363a9fc1114d27327610eb96f37f82e0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

363a9fc1114d27327610eb96f37f82e0_NEIKI
Size

3.9MB
MD5

363a9fc1114d27327610eb96f37f82e0
SHA1

86015f176d6976a706ddf6d3aa373cee3be36059
SHA256

63b07d02802ae407b58feb4530bd0e53382c9635ec7297f7988c66dd4b76f5f5
SHA512

71a6d70969cdaa3852212a0dde9e26a124d7b5f418e08415a6b03899a68329bfaff63f0b9a3cfa6fc6cc98bb579bcf1904e1257c5843102f148772c5a8b22d65
SSDEEP

49152:rD5tCw12CmATW4ocwEPLamqjqrAv4RkXlkRn5kdWY9nzp9em/8f5JRoYn9mrMT:dTWRuPFNkXSRn5kdBL4K8f57oYP

Score

1^/10

Malware Config

Signatures

Files

363a9fc1114d27327610eb96f37f82e0_NEIKI
.exe windows:5 windows x86 arch:x86

7add2a6a6bb576d73cc218d7e0528349

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05/01/2022, 09:58

Not After

06/01/2024, 09:58

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dd:18:d5:57:87:a1:82:f5:be:cf:bc:94:26:67:6a:a7:2e:45:1b:20:17:51:29:c9:8a:7b:cc:10:29:da:ae:60
Signer

Actual PE Digest

dd:18:d5:57:87:a1:82:f5:be:cf:bc:94:26:67:6a:a7:2e:45:1b:20:17:51:29:c9:8a:7b:cc:10:29:da:ae:60

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\751562\out\Release\Uninstall.pdb

Imports

kernel32

GetSystemTimeAsFileTime
CreateEventA
GetTempFileNameW
GetTempPathW
RaiseException
FlushInstructionCache
FileTimeToSystemTime
CompareFileTime
CreateRemoteThread
lstrcmpiA
lstrlenA
GetLocalTime
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeConsole
ReleaseSemaphore
CreateDirectoryW
GetTimeZoneInformation
FileTimeToLocalFileTime
GetCommandLineW
OpenEventW
GetFullPathNameW
CopyFileW
MoveFileW
CreateFileA
GetTempPathA
GetStartupInfoW
GlobalReAlloc
ExitProcess
LockFileEx
UnlockFileEx
GetProcessTimes
CreateSemaphoreW
GetCurrentDirectoryW
GetFileTime
SetErrorMode
GetEnvironmentVariableW
GetModuleHandleW
DuplicateHandle
CreateSemaphoreA
CancelIo
CreatePipe
DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
lstrcmpA
CreateWaitableTimerA
SetWaitableTimer
OpenEventA
SetEnvironmentVariableA
CompareStringW
CompareStringA
InterlockedIncrement
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
GetOverlappedResult
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
SetConsoleCtrlHandler
GetStringTypeA
FatalAppExitA
HeapCreate
GetModuleFileNameA
GetStdHandle
GetCurrentThread
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
LCMapStringW
LCMapStringA
ExitThread
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
TlsFree
TlsAlloc
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
GetVolumeInformationW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetFileAttributesExW
GetSystemTime
SetStdHandle
CreateThread
SystemTimeToFileTime
SetFileTime
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetLastError
LockFile
UnlockFile
CloseHandle
lstrlenW
WaitForSingleObject
SetEvent
ResumeThread
MultiByteToWideChar
FindClose
FindNextFileW
FindFirstFileW
ReadDirectoryChangesW
GetBinaryTypeW
CreateProcessW
GetWindowsDirectoryW
GetPrivateProfileStringW
GetModuleFileNameW
CreateEventW
WaitForMultipleObjects
GetTickCount
GetComputerNameW
lstrcmpiW
GetProcessHeap
HeapAlloc
HeapFree
WritePrivateProfileStringW
GetVersion
GetPrivateProfileIntW
InterlockedDecrement
TerminateProcess
OpenProcess
GetShortPathNameW
GetExitCodeProcess
ExpandEnvironmentStringsW
GetLogicalDriveStringsW
QueryDosDeviceW
InterlockedCompareExchange
GetCurrentThreadId
SetLastError
WideCharToMultiByte
GetModuleHandleExW
GetModuleHandleA
FreeEnvironmentStringsW
GetSystemInfo
GetExitCodeThread
LocalAlloc
LocalFree
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
WTSGetActiveConsoleSessionId
CreateMutexW
ReleaseMutex
OpenMutexW
GetSystemWindowsDirectoryW
GetDiskFreeSpaceExW
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFileEx
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FreeResource
InterlockedExchange
GetCurrentProcess
GetSystemPowerStatus
GlobalMemoryStatusEx
GlobalMemoryStatus
Sleep
ResetEvent
LoadLibraryExW
LoadLibraryW
ProcessIdToSessionId
LoadLibraryA
FreeLibrary
GetSystemDirectoryW
GetDriveTypeW
CreateFileW
DeviceIoControl
DeleteFileW
GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
MoveFileExW
TerminateThread
GetProcAddress

user32

ExitWindowsEx
IsWindowVisible
GetWindowThreadProcessId
EnumWindows
LoadStringW
PostMessageW
IsWindow
SetWindowLongW
SetTimer
FillRect
IntersectRect
CharNextW
GetSystemMetrics
GetClassLongW
SetWindowTextW
MonitorFromWindow
GetWindow
SetRect
SetCursor
DrawTextW
KillTimer
GetClassInfoExW
LoadCursorW
UnregisterClassA
DestroyWindow
DefWindowProcW
RegisterClassExW
CreateWindowExW
SendMessageTimeoutW
FindWindowW
GetWindowLongW
CallWindowProcW
ShowWindow
GetWindowPlacement
EnableWindow
SetWindowPos
SendMessageW
GetParent
SetFocus
IsWindowEnabled
SetRectEmpty
RegisterWindowMessageW
CopyRect
GetClientRect
InvalidateRect
IsDialogMessageW
ReleaseDC
GetDC
PostQuitMessage
UpdateLayeredWindow
GetWindowRect
BeginPaint
EndPaint
WindowFromDC
LoadImageW
EnumDisplaySettingsW
GetMonitorInfoW
MonitorFromPoint
SetActiveWindow
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
AllowSetForegroundWindow
keybd_event
GetKeyboardState
MonitorFromRect
UpdateWindow
SetWindowRgn
WaitForInputIdle
LoadIconW
MessageBoxW
GetActiveWindow
WindowFromPoint
GetDesktopWindow
OffsetRect
SystemParametersInfoW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetWindowDC
GetClipboardData
DialogBoxIndirectParamW
DispatchMessageW
EnumDisplayMonitors
wsprintfW
MoveWindow
DrawIconEx
UnionRect
GetDlgItem
SetCapture
GetCapture
ReleaseCapture
PtInRect
ScreenToClient
GetCursorPos
MapWindowPoints
TranslateMessage
GetMessageW
EndDialog
RedrawWindow
AdjustWindowRectEx
GetWindowTextW
GetWindowTextLengthW
PostThreadMessageW
PeekMessageW

gdi32

GetTextColor
SetTextColor
GetTextExtentPoint32W
IntersectClipRect
SetViewportOrgEx
OffsetViewportOrgEx
ExcludeClipRect
CreatePolygonRgn
BitBlt
GetClipBox
CreateRectRgnIndirect
SelectClipRgn
SetBkMode
DeleteDC
GetStockObject
CreateSolidBrush
CreateFontW
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
SetStretchBltMode
StretchBlt
DeleteObject
GetDeviceCaps
GetObjectW
CreateFontIndirectW
CreateRectRgn
CombineRgn
CreateRoundRectRgn
CreateDIBSection
EnumFontFamiliesExW

advapi32

DuplicateTokenEx
InitializeSecurityDescriptor
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
CryptGenRandom
RegFlushKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
ChangeServiceConfig2W
CreateWellKnownSid
CheckTokenMembership
DuplicateToken
IsValidSid
RegQueryInfoKeyW
CreateServiceW
DeleteService
ChangeServiceConfigW
ControlService
QueryServiceStatusEx
RegCreateKeyA
StartServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceConfig2W
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
RegEnumValueW
RegNotifyChangeKeyValue
ConvertSidToStringSidW
LookupAccountSidW
RegUnLoadKeyW
RegLoadKeyW
RegDeleteKeyW
RegDeleteValueW
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
AllocateAndInitializeSid
EqualSid
CryptImportKey
RegCreateKeyW
GetSidSubAuthority
SetSecurityDescriptorDacl
RegOpenKeyW
OpenEventLogW
ReadEventLogW
CloseEventLog
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
FreeSid
CryptAcquireContextW
CryptGetKeyParam
CryptDecrypt
CryptEncrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
CommandLineToArgvW
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetFileInfoW
SHGetFolderPathW
ExtractIconExW
ShellExecuteExW
SHGetDataFromIDListW
SHBindToParent
SHParseDisplayName
ord165
ord680

ole32

CoSetProxyBlanket
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
CoInitializeSecurity
CoTaskMemFree
CoInitialize
CoUninitialize
CLSIDFromProgID
CoCreateInstance
CoInitializeEx

oleaut32

CreateErrorInfo
SysAllocString
SysFreeString
VariantInit
VariantClear
SysStringLen
SysAllocStringByteLen
VarUI4FromStr
SetErrorInfo
GetErrorInfo
VariantChangeType

shlwapi

StrToIntExW
PathAddExtensionW
PathCombineA
PathAppendA
SHDeleteEmptyKeyW
ColorRGBToHLS
ColorHLSToRGB
ord437
PathStripToRootW
PathCombineW
StrStrIW
wnsprintfW
SHGetValueW
SHSetValueW
SHDeleteValueW
PathFileExistsW
PathStripPathW
StrCmpIW
PathFindExtensionW
SHGetValueA
StrCatW
StrCpyW
StrCmpNIW
SHDeleteKeyW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
PathRemoveExtensionW
AssocQueryStringW
StrChrW
StrCmpNW
PathAddBackslashW
PathUnquoteSpacesW
StrStrIA
SHSetValueA
SHDeleteValueA
PathAppendW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules

wininet

InternetOpenUrlW
InternetSetOptionW
InternetReadFile
InternetGetConnectedState
InternetCloseHandle
InternetOpenW
DeleteUrlCacheEntryW
InternetQueryOptionW
HttpQueryInfoW

gdiplus

GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreatePathGradientFromPath
GdipAddPathPie
GdipAddPathLine2
GdipCloneBrush
GdipCreateSolidFill
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipSaveImageToFile
GdipGetPathWorldBoundsI
GdipDeleteGraphics
GdipSetPathGradientGammaCorrection
GdipSetPathGradientCenterPoint
GdipSetPathGradientSurroundColorsWithCount
GdipDrawImageRectI
GdipSetPathGradientCenterColor
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen2
GdipDeleteBrush
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateFromHDC
GdipCreatePen1
GdipDrawLineI
GdiplusStartup
GdiplusShutdown
GdipDrawImagePointRectI
GdipGetPathGradientPointCount
GdipDrawImageRectRectI
GdipAddPathLine
GdipAddPathArc

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

powrprof

GetPwrCapabilities

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
GetUserProfileDirectoryW

ws2_32

htons
htonl
ntohl
ntohs
select

rpcrt4

RpcAsyncInitializeHandle
NdrClientCall2
RpcStringBindingComposeW
NdrAsyncClientCall
RpcBindingFree
RpcStringFreeW
RpcAsyncCompleteCall
RpcBindingFromStringBindingW

iphlpapi

GetAdaptersInfo

crypt32

CryptProtectData
CryptUnprotectData
CertGetNameStringW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 842KB - Virtual size: 842KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7add2a6a6bb576d73cc218d7e0528349

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0bCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

dd:18:d5:57:87:a1:82:f5:be:cf:bc:94:26:67:6a:a7:2e:45:1b:20:17:51:29:c9:8a:7b:cc:10:29:da:ae:60Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

psapi

wininet

gdiplus

version

powrprof

wintrust

wtsapi32

userenv

ws2_32

rpcrt4

iphlpapi

crypt32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 424KB - Virtual size: 423KB

.data Size: 46KB - Virtual size: 73KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 842KB - Virtual size: 842KB

.reloc Size: 126KB - Virtual size: 125KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

dd:18:d5:57:87:a1:82:f5:be:cf:bc:94:26:67:6a:a7:2e:45:1b:20:17:51:29:c9:8a:7b:cc:10:29:da:ae:60
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 424KB - Virtual size: 423KB

.data
Size: 46KB - Virtual size: 73KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 842KB - Virtual size: 842KB

.reloc
Size: 126KB - Virtual size: 125KB