8935b5e599c9e9b4391aa1a569cad340_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8935b5e599c9e9b4391aa1a569cad340_NEIKI
Size

119KB
MD5

8935b5e599c9e9b4391aa1a569cad340
SHA1

5fd3b06289687c4ba634ddb52326ed2a6c0a527e
SHA256

79b2b1116b09b9493ee7a49a7308f16f99bc402b832eff19bec4acf02b3804be
SHA512

f2de6816910b01420fc9fc0e0c7ff698b43a8c0ecd46b542e74430c3d8c6e724e7f215f0503e3e4bad6305d43d7988088db51b651e71a754cf4986d74d6d7793
SSDEEP

3072:ntGlvsSW5MdqoZA3psrxWjJImnMfTG2Ikvkj:tGyScnarjmnMfB5kj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8935b5e599c9e9b4391aa1a569cad340_NEIKI

Files

8935b5e599c9e9b4391aa1a569cad340_NEIKI
.exe windows:4 windows x86 arch:x86

58f6620fa75e24955b20e83f4e5f7b21

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenPrivateNamespaceW
FlushProcessWriteBuffers
InvalidateConsoleDIBits
RegOpenUserClassesRoot
WerUnregisterFileWorker
GetStagedPackagePathByFullName
UnregisterConsoleIME
GetCurrentThread
TermsrvGetWindowsDirectoryA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE