82279a8c94e6a49c2116ac57eb4cbd20_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

82279a8c94e6a49c2116ac57eb4cbd20_NEIKI
Size

1.6MB
MD5

82279a8c94e6a49c2116ac57eb4cbd20
SHA1

cf50d7cf1be2813cda0dcc8b2371c40bf64a0ed1
SHA256

af868824064e9f9c36a2e8bfffbf79ba328f93f87649b7d343e7f1b8fd3209cc
SHA512

83841ea4e2772b5365b89084035a941e25a89746eb9943809dbcbe932a63de58978dd4980fa8de000f3cbf7f19406c36397c2a8efddba0f3bfe1219eb7b37063
SSDEEP

24576:Axfxk4ylyApw6ta1ZIpO5d/tpWhXGC+wGBmgdJ7/s:AxW4InC7IpOFpWhXGC+ogrs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82279a8c94e6a49c2116ac57eb4cbd20_NEIKI

Files

82279a8c94e6a49c2116ac57eb4cbd20_NEIKI
.exe windows:4 windows x86 arch:x86

28f730cb8906c675b678293d949072cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Build\EA\Rel\SEE-8.2.1-MP\PCG Projects\EA Removable Storage\Distribution Files\Client\SEERemovableStorageAccessUtility.pdb

Imports

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CryptEncryptMessage
CertGetCertificateChain
CertFreeCertificateChain
CertGetNameStringW
CertOpenStore
CertGetIntendedKeyUsage
CryptDecryptMessage
CertCloseStore

cryptui

CryptUIDlgViewCertificateW

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Get_Parent
CM_Get_Device_IDW
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetFullPathNameW
GetShortPathNameW
lstrlenA
SetFileTime
GetTempFileNameW
GetModuleHandleA
GlobalGetAtomNameW
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SystemTimeToFileTime
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetErrorMode
LocalFileTimeToFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc
ExitThread
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetVolumeInformationW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
DebugBreak
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetFileAttributesW
GetTickCount
GetDriveTypeW
SetFileAttributesW
SetLastError
GetLastError
GetProcAddress
LoadLibraryW
GlobalFree
CloseHandle
WaitForSingleObject
CreateThread
CreateEventW
SetEvent
GetFileSizeEx
CreateFileW
GetDiskFreeSpaceExW
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
LocalFree
FormatMessageW
MultiByteToWideChar
CreateDirectoryW
RemoveDirectoryW
GetModuleFileNameW
CreateMutexW
GetStartupInfoA
GetCurrentProcess
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
GetThreadLocale
GetStringTypeExW
MoveFileW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
SuspendThread
ResumeThread
SetThreadPriority
GetProfileIntW
GlobalSize
MulDiv
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
FreeResource
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTimeZoneInformation
LocalAlloc
InterlockedDecrement
GetCurrentThreadId
GetCurrentProcessId
GetLocalTime
FreeLibrary
InterlockedIncrement
ReadFile
FindResourceExW
GetCommandLineW
lstrcmpW
lstrcpynW
FindFirstChangeNotificationW
FindNextChangeNotification
FindCloseChangeNotification
ExitProcess
GetVersion
FileTimeToLocalFileTime
GlobalAlloc
GlobalLock
lstrcpyW
GlobalUnlock
WideCharToMultiByte
GetNumberFormatW
GetLocaleInfoW
lstrlenW
lstrcatW
GetFileSize
SetFilePointer
DeviceIoControl
GetVersionExW
GetTempPathW
GetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MoveFileExW
Sleep
GetDiskFreeSpaceW
DeleteFileW
WriteFile
WaitForMultipleObjects

user32

DrawTextExW
DrawTextW
TabbedTextOutW
WindowFromPoint
SetRectEmpty
ReleaseCapture
SetCapture
SetRect
IsRectEmpty
SetWindowContextHelpId
MapDialogRect
CharUpperW
ShowOwnedPopups
SetCursor
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
GetMessageW
TranslateMessage
ValidateRect
IsClipboardFormatAvailable
InflateRect
ReleaseDC
GetDC
GetMenuStringW
InsertMenuW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
CheckRadioButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
GetWindowTextLengthW
GetWindowTextW
GrayStringW
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetScrollPos
GetScrollPos
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
CopyRect
PtInRect
UnpackDDElParam
ReuseDDElParam
GetWindowThreadProcessId
LoadAcceleratorsW
GetDlgCtrlID
DefWindowProcW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RedrawWindow
IsWindowVisible
IsIconic
GetWindowDC
BeginPaint
EndPaint
FindWindowW
SetParent
LockWindowUpdate
GetDCEx
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
PostThreadMessageW
GetMenuItemID
DrawIcon
GetMenuItemCount
PostQuitMessage
DeleteMenu
UnregisterClassW
GetSysColorBrush
UnionRect
LoadCursorW
DestroyCursor
SetCursorPos
InsertMenuItemW
UnregisterClassA
GetForegroundWindow
IsZoomed
SetMenu
SetFocus
TranslateAcceleratorW
EnableWindow
DestroyIcon
LoadIconW
TrackPopupMenu
CreatePopupMenu
GetCursorPos
EnableMenuItem
GetSubMenu
ModifyMenuW
LoadMenuW
ClientToScreen
ScreenToClient
SetTimer
KillTimer
SendMessageW
wsprintfW
MessageBoxW
BringWindowToTop
UpdateWindow
LoadImageW
OpenIcon
GetMenu
GetLastActivePopup
SetForegroundWindow
GetClientRect
RegisterClipboardFormatW
LoadBitmapW
FillRect
InvalidateRect
PostMessageW
GetWindowRect
MessageBeep
CallWindowProcW
GetParent
SetWindowLongW
GetSystemMetrics
SetWindowsHookExW

gdi32

SetMapMode
ExcludeClipRect
IntersectClipRect
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
RestoreDC
PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetTextMetricsW
SetRectRgn
CombineRgn
GetMapMode
GetTextColor
GetRgnBox
SaveDC
GetBkColor
CreateCompatibleBitmap
StretchDIBits
DeleteDC
SelectObject
GetCharWidthW
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateCompatibleDC
CreateFontIndirectW
PatBlt
CreateRectRgnIndirect
CopyMetaFileW
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateFontW
GetObjectW
CreatePatternBrush
DeleteObject
GetStockObject
SetBkMode
GetPixel
CreateSolidBrush

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

GetFileSecurityW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
GetUserNameW
RegSetValueW
RegOpenKeyW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
ConvertSidToStringSidW
RegCreateKeyW
RegDeleteValueW
RegDeleteKeyW
SetFileSecurityW
RegQueryValueW
RegEnumKeyW
LookupAccountNameW

shell32

SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
SHFileOperationW
DragQueryFileW
SHGetFolderPathW
ord2
ExtractIconW
DragFinish
SHGetMalloc
SHGetDataFromIDListW
SHGetDesktopFolder

comctl32

ord17
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shlwapi

PathStripToRootW
PathIsDirectoryW
StrRetToStrW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleGetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleDuplicateData
CreateStreamOnHGlobal
CoTaskMemAlloc
ReleaseStgMedium
CoCreateInstance
CoGetClassObject
OleRun
CoRevokeClassObject
CoRegisterMessageFilter
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateGuid
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal

oleaut32

VariantTimeToSystemTime
VarDateFromStr
SysFreeString
SysAllocString
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SysStringLen
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
GetErrorInfo
SysAllocStringLen

secur32

GetUserNameExW

Exports

Exports

?LogError@GERSLOG@@YAXPBGZZ
?LogMsg@GERSLOG@@YAXPBG0HW4_TRACE_LEVEL@1@0ZZ
?LogVerbose@GERSLOG@@YAXPBGZZ
?LogWarning@GERSLOG@@YAXPBGZZ
?SetLogFile@GERSLOG@@YAXW4_PROJECT_CONFIG@1@@Z

Sections

.text
Size: 676KB - Virtual size: 674KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

EPCL_TEX
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

EPCL_SET
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

EPCL_TES
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

EPCL_INI
Size: 4KB - Virtual size: 275B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EPCL_TES
Size: 4KB - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EPCL_DAT
Size: 4KB - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EPCL_SET
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

EPCL_CON
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

EPCL_TES
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 768KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28f730cb8906c675b678293d949072cb

Headers

File Characteristics

PDB Paths

Imports

crypt32

cryptui

setupapi

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

secur32

Exports

Exports

Sections

.text Size: 676KB - Virtual size: 674KB

EPCL_TEX Size: 16KB - Virtual size: 14KB

EPCL_SET Size: 4KB - Virtual size: 2KB

EPCL_TES Size: 4KB - Virtual size: 1KB

EPCL_INI Size: 4KB - Virtual size: 275B

.rdata Size: 144KB - Virtual size: 142KB

.data Size: 16KB - Virtual size: 35KB

EPCL_TES Size: 4KB - Virtual size: 28B

EPCL_DAT Size: 4KB - Virtual size: 28B

EPCL_SET Size: 8KB - Virtual size: 4KB

EPCL_CON Size: 12KB - Virtual size: 8KB

EPCL_TES Size: 4KB - Virtual size: 1KB

.rsrc Size: 768KB - Virtual size: 765KB

.text
Size: 676KB - Virtual size: 674KB

EPCL_TEX
Size: 16KB - Virtual size: 14KB

EPCL_SET
Size: 4KB - Virtual size: 2KB

EPCL_TES
Size: 4KB - Virtual size: 1KB

EPCL_INI
Size: 4KB - Virtual size: 275B

.rdata
Size: 144KB - Virtual size: 142KB

.data
Size: 16KB - Virtual size: 35KB

EPCL_TES
Size: 4KB - Virtual size: 28B

EPCL_DAT
Size: 4KB - Virtual size: 28B

EPCL_SET
Size: 8KB - Virtual size: 4KB

EPCL_CON
Size: 12KB - Virtual size: 8KB

EPCL_TES
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 768KB - Virtual size: 765KB