8512267f489b9685980a9d00885b4bc0_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

8512267f489b9685980a9d00885b4bc0_NEIKI
Size

2.4MB
MD5

8512267f489b9685980a9d00885b4bc0
SHA1

2b5cce9de8a2ac9793d1c2fc33d37661ab94eaa9
SHA256

8c7fde5a3155e9130ce0ff160f1ab071b0276d2a83b26bb4596390ddbd8eb9cb
SHA512

e79be548eb59e13a5e1c27c3581dbb7b13d50b5f3a8917c8397435b596c1cf62a4503147c543a04528caeb77edca5fb128fc6b8554e16d3685a39c58582361de
SSDEEP

49152:sU/XJxujtSm55BLCArVQPjlTxG+8rnP1n/iykVisGcnlQHPxi:fxgc+BOA5qjlTxcrEnlS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8512267f489b9685980a9d00885b4bc0_NEIKI

Files

8512267f489b9685980a9d00885b4bc0_NEIKI
.exe windows:6 windows x86 arch:x86

46ee605fe33e9be1dec28663b47cd43d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\_work\1\s\\binaries\x86ret\bin\i386\link.pdb

Imports

advapi32

EventWrite
EventRegister
EventUnregister
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

kernel32

FlushFileBuffers
CloseHandle
GetFileSize
FlushViewOfFile
UnmapViewOfFile
SetEndOfFile
LoadLibraryW
GetProcAddress
GetCurrentProcess
CreateFileMappingW
VirtualFree
MapViewOfFileEx
SetFilePointer
DeleteFileW
GetTempPathW
GetFileInformationByHandle
WideCharToMultiByte
GetFullPathNameW
GetACP
lstrcmpiW
ExitThread
FreeLibrary
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SleepConditionVariableSRW
SwitchToThread
FormatMessageW
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeSListHead
InterlockedFlushSList
CreateThread
ResumeThread
WaitForSingleObject
ReadFile
InterlockedPopEntrySList
InterlockedPushEntrySList
CopyFileW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
LoadLibraryExW
GetEnvironmentVariableW
GetModuleHandleW
EncodePointer
DecodePointer
HeapAlloc
GetProcessHeap
HeapFree
GetUserDefaultUILanguage
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
VirtualQuery
GetSystemInfo
GetEnvironmentStringsW
SetProcessWorkingSetSize
GetCommandLineW
GetExitCodeProcess
CreateProcessW
GetModuleFileNameW
GetFileTime
RaiseFailFastException
SetErrorMode
SetConsoleCtrlHandler
GetCurrentDirectoryW
FreeEnvironmentStringsW
VirtualAlloc
SuspendThread
GetThreadContext
GetCPInfo
MultiByteToWideChar
GetFileType
GetConsoleMode
GetConsoleOutputCP
MapViewOfFile
GetConsoleScreenBufferInfo
SearchPathW
WaitForMultipleObjects
CreateMutexW
ReleaseMutex
CreateEventW
GetTickCount64
GetDriveTypeW
GetLastError
MoveFileExW
WriteFile
SetFilePointerEx
Sleep
GetFileSizeEx
ExitProcess
LoadResource
FindResourceExW
CreateFileW
WakeAllConditionVariable
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
GetCurrentProcessId
GetSystemTimeAsFileTime
IsDebuggerPresent
SetFileTime
GetSystemTime
LoadLibraryExA
CreateFileMappingA
GetFileInformationByHandleEx
AreFileApisANSI
FormatMessageA
SystemTimeToFileTime
TlsFree
TlsGetValue
SleepEx
CreateSemaphoreW
HeapDestroy
TlsAlloc
HeapValidate
RaiseException
IsDBCSLeadByte
InitializeCriticalSection
ReleaseSemaphore
VirtualProtect
TlsSetValue
HeapCreate
LCMapStringEx
LocalFree
SetLastError
GetFileAttributesExW

vcruntime140

memchr
_CxxThrowException
memcpy
__CxxFrameHandler3
memcmp
memmove
memset
__std_terminate
__std_exception_copy
_except_handler4_common
__std_exception_destroy
__current_exception_context
strchr
strstr
strrchr
wcsstr
__current_exception
_purecall
wcsrchr
wcschr
__unDName
__unDNameEx

api-ms-win-crt-string-l1-1-0

_wcsnicmp
iswspace
wcstok_s
strncmp
wcsncpy_s
isprint
strncat_s
wcspbrk
iswprint
_stricmp
_strnicmp
strncpy
isalnum
wcsncat_s
iswdigit
wcsncpy
toupper
towlower
isxdigit
isdigit
strcat_s
strcpy_s
strncpy_s
strcmp
_wcsicmp
iswascii
strlen
wcsnlen
wcscpy_s
wcscat_s
wcscspn
_wcsupr_s
wcsncmp

api-ms-win-crt-stdio-l1-1-0

setvbuf
__stdio_common_vsprintf_s
_open_osfhandle
__stdio_common_vfprintf
fopen
ftell
fseek
fwrite
fclose
_wfsopen
_wfdopen
fread
__stdio_common_vswprintf
fputs
__stdio_common_vsnprintf_s
fputwc
__stdio_common_vsscanf
fputws
__stdio_common_vswscanf
_filelength
_get_osfhandle
_fileno
__stdio_common_vsnwprintf_s
__acrt_iob_func
fflush
fgetws
__stdio_common_vfwprintf
__stdio_common_vswprintf_s
_isatty
getwchar
_set_fmode
__p__commode

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_initialize_onexit_table
terminate
__p___argc
_beginthreadex
_invalid_parameter_noinfo_noreturn
_get_errno
_invalid_parameter_noinfo
_errno
__p___wargv
_register_onexit_function
_set_new_handler
_crt_atexit
__p__wpgmptr
__doserrno
_set_invalid_parameter_handler
_cexit
exit
_controlfp_s
_c_exit
_register_thread_local_exe_atexit_callback
_get_wpgmptr

api-ms-win-crt-convert-l1-1-0

_itoa_s
atoi
strtoul
atol
wcstol
_wtoi64
_ultoa_s
_wcstoui64
wcstoul
_ui64tow_s
_ultow_s
_itow_s

api-ms-win-crt-filesystem-l1-1-0

_wfullpath
_wsplitpath_s
_waccess
_wremove
_wstat64
_wmakepath_s
_wstat64i32

api-ms-win-crt-time-l1-1-0

_wctime64
_tzset
clock
_time64

api-ms-win-crt-environment-l1-1-0

_wgetenv_s
_wputenv_s
_wgetcwd
_wsearchenv_s
getenv
_wdupenv_s

api-ms-win-crt-utility-l1-1-0

qsort_s
bsearch
qsort

api-ms-win-crt-heap-l1-1-0

calloc
free
_set_new_mode
malloc

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale
___lc_codepage_func

api-ms-win-crt-conio-l1-1-0

__conio_common_vcprintf
_putwch
_cputws
_cputs
__conio_common_vcwprintf

api-ms-win-crt-math-l1-1-0

ceil
__setusermatherr

psapi

GetProcessMemoryInfo

msvcp140

?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?width@ios_base@std@@QBE_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?is@?$ctype@G@std@@QBE_NFG@Z
?width@ios_base@std@@QAE_J_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?_Xinvalid_argument@std@@YAXPBD@Z
_Xtime_get_ticks
_Mtx_current_owns
_Cnd_timedwait
_Query_perf_frequency
_Query_perf_counter
_Cnd_do_broadcast_at_thread_exit
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
_Cnd_unregister_at_thread_exit
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
_Thrd_hardware_concurrency
_Thrd_id
_Thrd_join
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
?_Syserror_map@std@@YAPBDH@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
_Cnd_wait
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Cnd_register_at_thread_exit
_Cnd_broadcast
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
_Cnd_signal
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Winerror_map@std@@YAHH@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?_Xbad_alloc@std@@YAXXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??Bios_base@std@@QBE_NXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
_Mtx_lock
??1_Lockit@std@@QAE@XZ
_Cnd_destroy_in_situ
_Cnd_init_in_situ
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

tbbmalloc

scalable_malloc
scalable_realloc
scalable_free

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 640KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

46ee605fe33e9be1dec28663b47cd43d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-math-l1-1-0

psapi

msvcp140

tbbmalloc

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 7KB - Virtual size: 78KB

.idata Size: 13KB - Virtual size: 12KB

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 640KB - Virtual size: 644KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 7KB - Virtual size: 78KB

.idata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 640KB - Virtual size: 644KB