6a9671402a0b84c0843824a5b0865b70_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

6a9671402a0b84c0843824a5b0865b70_NEIKI
Size

264KB
MD5

6a9671402a0b84c0843824a5b0865b70
SHA1

558e00112259a92178947ce80084ad339ff3b157
SHA256

97e3dc2bd3b27cdbd7ae533f2c5043d22281df8017db2714bc046273d50f8bfb
SHA512

a501337360b3b60aafd283e7d5322cf3040ea72ef4cbf8e79acd23390728658dd26e42637b6ecc27583ac29c84d1a275924841ea668506b037387d926f1bd119
SSDEEP

3072:W8vXtvrzGXtwYG1NHisc7Tka4OXZHswWgSFWu1XJWRzQDTxdQN1dO47SC9m4NmFG:fXtfGXaYG1c9SOVf/TJzQXxcRIolo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a9671402a0b84c0843824a5b0865b70_NEIKI

Files

6a9671402a0b84c0843824a5b0865b70_NEIKI
.dll regsvr32 windows:4 windows x86 arch:x86

a827e8c7e69484bf9d67d571f75ca20c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

ShellExecuteExA
SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHGetMalloc
SHGetSpecialFolderLocation

kernel32

CreateDirectoryA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
MoveFileExA
GetDriveTypeA
DeleteFileA
SetFileAttributesA
FreeLibrary
GetProcAddress
CloseHandle
GetCurrentProcess
TerminateProcess
OpenProcess
CreateProcessA
WideCharToMultiByte
lstrlenW
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryA
WritePrivateProfileStringA
DeviceIoControl
CreateFileA
IsBadReadPtr
GetTickCount
GetLastError
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetTempFileNameA
lstrlenA
Sleep
CreateThread
GetWindowsDirectoryA
LockResource
SizeofResource
LoadResource
FindResourceA
WriteFile
GetPrivateProfileStringA
GetPrivateProfileIntA
ReadFile
IsBadWritePtr
FindNextFileA
MultiByteToWideChar
lstrcmpiA
MoveFileA
GetACP
CreateFileMappingA
GetFileSize
FlushFileBuffers
InterlockedDecrement
LocalFree
LocalAlloc
SearchPathA
GetVersionExA
GetFileAttributesA
FindClose
FindFirstFileA
GetShortPathNameA
GetLongPathNameA
GetCurrentDirectoryA
GetModuleFileNameA
VirtualQuery
ExpandEnvironmentStringsA
GetTempPathA
GetSystemDirectoryA
WaitForSingleObject

user32

EnumChildWindows
SendMessageA
EnumWindows
DialogBoxParamA
EndDialog
SendDlgItemMessageA
GetDlgItem
PostMessageA
LoadStringA
GetTopWindow
GetWindowTextA
GetDesktopWindow
MessageBoxA
wsprintfA
SendMessageTimeoutA

advapi32

ChangeServiceConfigA
RegSetValueExA
RegEnumKeyExA
GetTokenInformation
LookupAccountSidA
RegEnumKeyA
RegCreateKeyExA
RegQueryValueExA
QueryServiceStatus
OpenSCManagerA
OpenServiceA
ControlService
StartServiceA
CloseServiceHandle
RegOpenKeyExA
RegOpenKeyA
RegEnumValueA
RegDeleteValueA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

ole32

CoUninitialize
OleRun
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
VariantInit
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SysAllocString

shlwapi

SHDeleteValueA
SHDeleteKeyA
SHEnumValueA
SHEnumKeyExA
SHSetValueA
SHGetValueA

msvcrt

ftell
fseek
_vsnprintf
_wcsicmp
time
isprint
strftime
localtime
_mbsstr
fwrite
_except_handler3
_local_unwind2
??1type_info@@UAE@XZ
__dllonexit
_initterm
_adjust_fdiv
_onexit
?terminate@@YAXXZ
_strnicmp
_strlwr
_CxxThrowException
fprintf
_lseek
_tell
_open
_read
_close
_stricmp
strcpy
realloc
_mbsicmp
_mbslwr
_strdup
fgets
atoi
memcmp
vsprintf
fputs
strcmp
memmove
strncpy
_snprintf
memset
strrchr
strchr
strlen
strstr
strncat
strcat
_mbsnbcpy
_mbschr
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
_mbsrchr
free
fclose
fread
malloc
_filelength
fopen
memcpy
_mbsnbicmp
_mbscmp

ws2_32

WSCDeinstallProvider
WSCEnumProtocols
WSCGetProviderPath

iphlpapi

GetAdaptersInfo

comctl32

ord17

Exports

Exports

CheckIntegrity
CloseAllMessenger
DllRegisterServer
Events
ExecFunc
Invoke
Property
Rundll32

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a827e8c7e69484bf9d67d571f75ca20c

Headers

File Characteristics

Imports

version

shell32

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcrt

ws2_32

iphlpapi

comctl32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 112KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 40KB - Virtual size: 50KB

.rsrc Size: 76KB - Virtual size: 75KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 116KB - Virtual size: 112KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 40KB - Virtual size: 50KB

.rsrc
Size: 76KB - Virtual size: 75KB

.reloc
Size: 12KB - Virtual size: 9KB