6c788a7bc8573c351c8da8b2b9d5a310_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

6c788a7bc8573c351c8da8b2b9d5a310_NEIKI
Size

284KB
MD5

6c788a7bc8573c351c8da8b2b9d5a310
SHA1

06eaf4df3a8902aa1eb882f3c0377838cd7aa96f
SHA256

c78bfb42a75e22d7c6b17d9b6fab93f0d277e7edcbaad5956bb4c4c8e4637c75
SHA512

7ce950dfdb00e8dd2da4ded83c5b9a015b488dd39822b0a87f7f7896ff409ea460b0b4ee2232b1473d33456fe54812e76c26f6028b20b4f76505e5d085c1cd01
SSDEEP

6144:px91yXmVuMR4sXeShnXXCRM60iaf6sk2XhMs2Cfh:TyXmUsX3JXX5f6Qhl5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c788a7bc8573c351c8da8b2b9d5a310_NEIKI

Files

6c788a7bc8573c351c8da8b2b9d5a310_NEIKI
.exe windows:4 windows x86 arch:x86

ce0c6103604520141eaea246c42bba05

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ADE\aime_050829\oracle\rdbms\bin\dgmgrl.pdb

Imports

oranls10

lxlterm
lxhLangEnv
lxinitc
lxlinit
lxzinit
lxgucs2utf
lxgt2u
lxsCntByte
lxmnsg
lxmopen
lxgu2t
lxhci2h
lxhcsn
lxgutf2ucs

oracore10

SlfFclose
ss_mem_alc
lpmterm
sltsmna
sltsmnr
lstprintf
SlfVfprintf
sltsttr
sltstkill
sltstcl
sltstjn
sltstcr
sltspcinit
sltsthndinit
sltstidinit
sltstiddestroy
sltsthnddestroy
sltspcdestroy
sltspcwait
sltspctimewait
sltspcsignal
SlfFsync
SlfLseekn
SlfRead
SlfWrite
sltspin
lstclo
lcvb24
sltster
sltsmxd
sltsmxi
sltsini
SlfFopen
lpminit
SlfFread
SlfFflush
lstmclo
SlfClose
SlfOpen
SlfFgtc
ss_mem_fre
SlfFprintf

oraxml10

getAttrValue
getAttributeIndex
numAttributes
xmlterm
xmlparsebuf
xmlinitenc
getAttrName

oracommon10

slkmnm
vsnpri
slsprom
vsnnum

oraclient10

OCIDefineByPos
OCIBindByPos
OCIStmtExecute
OCIStmtPrepare
OCIDateTimeToText
OCIDateTimeSysTimeStamp
upisto
upista8
kpusvc2hst
OCIMessageClose
OCIMessageOpen
OCIErrorGet
upigml
OCIServerDetach
OCIEnvCreate
OCISessionBegin
OCIAttrSet
OCIServerAttach
OCIHandleFree
OCIDescriptorFree
OCIMessageGet
OCISessionEnd
OCIDescriptorAlloc
OCIHandleAlloc
OCITerminate

oravsn10

vsnstr

orauts

Sleep
GetModuleHandleA

msvcr71

__getmainargs
_amsg_exit
__p___initenv
_cexit
_XcptFilter
_exit
_c_exit
memset
exit
printf
strtoul
strstr
strncmp
time
difftime
sprintf
toupper
strncat
strchr
strncpy
vsprintf
tolower
isspace
_locking
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_initterm
__dllonexit
_onexit
_controlfp

ws2_32

gethostname

Sections

.text
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 4KB - Virtual size: 668B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ce0c6103604520141eaea246c42bba05

Headers

File Characteristics

PDB Paths

Imports

oranls10

oracore10

oraxml10

oracommon10

oraclient10

oravsn10

orauts

msvcr71

ws2_32

Sections

.text Size: 220KB - Virtual size: 217KB

.text1 Size: 4KB - Virtual size: 668B

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 4KB - Virtual size: 41KB

.text
Size: 220KB - Virtual size: 217KB

.text1
Size: 4KB - Virtual size: 668B

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 4KB - Virtual size: 41KB