9fc49c0a5cfd5b7945c5c578571b9a60_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

9fc49c0a5cfd5b7945c5c578571b9a60_NEIKI
Size

229KB
MD5

9fc49c0a5cfd5b7945c5c578571b9a60
SHA1

47fbd7f814438ef5cb5c590f72f8641269fd5122
SHA256

9c30ce3093d6b9f9825b201b358f0f774b7ac93632af2d388804d225b360576d
SHA512

d3cc40daa2726eee173b0ba384e7d1c0a40788a00842226240c55e563775d477c0baa4f6db9e3a9eba9dc80a5ebc55af702514382f78f156ba467fedbae1f8d3
SSDEEP

3072:kmL5CDYTNVuRUGosq4duMU8cfs4Pu0vp0:ktYhVuRUGoQdzU8R0vp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fc49c0a5cfd5b7945c5c578571b9a60_NEIKI

Files

9fc49c0a5cfd5b7945c5c578571b9a60_NEIKI
.exe windows:4 windows x86 arch:x86

2c2b054a161cfc33e26ad338c5ebd133

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?conNewString
?conOpNewInt
?symContextInit
?conNewNil
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?passParameter
?momSOff
SCROLL
SETPOS
ACREATE
?domXEql
?domNot
?retStackValue
?domAssign
SPACE
QOUT
_WAIT
?retStackItem
STR
DLLCALL
MSGBOX
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
RIGHT
VAL
ALLTRIM
?domAdd
?getRFPC
__vft19ConNumericIntObject10AtomObject
__vft14ConLogicObject10AtomObject
__vft20ConStringConstObject10AtomObject
__vft14ConStringShort10AtomObject
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_90_0
___xpprt1Version
EMPTY
?conSendItem
?conAssignRefWMember
PROCNAME
PROCLINE
?conMemberToItem
VALTYPE
?domValXEql
EVAL
INKEY
?retNil
SETKEY
?orShortCut
?domOr
SET
?domGECmp
?andShortCut
?domLECmp
?domAnd
CHR
?domSubStr
LEN
LEFT
QQOUT
PCOUNT
NATIONMSG
DISPOUT
?pushDynamicCodeBlock
ROW
COL
?domLCmp
?domGCmp
TRANSFORM
LTRIM
LASTAPPEVENT
?domGetElem
MAX
APPEVENT
SETAPPEVENT
LASTKEY
?domNEql
SETAPPWINDOW
?nomClassLock
?nomClassUnlock
?retObject
?nomCreateClass
?nomDefineVar
?nomDefineMethod
?nomEndClassDefinition
?conNewExtObject
?nomCallInitClass
?conRelease
?conGetSelfClass
?conGetClass
SETMOUSE
AADD
ATAIL
ASIZE
?domDec
?domInc
ASCAN
UPPER
APPTYPE
APPDESKTOP
APPNAME
ROOTCRT
__vft21ConNumericFloatObject10AtomObject
BREAK
ERRORBLOCK
WORKSPACELIST
?setSWArea
DBCOMMIT
?restWArea
DBCLOSEAREA
?ehUnsetContext
?ehGetBreakContainer
DBRROLLBACK
DBELOAD
ALERT
DBEBUILD
DBSESSION
?domEql
ISFUNCTION
?executeMacro
DOSERRORMESSAGE
_BREAK
ERRORLEVEL
_QUIT
ISMETHOD
?domAddEqu
TRIM
?floadTos
STRTRAN
CONFIRMBOX
?domValGCmp
PADL
TONE
OUTERR
REPLICATE
DATE
TIME
VERSION
OS
VAR2CHAR
AEVAL
MLCOUNT
MEMOLINE
RTRIM
DLLLOAD
DLLUNLOAD
XBPBASEDIALOG
XBPBASECRT
XBPBASECOMBOBOX
XBPBASELISTBOX
XBPBASEPUSHBUTTON
XBPBASESPINBUTTON
XBPBASEMENUBAR
XBPBASEMENU
XBPBASESLE
XBPBASEMLE
XBPBASETREEVIEW
XBPBASETREEVIEWITEM
XBPBASE3STATE
XBPBASETABPAGE
XBPBASESCROLLBAR
XBPBASECHECKBOX
XBPBASERADIOBUTTON
XBPBASESTATIC
XBPBASEPRESSPACE
?domRefElem
ACLONE
INT
?domSub
BAND
AT
SHELLLINKRESOLVE
FOPEN
FSIZE
FREADSTR
FCLOSE
SUBSTR
?domValNEql
GRAQUERYTEXTBOX
L2BIN
?domMul
CONVTOANSICP
SETAPPFOCUS
BIN2L
?domValEql
LOADRESOURCE
THREADID
DOSERROR
ARRAY
ERROR

xppdbgc

__XPPdbgClient

xbtbase2

MAXROW

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c2b054a161cfc33e26ad338c5ebd133

Headers

File Characteristics

Imports

xpprt1

xppdbgc

xbtbase2

Sections

.text Size: 193KB - Virtual size: 192KB

.data Size: 19KB - Virtual size: 19KB

.xpp Size: 2KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 193KB - Virtual size: 192KB

.data
Size: 19KB - Virtual size: 19KB

.xpp
Size: 2KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 7KB