e
SHA256

449827f0a0efc6d89a6e9dee846ba336faebe285c7fc0cf22eb3d8d851123056
SHA512

1ebb597ec73844cc2bfea3fa0d89ea2f83d1ae420f47a644925ce70b055a938e0406ca21b75da85104049de52568e1c86cbead7017dcc380776293b1f78d20f3
SSDEEP

49152:7pgfwjT0+DF92dKvyl6UTfZW48ixJH+ap+WqFvsyw2dHi1HyeYu/wP0cQvDYeKfM:7Ge7O6UjZW48+J/pRovCJY6xO91RT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1fa752f568c944fcbd4e2a6fab7e4120_NEIKI

Files

1fa752f568c944fcbd4e2a6fab7e4120_NEIKI
.exe windows:4 windows x86 arch:x86

7cd9b1bc3472188b643c981c260a0ea0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\MDM\Zinc3\WrapperPC\Release\WrapperPC.pdb

Imports

ddraw

DirectDrawCreate

comctl32

ord17

winmm

timeGetTime
timeBeginPeriod
timeGetDevCaps
timeKillEvent
timeEndPeriod
timeSetEvent

kernel32

GetProcAddress
LoadLibraryW
SizeofResource
LockResource
LoadResource
FindResourceW
LoadLibraryA
GetModuleHandleA
GetCurrentProcess
VirtualProtect
lstrcmpiA
lstrlenA
GetTickCount
FlushInstructionCache
VirtualAlloc
CreateFileMappingA
CreateFileA
VirtualFree
GetCurrentDirectoryA
lstrcmpA
GetUserDefaultLCID
GetSystemDefaultLCID
GetThreadLocale
lstrcpyA
lstrcpyW
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetCurrentDirectoryA
GetModuleFileNameA
IsBadCodePtr
IsBadReadPtr
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetSystemTime
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
IsBadWritePtr
HeapCreate
HeapDestroy
GetDriveTypeA
VirtualQuery
GetSystemInfo
HeapSize
TerminateProcess
QueryPerformanceCounter
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetCPInfo
HeapReAlloc
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapFree
GetVersionExA
GetStartupInfoW
HeapAlloc
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
ExitProcess
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
GetTempPathW
GetCurrentProcessId
GetCurrentThreadId
CreateDirectoryW
FreeLibrary
MulDiv
GetEnvironmentVariableW
GetCommandLineW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringA
OutputDebugStringW
LocalAlloc
LocalFree
ReadFile
CreateEventW
CreateThread
GlobalReAlloc
GetLastError
SetEvent
WaitForSingleObject
GetExitCodeThread
TerminateThread
CreateFileW
GetFileSize
MapViewOfFile
UnmapViewOfFile
CloseHandle
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GetACP
GetOEMCP
SetStdHandle
SetEndOfFile
CompareStringA
CompareStringW
SetFilePointer

user32

GetWindowLongA
FillRect
CreateAcceleratorTableA
GetParent
LookupIconIdFromDirectory
CreateIconFromResource
ReleaseDC
GetDC
UnregisterClassA
RegisterClassExA
InvalidateRgn
DefWindowProcA
LoadMenuIndirectA
SetWindowsHookExA
RegisterWindowMessageA
SendMessageA
SetTimer
KillTimer
DialogBoxParamW
GetDlgItem
EndDialog
GetDesktopWindow
GetUpdateRect
DrawTextA
GetWindow
IsChild
GetFocus
DestroyAcceleratorTable
CallWindowProcA
SetWindowLongA
UnhookWindowsHookEx
wsprintfA
CallNextHookEx
MessageBoxW
SetDlgItemTextW
SetWindowsHookExW
ClientToScreen
SetForegroundWindow
TrackPopupMenu
PostMessageW
LoadImageW
PeekMessageW
LoadIconW
LoadCursorW
RegisterClassExW
CopyRect
GetMenu
BeginPaint
EndPaint
CheckMenuItem
EnableMenuItem
DefWindowProcW
AppendMenuW
CreatePopupMenu
InsertMenuW
DeleteMenu
DrawMenuBar
DestroyWindow
GetCursorPos
SetCapture
ReleaseCapture
CallWindowProcW
SystemParametersInfoW
GetWindowTextW
GetMessageW
TranslateMessage
DispatchMessageW
GetMenuStringW
InvalidateRect
SetWindowTextW
GetSubMenu
AdjustWindowRectEx
UpdateWindow
GetClientRect
CreateMenu
SetMenu
RedrawWindow
IsWindowVisible
CreateWindowExW
MoveWindow
SetFocus
SetWindowRgn
SetRect
GetWindowLongW
SetWindowLongW
SetLayeredWindowAttributes
SendMessageW
GetWindowRect
GetSystemMetrics
ShowWindow
SetWindowPos

gdi32

EndDoc
EndPage
TextOutW
SetViewportOrgEx
StartDocW
GetTextMetricsW
CreateSolidBrush
GetStockObject
GetDeviceCaps
CreateDIBitmap
StretchBlt
CreateDCA
GetRgnBox
SelectClipRgn
CreateRectRgnIndirect
Rectangle
CreateDIBSection
ExtCreateRegion
CombineRgn
GetObjectW
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetMapMode

comdlg32

PageSetupDlgW
PrintDlgW

advapi32

RegCreateKeyExW
RegFlushKey
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHFileOperationW
Shell_NotifyIconW
CommandLineToArgvW
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoCreateGuid
OleLockRunning
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
SysStringLen

Sections

.text
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cd9b1bc3472188b643c981c260a0ea0

Headers

File Characteristics

PDB Paths

Imports

ddraw

comctl32

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 500KB - Virtual size: 500KB

.rdata Size: 112KB - Virtual size: 112KB

.data Size: 40KB - Virtual size: 52KB

.rsrc Size: 3.1MB - Virtual size: 3.1MB

.text
Size: 500KB - Virtual size: 500KB

.rdata
Size: 112KB - Virtual size: 112KB

.data
Size: 40KB - Virtual size: 52KB

.rsrc
Size: 3.1MB - Virtual size: 3.1MB