8e060ad6acf2699cb0e97c6978ad69d0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

8e060ad6acf2699cb0e97c6978ad69d0_NEIKI
Size

226KB
MD5

8e060ad6acf2699cb0e97c6978ad69d0
SHA1

a75f1828cd5669d919159f8179d91c7b22099a11
SHA256

24f2939dde1840e982bf785e4cc7b761d1a7dfca2351772e38eca7fedba440ea
SHA512

5fc22334d966869aab219385968cb22894837a6412a1fc5e21ce796923d52b3b9ef40e651927aecddf0a8838f76d6bbdc001aea5d39946c6e68c47ec96771734
SSDEEP

3072:f9Qf/6HZN0+4C82GYpX1htfUEhVfG2EzWRnJqnnzm9+cOavozpJSlriTBfVZ8u81:e365N00kYZRUEnomtOabiTBdZofIdWF

Score

1^/10

Malware Config

Signatures

Files

8e060ad6acf2699cb0e97c6978ad69d0_NEIKI
.dll windows:4 windows x86 arch:x86

d29584dc10146df48bd24bc00131b059

Code Sign

19:9d:f8:72
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=Time-Stamping Authority WoSign,O=WoSign eCommerce Services Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:d9:c9:2a:76:5e:cd
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

26/12/2012, 05:33

Not After

29/12/2014, 13:59

Subject

CN=金华长风信息技术有限公司,O=金华长风信息技术有限公司,L=金华市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c156d696e676d696e674031376775616775612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:92:d8:c5:6d:6d:0c:df:2c:7a:06:c2:c7:24:a4:d1:ba:20:d2:b7
Signer

Actual PE Digest

56:92:d8:c5:6d:6d:0c:df:2c:7a:06:c2:c7:24:a4:d1:ba:20:d2:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\工作代码\GuaGuaEX\ChatUI\branchs\20121220_tr_r3943_ChatUI_NewSkin\WebHallUI\Release\WebHallUI.pdb

Imports

mfc71u

ord1894
ord4123
ord1955
ord1472
ord265
ord5966
ord2261
ord5280
ord5283
ord5657
ord992
ord5101
ord2798
ord1146
ord3927
ord5178
ord4884
ord2011
ord1662
ord1661
ord1542
ord5908
ord1611
ord1608
ord3940
ord1392
ord4238
ord5148
ord1899
ord5067
ord4179
ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1647
ord1646
ord1590
ord2856
ord4480
ord4256
ord557
ord745
ord776
ord421
ord3644
ord3596
ord3471
ord1182
ord1178
ord4126
ord1999
ord1293
ord4125
ord4955
ord4501
ord4940
ord4643
ord4958
ord5047
ord4799
ord4704
ord4790
ord4957
ord4371
ord4370
ord4281
ord4510
ord4965
ord4474
ord4523
ord4964
ord4840
ord4495
ord4362
ord4433
ord5043
ord4553
ord4914
ord3734
ord4438
ord4437
ord4784
ord4198
ord4775
ord4383
ord4974
ord4165
ord4172
ord4581
ord4770
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4857
ord4854
ord3968
ord5910
ord1610
ord1393
ord6271
ord3338
ord1351
ord1553
ord5196
ord2711
ord4267
ord648
ord2132
ord410
ord4292
ord4337
ord5147
ord2809
ord5558
ord4879
ord5829
ord4788
ord4119
ord4194
ord4667
ord5202
ord4942
ord4668
ord4094
ord2085
ord3238
ord1946
ord1274
ord2413
ord2414
ord2415
ord2412
ord2411
ord5609
ord2651
ord4656
ord6061
ord4929
ord4098
ord4027
ord2926
ord287
ord1220
ord4358
ord2229
ord6140
ord5272
ord3603
ord3629
ord3422
ord331
ord590
ord1970
ord1281
ord2252
ord1006
ord6251
ord587
ord572
ord5210
ord4226
ord5911
ord1536
ord2077
ord3417
ord3678
ord3296
ord2255
ord2250
ord1172
ord2297
ord384
ord5083
ord317
ord1425
ord1939
ord1430
ord584
ord629
ord6293
ord5327
ord6299
ord1027
ord5337
ord3508
ord4574
ord2155
ord5648
ord2368
ord266
ord5199
ord5711
ord5712
ord6002
ord774
ord2121
ord3824
ord899
ord2461
ord5398
ord5524
ord1906
ord1079
ord1118
ord2239
ord566
ord757
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2361
ord501
ord709
ord2829
ord2725
ord2531
ord5562
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3756
ord330
ord347
ord1920
ord602
ord589
ord354
ord605
ord4729
ord4206
ord2622
ord2365
ord5633
ord1270
ord1271
ord3155
ord3204
ord4347
ord1925
ord3395
ord2713
ord4109
ord4112
ord3752
ord3435
ord3635
ord765
ord315
ord1033
ord1197
ord1199
ord1093
ord371
ord1115
ord1192
ord1168
ord1170
ord1200
ord1087
ord1162
ord581
ord563
ord753
ord1479
ord6111
ord282
ord5485
ord5316
ord6282
ord3043
ord326
ord2362
ord3995
ord4117
ord5637
ord502
ord2066
ord2254
ord3198
ord1202
ord3249
ord783
ord784
ord1154
ord578
ord4042
ord4041
ord310
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord3677
ord283
ord5209
ord6086
ord314
ord2366
ord762
ord280
ord293
ord2311
ord2895
ord870
ord577
ord1176
ord764

msvcr71

_wcsicmp
toupper
_ftime
_purecall
wcscpy
__CxxFrameHandler
memmove
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
wcsncpy
wcslen
_wtoi
wcsncmp
realloc
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
free
_except_handler3
memset
wcsrchr
sprintf
swprintf
_beginthreadex
_endthreadex

kernel32

GetVersionExA
GlobalSize
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
ExitProcess
LocalAlloc
SetCurrentDirectoryW
WideCharToMultiByte
LoadLibraryW
FreeLibrary
LocalFree
lstrlenW
MultiByteToWideChar
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetUnhandledExceptionFilter
GetModuleFileNameW
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CloseHandle
GetVersionExW
GlobalFree

user32

IsWindowVisible
MoveWindow
ClientToScreen
GetWindowRect
GetClientRect
SetTimer
KillTimer
PostMessageW
EnableWindow
CreatePopupMenu
AppendMenuW
IsWindow
FillRect
InflateRect
IntersectRect
GetCursorPos
DefWindowProcW
DestroyWindow
ReleaseCapture
GetNextDlgGroupItem
GetClassNameW
LoadCursorW
SetCursor
CreateWindowExW
GetWindowLongW
IsWindowEnabled
GetDlgCtrlID
SetWindowRgn
SetRect
SetWindowPos
EnumChildWindows
GetDC
ReleaseDC
SystemParametersInfoW
GetSystemMetrics
GetActiveWindow
InvalidateRect
GetUpdateRect
GetMenu
OffsetRect
ScreenToClient
GetParent
GetMenuItemInfoW
GetMenuItemCount
CopyRect
IsRectEmpty
GetMenuItemID
GetSubMenu
SendMessageW

oleaut32

SysAllocString
VariantInit
VariantCopy
VariantClear
SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

sqlite3

sqlite3_column_blob
sqlite3_column_count
sqlite3_step
sqlite3_finalize
sqlite3_column_bytes
sqlite3_exec
sqlite3_free
sqlite3_free_table
sqlite3_open
sqlite3_get_table
sqlite3_close
sqlite3_prepare_v2
sqlite3_bind_blob
sqlite3_bind_parameter_index
sqlite3_column_int64

dbghelp

MiniDumpWriteDump

gdiplus

GdipDisposeImage
GdipCreateBitmapFromScan0
GdipFree
GdipGetImageGraphicsContext
GdipDrawImageRectRectI
GdipAlloc
GdipCloneImage
GdipCreateFromHDC
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDeleteFont
GdipDeleteGraphics
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSetImageAttributesColorKeys
GdipCreateSolidFill
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatTrimming
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipGetImageWidth
GdipCreateTexture2I
GdipDrawImageI
GdipSaveImageToStream
GdipSetClipRectI
GdipDrawRectangleI
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateBitmapFromHBITMAP
GdipCloneBrush
GdipCreateFont
GdipMeasureString
GdipDrawString
GdipFillRectangleI

gdi32

GetTextExtentPointW
SetBkMode
SetTextColor
CreateSolidBrush
GetStockObject
CreateDCW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
TextOutW
CombineRgn
ExtCreateRegion
CreateDIBSection
GetObjectW
CreateRectRgn
OffsetRgn
ExcludeClipRect
CreateFontIndirectW
GetDeviceCaps

comctl32

ImageList_Draw
ImageList_GetImageCount
_TrackMouseEvent

ole32

CreateStreamOnHGlobal

Exports

Exports

CreateInstance
DestroyInstance

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d29584dc10146df48bd24bc00131b059

Code Sign

19:9d:f8:72Certificate

Extended Key Usages

Key Usages

19:9d:f8:8eCertificate

Key Usages

05:d9:c9:2a:76:5e:cdCertificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

56:92:d8:c5:6d:6d:0c:df:2c:7a:06:c2:c7:24:a4:d1:ba:20:d2:b7Signer

Headers

File Characteristics

PDB Paths

Imports

mfc71u

msvcr71

kernel32

user32

oleaut32

msvcp71

sqlite3

dbghelp

gdiplus

gdi32

comctl32

ole32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 134KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 25KB

.rsrc Size: 4KB - Virtual size: 976B

.reloc Size: 28KB - Virtual size: 27KB

19:9d:f8:72
Certificate

19:9d:f8:8e
Certificate

05:d9:c9:2a:76:5e:cd
Certificate

3d
Certificate

56:92:d8:c5:6d:6d:0c:df:2c:7a:06:c2:c7:24:a4:d1:ba:20:d2:b7
Signer

.text
Size: 136KB - Virtual size: 134KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 976B

.reloc
Size: 28KB - Virtual size: 27KB