9a4760346c232107b9f6bb6b6d645270_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

9a4760346c232107b9f6bb6b6d645270_NEIKI
Size

2.4MB
MD5

9a4760346c232107b9f6bb6b6d645270
SHA1

417b198184e5ea57b8d73db9c6e074ad474c8de6
SHA256

ba6fc7b166f95bf819d828f398e776ea7d4c535f17c9ad2fa41aec8a71de6044
SHA512

b26c653a3a91bb3d190c54e9dc05684d923d211b7abd12f367017646729c86565b727d8438d16477b3f893aae201104b8be4708f224ec4fa674f9d39e674d226
SSDEEP

49152:DE3GCrfsFlg40Vw3wBNMlk/oxp4dJNRX80jPOQa:DzwBie/miwQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a4760346c232107b9f6bb6b6d645270_NEIKI

Files

9a4760346c232107b9f6bb6b6d645270_NEIKI
.dll regsvr32 windows:6 windows x86 arch:x86

2dd7d361ff2d5b79e69dc3cc8c7eba0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Data\Development\C++\Stereo Processor\Release\StereoProcessor.pdb

Imports

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiGetClassDevsExW
SetupDiEnumDeviceInfo

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

opengl32

glTexSubImage2D
glGetError
glPixelStorei
glDeleteTextures
glTexParameteri
glBegin
glTexImage2D
glBindTexture
glViewport
glColor4f
glDisable
glBlendFunc
glEnable
glClear
glDrawBuffer
glClearColor
wglGetProcAddress
glTexCoord2f
glVertex3f
glEnd
wglGetCurrentContext
glGetString
glLoadIdentity
glVertex2f
wglCreateContext
wglMakeCurrent
wglDeleteContext
glPixelZoom
glColor3f
glGenTextures

winmm

timeBeginPeriod
timeGetTime
timeGetDevCaps
timeKillEvent
timeEndPeriod
timeSetEvent

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

gdiplus

GdipSetStringFormatAlign
GdipCreateBitmapFromScan0
GdipDeleteFont
GdipDeleteStringFormat
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipMeasureString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipDrawString
GdipFree
GdipSetStringFormatTrimming
GdipBitmapSetPixel
GdipBitmapGetPixel
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipGetImageWidth
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromFile
GdipCreateSolidFill
GdipCreateFont
GdipDisposeImage
GdipAlloc
GdipDeleteBrush
GdipCloneImage
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateStringFormat

ws2_32

send
htonl
__WSAFDIsSet
accept
ioctlsocket
getsockname
connect
select
setsockopt
WSACleanup
WSAGetLastError
getaddrinfo
freeaddrinfo
inet_addr
recv
shutdown
closesocket
bind
htons
socket
WSAStartup
listen

dbghelp

ImageDirectoryEntryToData

kernel32

HeapQueryInformation
ExitProcess
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
EncodePointer
SetLastError
LoadLibraryExW
LCMapStringW
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
FlushFileBuffers
GetConsoleCP
ReadConsoleW
SetStdHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
TlsFree
UnmapViewOfFile
GetACP
WideCharToMultiByte
VirtualQuery
VirtualProtect
OutputDebugStringW
OpenFileMappingA
CreateFileMappingA
LocalFree
SetEndOfFile
MapViewOfFile
FormatMessageW
CreateWaitableTimerW
DeviceIoControl
GetFileAttributesW
CreateDirectoryW
SetThreadAffinityMask
LoadLibraryW
GetProcAddress
FreeLibrary
SizeofResource
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
ReadFile
GetFileSizeEx
WriteFile
CreateFileW
CloseHandle
SetFilePointerEx
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcessHeap
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
SetEvent
GetSystemInfo
CreateThread
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
FindResourceExW
Sleep
GetSystemDirectoryW
GetCommState
SetCommState
EscapeCommFunction
CreateFileMappingW
MultiByteToWideChar
GetModuleFileNameW
GlobalMemoryStatusEx
SetThreadPriority
MulDiv
GetCurrentThreadId
GetCurrentThread
ReleaseSemaphore
GetCurrentProcess
VirtualAlloc
VirtualFree
lstrcmpW
CreateSemaphoreW
GetVersionExW
DisableThreadLibraryCalls
GetThreadPriority
GetModuleHandleW
GetModuleFileNameA
lstrlenA
lstrlenW
SetErrorMode
LoadLibraryA
GetCurrentProcessId
VerSetConditionMask
VerifyVersionInfoW
GetStdHandle
OutputDebugStringA
GetConsoleMode
ReleaseMutex
CreateMutexW
SuspendThread

user32

KillTimer
SetTimer
SendDlgItemMessageW
IsWindowVisible
GetKeyState
GetWindowThreadProcessId
GetCursorInfo
EnumDisplayDevicesA
EnumDisplaySettingsW
GetIconInfo
MonitorFromWindow
IsIconic
SetActiveWindow
BringWindowToTop
SetCursor
GetCursorPos
PtInRect
SetCapture
ReleaseCapture
InSendMessage
IsZoomed
GetWindowRect
GetParent
MapWindowPoints
SetParent
InvalidateRect
SetForegroundWindow
GetWindowPlacement
EnableWindow
MoveWindow
GetSystemMetrics
IntersectRect
DestroyWindow
CreateDialogParamW
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
PostThreadMessageW
GetQueueStatus
MsgWaitForMultipleObjects
LoadStringW
GetDesktopWindow
GetActiveWindow
TrackMouseEvent
SetWindowLongW
GetWindowLongW
SetWindowPos
FillRect
GetMonitorInfoW
GetClientRect
PostMessageW
SetFocus
UpdateWindow
ShowWindow
EnumDisplayMonitors
GetMonitorInfoA
MessageBoxW
ClientToScreen
SystemParametersInfoW
EnumDisplayDevicesW
CreateWindowExW
RegisterClassW
LoadCursorW
GetClassInfoW
DefWindowProcW
GetWindowTextLengthW
SendMessageW
SetWindowTextW
GetDlgItem
GetWindowTextW
GetDC
ReleaseDC
ScreenToClient

gdi32

DeleteDC
CreateCompatibleDC
GetDIBits
GetObjectW
SetPixelFormat
DescribePixelFormat
ChoosePixelFormat
SwapBuffers
StretchBlt
BitBlt
SelectObject
DeleteObject
GdiFlush
CreateDIBSection
GetDeviceCaps
GetStockObject

advapi32

RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegEnumValueA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegSetValueExW
RegSetValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

CoTaskMemFree
CLSIDFromString
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoFreeUnusedLibraries
StringFromGUID2
CreateStreamOnHGlobal
StringFromCLSID

oleaut32

VariantClear
SysAllocStringLen
SysStringLen
SysAllocString
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetDXVersion
GetResourceID

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 685KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2dd7d361ff2d5b79e69dc3cc8c7eba0c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

wtsapi32

opengl32

winmm

version

gdiplus

ws2_32

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 348KB - Virtual size: 347KB

.data Size: 32KB - Virtual size: 41KB

.rsrc Size: 685KB - Virtual size: 685KB

.reloc Size: 76KB - Virtual size: 76KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 348KB - Virtual size: 347KB

.data
Size: 32KB - Virtual size: 41KB

.rsrc
Size: 685KB - Virtual size: 685KB

.reloc
Size: 76KB - Virtual size: 76KB