699ca8a7d64fc87c49d5b519b6173da0_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

699ca8a7d64fc87c49d5b519b6173da0_NEIKI
Size

238KB
MD5

699ca8a7d64fc87c49d5b519b6173da0
SHA1

73429b0a000b698448cb69fbbe0a1e463a86147a
SHA256

6021e4720fd0d1cb3cbd2e46f6bade8674fcd03a660880dfde1902076dc1bf6a
SHA512

efa95c351a7b8e91493109705942c1c1c7ffaf9307fbbbf123f28c4189bfafd22bcd2b6ba0af957d450d037696d4822e9922560072369cd5e2bfb425629057f4
SSDEEP

6144:77zb5ILb966CxVp6CeLqKUVTBqR5cOYYkpxaa9:77zIb966CxVp6CeLqjVTQR6wkqa9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
699ca8a7d64fc87c49d5b519b6173da0_NEIKI

Files

699ca8a7d64fc87c49d5b519b6173da0_NEIKI
.exe windows:4 windows x86 arch:x86

c62b599f60f37ac4a5d19612dc81d0e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateServiceA
CryptAcquireContextA
CryptGenRandom
DeleteService
FreeSid
InitializeSecurityDescriptor
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegisterServiceCtrlHandlerA
SetEntriesInAclA
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

kernel32

CloseHandle
CreateFileA
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FormatMessageW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
MoveFileExA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
lstrcmpiA

msvcrt

__argv
__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_findclose
_findfirst
_fmode
_fullpath
_initterm
_iob
_lock
_mktemp
_onexit
_stati64
_stricmp
_strnicmp
time
localtime
ctime
div
exit
fclose
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fread
free
fscanf
fseek
fsetpos
ftell
fwrite
getenv
isalnum
malloc
memcpy
memmove
memset
printf
puts
rand
realloc
signal
strchr
strcmp
strcpy
strerror
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtol
_unlock
abort
atoi
ungetc
vfprintf
wcstombs
atol
calloc
_vsnprintf
_findnext
_unlink
_strdup
_getpid
_close
_chmod

secur32

AcquireCredentialsHandleA
ApplyControlToken
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
InitializeSecurityContextA
QueryContextAttributesA

shlwapi

PathFindFileNameA

user32

GetSystemMetrics

ws2_32

WSAAddressToStringA
freeaddrinfo
getaddrinfo

wsock32

WSAStartup
accept
bind
closesocket
connect
gethostname
listen
recv
send
setsockopt
socket

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 1024B - Virtual size: 670B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c62b599f60f37ac4a5d19612dc81d0e5

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

secur32

shlwapi

user32

ws2_32

wsock32

Sections

.text Size: 97KB - Virtual size: 96KB

.data Size: 512B - Virtual size: 80B

.rdata Size: 30KB - Virtual size: 30KB

.bss Size: - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

/4 Size: 512B - Virtual size: 88B

/19 Size: 35KB - Virtual size: 35KB

/31 Size: 1KB - Virtual size: 1KB

/45 Size: 1KB - Virtual size: 1KB

/57 Size: 512B - Virtual size: 248B

/70 Size: 1024B - Virtual size: 926B

/81 Size: 1024B - Virtual size: 670B

/92 Size: 512B - Virtual size: 120B

.text
Size: 97KB - Virtual size: 96KB

.data
Size: 512B - Virtual size: 80B

.rdata
Size: 30KB - Virtual size: 30KB

.bss
Size: - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

/4
Size: 512B - Virtual size: 88B

/19
Size: 35KB - Virtual size: 35KB

/31
Size: 1KB - Virtual size: 1KB

/45
Size: 1KB - Virtual size: 1KB

/57
Size: 512B - Virtual size: 248B

/70
Size: 1024B - Virtual size: 926B

/81
Size: 1024B - Virtual size: 670B

/92
Size: 512B - Virtual size: 120B