788f76d438dd2267c057875f97aff100_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

788f76d438dd2267c057875f97aff100_NEIKI
Size

793KB
MD5

788f76d438dd2267c057875f97aff100
SHA1

39880cb304e3a362cb6730c6fe2cefd9d6ff090c
SHA256

1bd93d655a9e07c174750ea8bef3a6e8bd4e75ca01882d9ba625ad0e1629c75d
SHA512

ad28936061664b704116e9c33ba5d6fcfe8bd224d1f6adf38ae797788c322f9afab2d1d1aa71551ccdc34a2a93edb16e4178884dfaf04b31ba2975431e089692
SSDEEP

12288:8oX54Wtl8G4XroV+EgwrHP/fOl1to2dn0nUrYwoswRPN5mw:8aSO6GgO+LwzW1fx0nUrYwoRPXm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
788f76d438dd2267c057875f97aff100_NEIKI

Files

788f76d438dd2267c057875f97aff100_NEIKI
.exe windows:6 windows x86 arch:x86

461718147c7a99bd5b9eae84f32f3833

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\T\Acrobat\Installers\BootStrapExe_Small\Release\Setup.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GlobalFlags
GetLocaleInfoW
GetSystemDefaultUILanguage
VirtualProtect
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetErrorMode
VirtualQuery
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
FreeEnvironmentStringsW
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
WriteConsoleW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFileSize
FlushFileBuffers
lstrcmpA
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
OutputDebugStringW
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
HeapQueryInformation
GetStdHandle
ExitProcess
LCMapStringW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetDriveTypeW
GetTimeZoneInformation
FindFirstFileExW
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
GetCurrentThreadId
EncodePointer
MulDiv
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
GetACP
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
GetFullPathNameW
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
GetUserDefaultUILanguage
GetPrivateProfileStringW
lstrlenW
GetModuleFileNameW
GetVersionExW
GetSystemInfo
GetCurrentProcess
GetTempFileNameW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
ExpandEnvironmentStringsW
GetTempPathW
CopyFileW
GetSystemDirectoryW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
SetLastError
GetLastError
CloseHandle
CreateFileW
GetCurrentDirectoryW
GetUserDefaultLangID
LoadLibraryW
FreeLibrary
ResumeThread
Sleep
GetThreadPriority
FormatMessageW
LocalFree
FindResourceW
SizeofResource
LockResource
LoadResource
SetDllDirectoryW
GetProcAddress
GetModuleHandleW
GetSystemWindowsDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetStringTypeW

user32

InvalidateRect
DestroyMenu
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RealChildWindowFromPoint
ClientToScreen
LoadCursorW
GetSysColorBrush
ReleaseDC
GetDC
GetWindowThreadProcessId
SetCursor
PostQuitMessage
GetSystemMetrics
CharUpperW
GetCursorPos
TranslateMessage
GetMessageW
GetDesktopWindow
GetNextDlgTabItem
CreateDialogIndirectParamW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
GetWindowRect
RemovePropW
GetPropW
SetPropW
GetScrollPos
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetKeyState
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
GetWindow
SetWindowLongW
GetWindowLongW
GetWindowTextW
SetWindowTextW
IsWindowEnabled
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
SetWindowPos
ShowWindow
IsWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetParent
OffsetRect
SetRectEmpty
GetClientRect
SendDlgItemMessageA
UnregisterClassW
EndDialog
PostMessageW
EnableWindow
KillTimer
SetTimer
SendMessageW
GetActiveWindow

gdi32

SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
ExtTextOutW
TextOutW
SetMapMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
DeleteDC
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetObjectW
DeleteObject

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
InitiateSystemShutdownW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyExW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteW
SHGetSpecialFolderPathW

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW

ole32

CoTaskMemFree
CoCreateInstance
CoCreateGuid
CoInitialize
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
VariantChangeType
SysAllocString

Sections

.text
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 407KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

461718147c7a99bd5b9eae84f32f3833

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 287KB - Virtual size: 287KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 7KB - Virtual size: 18KB

.didat Size: 512B - Virtual size: 108B

.rsrc Size: 407KB - Virtual size: 408KB

.text
Size: 287KB - Virtual size: 287KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 7KB - Virtual size: 18KB

.didat
Size: 512B - Virtual size: 108B

.rsrc
Size: 407KB - Virtual size: 408KB