9fa911e8d643692f5452574a7ab43db0_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9fa911e8d643692f5452574a7ab43db0_NEIKI
Size

119KB
MD5

9fa911e8d643692f5452574a7ab43db0
SHA1

6f9ffe76df5b3cb5ef1242c0d107084297ffa933
SHA256

393520929accde02dbbbdda83abb4d8490b4e60657fdd6bd231c800664c15359
SHA512

a3ae0db6352fb4ced3fc1bc75216c7be43d860d90c2153fadd1922c3faa7f156f45877e9ea7cbb0cf5db1fa4d36ba70a55d8e19e05a353271155dd90d5a5b32e
SSDEEP

3072:ucl63CuJn1C484UUX9OU83F21sWKphXrRtupIPxxcXQz53L3:Jun1LYsTHfKjrRtuKzqQz573

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fa911e8d643692f5452574a7ab43db0_NEIKI

Files

9fa911e8d643692f5452574a7ab43db0_NEIKI
.exe windows:4 windows x86 arch:x86

4599dbe7da4580e40fe0fb02f060b3af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QuirkIsEnabledForPackage3Worker
WerUnregisterMemoryBlock
SetProcessAffinityMask
SetFilePointer
RtlFillMemory
GetProcessHandleCount
InitAtomTable
CreateEventA
CreateSymbolicLinkTransactedA
CreateBoundaryDescriptorA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE