2e68f9a6608b9f38b3bc50e878cebb00_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

2e68f9a6608b9f38b3bc50e878cebb00_NEIKI
Size

120KB
MD5

2e68f9a6608b9f38b3bc50e878cebb00
SHA1

37101ccc4772bfa3e6a13c9f72b01e07d825033e
SHA256

00e31f7d64164b39662c00a1cd58b9dab1a7c769eadb5b261bd0fcdbf2757f99
SHA512

6df7a74be9e69e7e12b2199cd0a077a4cccff339c3641181aa5c24b07ed04a5a8fafab423414e98ee50bcc4c6ef00de62abd41a8c52c04e3f86af5813e77708d
SSDEEP

1536:dJu1Ov+4dVerAUJo4UxR5fz0E0ae6f1crccx8aOJ5F82uD8zVyKQahuLgk+xFS:Pu1OIAsxmgVae6t0NNoc0zVyKQaC+x8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e68f9a6608b9f38b3bc50e878cebb00_NEIKI

Files

2e68f9a6608b9f38b3bc50e878cebb00_NEIKI
.dll windows:4 windows x86 arch:x86

d13eb34293c4466b7d7d5064cc9cff58

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
WritePrivateProfileStringA
GetVersionExA
ExitProcess
Process32Next
TerminateProcess
OpenProcess
Process32First
TerminateThread
ResumeThread
GetTickCount
LocalSize
LocalAlloc
WinExec
GetComputerNameA
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
SetThreadPriority
HeapAlloc
GetProcessHeap
VirtualProtect
HeapFree
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemInfo
lstrcmpiA
LoadLibraryW
SetFileAttributesA
SetPriorityClass
CreateFileW
MultiByteToWideChar
DuplicateHandle
MoveFileA
CreateMutexA
CreateToolhelp32Snapshot
GetCurrentThreadId
GetFileAttributesA
lstrcpyA
ExpandEnvironmentStringsA
CreateProcessA
lstrcatA
GetLocalTime
GetSystemDirectoryA
GetFileSize
SetFilePointer
DeleteFileA
lstrlenA
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
GlobalAlloc
GetLastError
LocalFree
SetLastError
CreateFileA
DeviceIoControl
WriteFile
CloseHandle
Sleep
GetVersion
VirtualFree
CopyFileA
GetCurrentThread
GetCurrentProcess
FindFirstFileA
FindNextFileA
GlobalLock
GlobalUnlock
VirtualAlloc
ReadFile

user32

DispatchMessageA
PeekMessageA
GetSystemMetrics
EnumWindows
IsWindowVisible
SendMessageA
MsgWaitForMultipleObjects
RegisterClassA
LoadCursorA
LoadIconA
GetMessageA
PostThreadMessageA
GetInputState
GetLastInputInfo
CloseClipboard
GetClipboardData
OpenClipboard
ExitWindowsEx
SetClipboardData
EmptyClipboard
wsprintfA
MessageBoxA
GetForegroundWindow
GetAsyncKeyState
GetKeyState
GetWindowTextA

gdi32

GetStockObject

comdlg32

GetFileTitleA

advapi32

DeleteService
CloseEventLog
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
CloseServiceHandle
ControlService
OpenServiceA
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
CreateServiceA
QueryServiceStatus
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
SetServiceStatus
RegisterServiceCtrlHandlerA
ImpersonateLoggedOnUser
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegOpenKeyExA
ClearEventLogA

shell32

SHChangeNotify
ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoCreateGuid
CoInitialize
CoUninitialize

wininet

InternetCheckConnectionA
DeleteUrlCacheEntry

ws2_32

WSAStartup
WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
recv
select
closesocket
send
gethostname
getsockname

msvcrt

_strcmpi
_strupr
strcat
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
fprintf
_except_handler3
_beginthreadex
_access
fread
fwrite
fseek
ftell
_snprintf
strcspn
strncpy
atoi
time
srand
strncmp
sscanf
strcmp
free
realloc
sprintf
malloc
fopen
fputs
fclose
fgets
printf
rand
strrchr
strstr
_CxxThrowException
memcmp
??2@YAPAXI@Z
memset
exit
strcpy
_stricmp
strlen
__CxxFrameHandler
_ftol
memcpy
??3@YAXPAX@Z

mfc42

ord1979
ord5442
ord353
ord665

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

urlmon

URLDownloadToFileA

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Exports

Exports

init

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d13eb34293c4466b7d7d5064cc9cff58

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

wininet

ws2_32

msvcrt

mfc42

setupapi

urlmon

wtsapi32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 24KB - Virtual size: 23KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 24KB - Virtual size: 23KB

.reloc
Size: 8KB - Virtual size: 5KB