81a984d3a803a80678c0f9e1cbcc8080_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

81a984d3a803a80678c0f9e1cbcc8080_NEIKI
Size

824KB
MD5

81a984d3a803a80678c0f9e1cbcc8080
SHA1

4a89ae052ac5bdd96d879f08c8c49762972d535f
SHA256

bb02538824be0c58619232b50e96395adf1f04a3007210d9c3ef2ba7ad0cff49
SHA512

b8f440d1609bc9482bf148f38eca887982bdc4bfda5c65f8121fc996258b012440cf779c0cb2120de1b84bb0401f2ada902e87b0796da7545a154ee8a3f40a5a
SSDEEP

12288:7193W25u2165ZF2inb/Gnud9gADMB8MsQx3K+jcaqOnPL04KUUNi53WpNk4i8h8:7K2wjdQln/znPLrKUE0Ek4i8h8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81a984d3a803a80678c0f9e1cbcc8080_NEIKI

Files

81a984d3a803a80678c0f9e1cbcc8080_NEIKI
.exe windows:4 windows x86 arch:x86

f7c80193345fdf525c8ffd62f004373a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

apsfile

set_init_file_name
get_use_dos_files
unlock_file_const
check_password
yes_no_esc_db
set_aps_system
set_FILE_dir
post_dir
check_post_dir
get_FILE_dir
get_default_licomdat_path
get_licomdxx_string
convert_name_to_orig_dir
init_aps_file
init_apsfile_dll
init_for_compiler
init_drive_letters
store_prog_path
get_long_filename
terminate_aps_file
unlock_all_files
get_reg_integer_user
set_reg_int_user
fexist
make_dat_file_path
write_lcfgpath
get_licomcfg_drive
get_default_licomdir_drive
get_default_licomdat_drive
find_file
set_init_dir_name
get_default_macro_dir
get_default_file_no_ask
file_set_default
?safe_SetDlgItemText@@YAXPAVCWnd@@HPBD@Z
?set_callbacks@@YAXPAUd_f1@@PAUd_f2@@@Z
is_disk_removable
?get_multiple_files@@YAHPADHPAVCStringArray@@1@Z
get_reg_integer_mc
get_default_licomdir_path
execute_command
set_default_file
remove_trailing_zeroes
beep
do_edits_db
lic_strupr
read_ascii_line
lic_strcspn
do_config_file_db
using_windows_filenames
?make_window_integral@@YAXPAVCWnd@@H@Z
??1CDMBEdit@@UAE@XZ
message_db
message_db_serious
get_reg_string_mc
one_line_message_db
?enable_dlg_item@@YAXPAVCWnd@@HH@Z
store_add_in_path
progress_display_text
do_progress_db
close_progress_db
parse_dms
??0CDMBEdit@@QAE@XZ
?get_status@CDMBEdit@@QAEHXZ
?get_value@CDMBEdit@@QAENXZ
?get_drives_into_box@@YAXPAVCDialog@@PAVCComboBox@@H@Z
check_dir_name
float_to_string
?set_value@CDMBEdit@@QAEXN@Z
?set_ndp@CDMBEdit@@QAEXH@Z
?set_flags@CDMBEdit@@QAEXH@Z
?check@CDMBEdit@@QAEHH@Z
?is_unknown@CDMBEdit@@QAEHXZ
?set_unknown@CDMBEdit@@QAEXXZ
?show_dlg_item@@YAXPAVCWnd@@HH@Z
set_req_ext
get_aps_file_name
set_dos_file_info
get_file_buffer
is_dbcs
is_dbcs_lead_byte
lic_strchr
lic_free
lic_alloc
lic_strstr
read_text_file2

dk2win32

DK2SendAlgorithmString
DK2ReadMemory
DK2ReadRandomNumbers
DK2Success
DK2DriverInstalled
FindDK2

mfc42

ord2878
ord4152
ord4077
ord5237
ord2382
ord5283
ord2649
ord1665
ord4436
ord5254
ord2445
ord4427
ord401
ord674
ord4245
ord2754
ord6861
ord1825
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord540
ord338
ord4823
ord4238
ord4387
ord1945
ord415
ord715
ord4589
ord5076
ord4341
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord3748
ord1726
ord4432
ord813
ord858
ord996
ord860
ord1233
ord1146
ord1168
ord560
ord4273
ord5605
ord2614
ord3349
ord2864
ord4349
ord755
ord5789
ord470
ord3571
ord3573
ord3626
ord3663
ord640
ord2405
ord2414
ord5787
ord5785
ord1641
ord1640
ord323
ord1175
ord6605
ord4278
ord5710
ord941
ord538
ord6329
ord6130
ord4464
ord5240
ord3619
ord2859
ord6215
ord6129
ord5768
ord5981
ord4892
ord2535
ord4613
ord535
ord2818
ord5856
ord5875
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord5260
ord4723
ord4224
ord613
ord289
ord713
ord6141
ord414
ord2844
ord5859
ord5572
ord2915
ord5604
ord3984
ord4129
ord940
ord4772
ord5823
ord2879
ord1206
ord2623
ord1223
ord5620
ord1200
ord2652
ord1669
ord1161
ord4160
ord1946
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord3401
ord4622
ord3738
ord561
ord815
ord2841
ord2558
ord617
ord5500
ord5214
ord296
ord986
ord411
ord4159
ord2621
ord1134
ord1205
ord4376
ord4853
ord3597
ord324
ord4234
ord5953
ord6199
ord3521
ord3522
ord536
ord6402
ord6403
ord3742
ord818
ord1768
ord2152
ord801
ord541
ord3258
ord1218
ord1601
ord539
ord4277
ord6662
ord2763
ord2729
ord2727
ord2730
ord2107
ord5450
ord5440
ord6383
ord6394
ord1859
ord4246
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord3350
ord975
ord2880
ord4153
ord2383
ord5284
ord4428
ord796
ord554
ord529
ord402
ord807
ord5871
ord2494
ord2627
ord2626
ord6069
ord2011
ord6000
ord2117
ord5883
ord4147
ord2120
ord4457
ord6067
ord3482
ord5255
ord5066
ord4413
ord3294
ord6027
ord4501
ord4337
ord4583
ord4437
ord2294
ord2362
ord2289
ord2370
ord2301
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord654
ord692
ord341
ord2302
ord6334
ord2645
ord6140
ord5861
ord2764
ord6143
ord2642
ord2090
ord1081
ord5641
ord4083
ord859
ord2450
ord361
ord4204
ord4202
ord1567
ord665
ord1979
ord353
ord268
ord2527
ord482
ord6195
ord3870
ord4133
ord4297
ord6648
ord465
ord6283
ord857
ord464
ord850
ord2455
ord4644
ord4217
ord2576
ord4397
ord3577
ord4225
ord4758
ord2820
ord5890
ord2937
ord861
ord1220
ord3499
ord2515
ord355
ord326
ord2086
ord3874
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2358
ord2298
ord3698
ord765
ord5161
ord5162
ord5160
ord4905
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3699
ord768
ord489
ord4258
ord4742
ord3089
ord3098
ord1908
ord4715
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord497
ord771
ord4259
ord1008
ord3403
ord5472
ord976
ord5012
ord3351
ord4303
ord4467
ord5104
ord5100
ord3059
ord2390
ord2723
ord2101
ord5101
ord1858
ord922
ord924
ord2863
ord537
ord926
ord939
ord800
ord2379
ord4275
ord656
ord3610
ord4710
ord3092
ord6241
ord2860
ord6880
ord2078
ord4229
ord641
ord357
ord567
ord609
ord3618
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5236
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4852
ord4375
ord5265
ord3574
ord4424
ord3402
ord5290
ord5241
ord4396
ord1776
ord6055
ord2575
ord1154
ord6467
ord823
ord825
ord3664
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_mbsicmp
_mkdir
_wcsicmp
_wsplitpath
_stat
_findfirst
_findnext
_findclose
srand
rand
clock
_errno
sscanf
isupper
tolower
islower
atol
strncmp
memmove
atof
isalpha
realloc
malloc
_mbscmp
_ftol
_fpreset
free
_strdup
strchr
_setmbcp
_stricmp
_strnicmp
_strupr
_CxxThrowException
wcslen
__CxxFrameHandler
sprintf
atoi
localtime
time
_purecall
isspace
toupper
isdigit
_ftime
putc
getc
fread
fwrite
_makepath
fopen
fclose
ftell
fseek
strncpy
isalnum
remove
_splitpath
__p___argv
__p___argc
_controlfp

kernel32

GetModuleFileNameA
HeapDestroy
DeleteCriticalSection
CopyFileA
GetWindowsDirectoryA
GetTickCount
InitializeCriticalSection
MultiByteToWideChar
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte
GetShortPathNameA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
lstrcatA
WinExec
InterlockedDecrement
FormatMessageA
GetCurrentProcessId
GetEnvironmentVariableA
GetModuleHandleA
SetErrorMode
FindFirstFileA
FindClose
GetSystemTime
SystemTimeToFileTime
FindNextFileA
GetLocalTime
GetVersion
DeviceIoControl
GetFileSize
SearchPathA
Sleep
WaitForSingleObject
CreateSemaphoreA
OpenSemaphoreA
ReleaseSemaphore
GetStartupInfoA
InterlockedIncrement
GetFileAttributesA
ReadFile
lstrlenW
LeaveCriticalSection
EnterCriticalSection
lstrcpynA
lstrlenA
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyA
lstrcmpiA
CloseHandle
SetCommTimeouts
GetCommTimeouts
ExitProcess
GetCommState
SetupComm
CreateFileA
FlushFileBuffers
GetLastError
SetCommState
WriteFile

user32

LoadBitmapA
DrawMenuBar
GetMenu
SetForegroundWindow
FindWindowA
LoadIconA
PeekMessageA
MsgWaitForMultipleObjects
WaitMessage
PostQuitMessage
TranslateMessage
FillRect
IsWindowVisible
IsZoomed
CharNextA
LoadStringA
WinHelpA
RegisterWindowMessageA
BringWindowToTop
GetDesktopWindow
FrameRect
SetActiveWindow
GetWindow
GetAsyncKeyState
DispatchMessageA
RedrawWindow
KillTimer
SetTimer
InvalidateRect
ReleaseCapture
GetKeyState
MessageBoxA
ScreenToClient
SetCursor
CreateCaret
GetClientRect
IntersectRect
HideCaret
DestroyCaret
GetParent
UnregisterClassA
LoadCursorA
GetSysColor
GetMenuItemCount
GetSubMenu
GetMenuStringA
RemoveMenu
InsertMenuA
GetCapture
GetWindowRect
SendMessageA
EnableWindow
PostMessageA
ModifyMenuA
GetMenuItemID
CreatePopupMenu
AppendMenuA
CharPrevA
GetFocus
SetCaretPos
ShowCaret
GetDC
ReleaseDC
IsClipboardFormatAvailable
GetClipboardData
GetCursorPos
InvertRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBeep
UpdateWindow
SetCapture
PtInRect
GetMessageA
wsprintfA

gdi32

GetTextExtentPoint32A
TextOutA
EndDoc
SelectObject
DeleteDC
DeleteObject
GetObjectA
GetStockObject
EndPage
StartPage
GetTextMetricsA
GetDeviceCaps
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
PatBlt
BitBlt
StartDocA

advapi32

RegEnumKeyExA
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA

ole32

CoTaskMemFree
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
ProgIDFromCLSID
StgOpenStorage
StgCreateDocfile
CoGetMalloc
CoCreateInstance

olepro32

ord252

oleaut32

RegisterTypeLi
SetErrorInfo
VarUI4FromStr
SysAllocStringLen
VariantInit
LoadRegTypeLi
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
VariantClear
SafeArrayPutElement
SafeArrayCreateVector
SysAllocStringByteLen
SysStringByteLen
VariantCopy
VariantChangeType
GetErrorInfo
CreateErrorInfo

Sections

.text
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7c80193345fdf525c8ffd62f004373a

Headers

File Characteristics

Imports

apsfile

dk2win32

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

ole32

olepro32

oleaut32

Sections

.text Size: 596KB - Virtual size: 595KB

CONST Size: 4KB - Virtual size: 80B

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 56KB - Virtual size: 348KB

.rsrc Size: 104KB - Virtual size: 100KB

.text
Size: 596KB - Virtual size: 595KB

CONST
Size: 4KB - Virtual size: 80B

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 56KB - Virtual size: 348KB

.rsrc
Size: 104KB - Virtual size: 100KB