7d44cc54f9a7567f5723fba0fd11dbf0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

7d44cc54f9a7567f5723fba0fd11dbf0_NEIKI
Size

3.9MB
MD5

7d44cc54f9a7567f5723fba0fd11dbf0
SHA1

8786c673b401f993d03934614dabe4b8c6ecb873
SHA256

2c1a87ed149aea18f5b4d0c6dec6ee19473b1d8685089e5c16e3e47a3537cf66
SHA512

62341884fe58dc6c3400ea479ca14f3a01c0f84cfb9cc762d30c9c2cf23706fb9a8e7f5f30efe594493b6583755fc1e3c6a30bb7cba3f51e62ddec2091bd3953
SSDEEP

49152:42vRsctH6gGrt8WfqNQOWZqGP1hy7BQSJDw5gVCPvxdJ9e49RCUbY+jXdAI:42vRscl6rp8aqVNGdh0V0xv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d44cc54f9a7567f5723fba0fd11dbf0_NEIKI

Files

7d44cc54f9a7567f5723fba0fd11dbf0_NEIKI
.exe windows:5 windows x86 arch:x86

035190b4b0509ddc0a5fef74ae09dac1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetUserDefaultLCID
ReadConsoleA
SetConsoleMode
CreateDirectoryW
SizeofResource
FindFirstFileW
HeapFree
FindNextFileW
GetCurrentProcess
TerminateProcess
InitializeCriticalSectionAndSpinCount
FindClose
WaitForSingleObject
GetVersionExW
OpenFileMappingW
UnmapViewOfFile
HeapSize
MultiByteToWideChar
ProcessIdToSessionId
Sleep
GetLastError
LockResource
HeapReAlloc
CloseHandle
RaiseException
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
CreateProcessW
CopyFileW
WideCharToMultiByte
MapViewOfFile
GetTickCount
CreateFileMappingW
RemoveDirectoryW
GetModuleFileNameW
GetFileAttributesW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
DeleteFileW
Process32FirstW
LocalFree
GetCurrentDirectoryW
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
GetModuleHandleW
CreateFileW
SetFileAttributesW
GetUserDefaultUILanguage
GetLocaleInfoW
FindResourceExW
GetComputerNameExW
GetComputerNameW
GetTempPathW
LoadLibraryW
CreateThread
GetProcAddress
FreeLibrary
GetTempFileNameW
GetEnvironmentVariableW
GetSystemInfo
VerSetConditionMask
VerifyVersionInfoW
InterlockedDecrement
WaitForMultipleObjects
CreateEventW
GetExitCodeThread
SetEvent
ResetEvent
InterlockedIncrement
GetStdHandle
CreateMutexW
ReleaseMutex
SetCurrentDirectoryW
IsBadStringPtrW
ReadFile
WriteFile
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrlenW
LocalAlloc
OutputDebugStringW
LocalSize
SetLastError
GetCurrentThreadId
GlobalFree
GetLocalTime
GetFileSize
FlushFileBuffers
GetCommandLineW
SetDllDirectoryA
GlobalAlloc
LoadLibraryExW
GetExitCodeProcess
lstrcmpiW
FormatMessageA
CreateFileA
VirtualProtect
VirtualQuery
LoadLibraryExA
GetACP
OutputDebugStringA
GetModuleHandleA
GlobalLock
GlobalUnlock
MulDiv
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
EncodePointer
GetSystemDirectoryW
FreeResource
LoadLibraryA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetThreadLocale
SetThreadPriority
GetCurrentThread
lstrcmpA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetSystemDefaultUILanguage
GlobalFlags
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetErrorMode
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetSystemTime
WriteConsoleW
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetConsoleCP
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
IsValidLocale
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
ExitProcess
HeapQueryInformation
ExitThread
GetCommandLineA
SetStdHandle
PeekNamedPipe
GetFileType
GetDriveTypeW
RtlUnwind
SetFileCompletionNotificationModes
GetTickCount64
InitOnceExecuteOnce
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetHandleInformation
MoveFileExW
SetEnvironmentVariableW
GetTimeZoneInformation
GetLongPathNameW
QueueUserWorkItem
GetModuleHandleExW
FindFirstFileExW
SetFilePointerEx
AreFileApisANSI
SwitchToThread
QueryPerformanceFrequency
LCMapStringW
GetStringTypeW
GetCPInfo
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx

oleaut32

VariantInit
VariantClear
VariantChangeType
SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
SysAllocStringLen

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

sensapi

IsNetworkAlive

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 959KB - Virtual size: 959KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

035190b4b0509ddc0a5fef74ae09dac1

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

oleaut32

oledlg

urlmon

secur32

sensapi

bcrypt

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 959KB - Virtual size: 959KB

.data Size: 52KB - Virtual size: 89KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 148KB - Virtual size: 147KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 959KB - Virtual size: 959KB

.data
Size: 52KB - Virtual size: 89KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 148KB - Virtual size: 147KB