a5f5cb9237c6b392ac451740241c1bf0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

a5f5cb9237c6b392ac451740241c1bf0_NEIKI
Size

131KB
MD5

a5f5cb9237c6b392ac451740241c1bf0
SHA1

fe22741993e168af5e8d7240fcbc8f9b3765b756
SHA256

9dc5653ee9dfd0bfae15bdea58886c56ce706e4784c3dc21778e65295fdf9a47
SHA512

b580c0b5ad024c22a340f97b1748524c447069ed13ff191c8dbe6ec5f2edd45165e0710dbbf2348295f9a591f288bda6a20f6f9a1b6512ef491c32269e03a93b
SSDEEP

3072:o73P2AEDSvTPgwd0eoPjrLEAIr4F/pstBaDqwONnct437Bl3N2UuY4:q35E3Ir4F/p/uwONct43j92Ul4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5f5cb9237c6b392ac451740241c1bf0_NEIKI

Files

a5f5cb9237c6b392ac451740241c1bf0_NEIKI
.exe windows:6 windows x86 arch:x86

b4263d93afb8dc55436f1734cb7797d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\MiracleS\SK증권\Release\src\Bin\OrderNetVerMgr.pdb

Imports

fmlsclient_vc12

??1FSMessage@@QAE@XZ
?setDestination@FSMessage@@QAEXPBD@Z
?setDeliveryMode@FSMessage@@QAEXW4DELIVERY_MODE@@@Z
?loadBalancingRequest@FSMessage@@QAEX_N@Z
?setUserData@FSMessage@@QAEXPBDH@Z
?sendMessage@FSClientSrv@@QAEHAAVFSMessage@@@Z
??4FSMessage@@QAEAAV0@ABV0@@Z
?getMessage@FSClientSrv@@QAEAAVFSMessage@@K@Z
??8FSMessage@@QAE_NH@Z
??0FSMessage@@QAE@XZ
??0FSClientSrv@@QAE@PAVLoggerManager@@@Z
?serverConnect@FSClientSrv@@QAEHW4FS_IPC_MODE@@PADH@Z
?getErrorMsg@FSClientSrv@@QAEPBDXZ
?setSubscriptionMode@FSClientSrv@@QAEXW4SUBSCRIPTION_MODE@@@Z
??0FSSubjectList@@QAE@XZ
?getLocalIPAddress@FSClientSrv@@QAEPADPAD@Z
?serverLogon@FSClientSrv@@QAEHPBDPAVFSSubjectList@@HW4DTA_CONN_MODE@@@Z
??1FSSubjectList@@QAE@XZ
?getUserData@FSMessage@@QAEPADXZ
??1FSClientSrv@@QAE@XZ

mfc120

ord8350
ord503
ord1139
ord4662
ord971
ord1442
ord1687
ord2339
ord6057
ord8204
ord8599
ord8554
ord12697
ord10211
ord7507
ord990
ord1463
ord7845
ord2158
ord949
ord13238
ord7175
ord13690
ord4041
ord1398
ord1061
ord1106
ord1108
ord6729
ord10083
ord5646
ord12740
ord12037
ord12069
ord10264
ord8062
ord4537
ord12065
ord12057
ord5797
ord3801
ord6226
ord14441
ord6227
ord14442
ord6225
ord14440
ord7848
ord12345
ord14240
ord11803
ord11802
ord1985
ord7789
ord12759
ord2963
ord4100
ord9234
ord14366
ord7770
ord14368
ord12356
ord12355
ord2442
ord5241
ord8167
ord12677
ord8229
ord8311
ord462
ord3309
ord3189
ord8977
ord6675
ord4167
ord3098
ord8964
ord6367
ord2168
ord2199
ord3646
ord7350
ord10302
ord8658
ord10867
ord9254
ord10844
ord8878
ord8595
ord14009
ord6410
ord9048
ord9073
ord11991
ord2716
ord13537
ord6096
ord3117
ord3353
ord3354
ord11218
ord11949
ord11782
ord5765
ord12165
ord2838
ord13743
ord14379
ord4746
ord14430
ord12219
ord14377
ord2334
ord12162
ord6625
ord14182
ord13059
ord13058
ord494
ord12374
ord1040
ord1516
ord1523
ord296
ord300
ord1521
ord3782
ord13821
ord6839
ord3906
ord6366
ord13094
ord12882
ord2476
ord450
ord1502
ord6363
ord7667
ord1384
ord887
ord2478
ord4827
ord12840
ord6443
ord3831
ord316
ord1041
ord4764
ord2256
ord6436
ord1438
ord997
ord6707
ord9047
ord10088
ord8064
ord5293
ord7565
ord7575
ord7574
ord6007
ord5119
ord5295
ord5139
ord5672
ord5409
ord9186
ord5643
ord5433
ord5136
ord11986
ord3216
ord3321
ord3322
ord3890
ord11942
ord2638
ord5814
ord13488
ord11538
ord6745
ord14367
ord7771
ord14369
ord3008
ord4442
ord9528
ord4450
ord4893
ord4858
ord4851
ord4889
ord4916
ord4867
ord4900
ord4912
ord4875
ord4879
ord4883
ord4871
ord4904
ord4863
ord1731
ord1722
ord1726
ord1718
ord1706
ord12075
ord12077
ord13658
ord3217
ord6432
ord5396
ord5398
ord12596
ord1650
ord1456
ord982
ord1181
ord555
ord1137
ord500
ord266
ord265
ord2341
ord1524
ord310
ord4612
ord4613
ord12897
ord358
ord4823
ord3554
ord8614
ord9094
ord10831
ord6844
ord12038
ord8803
ord14361
ord11756
ord3787
ord11907
ord8973
ord11547
ord11546
ord5536
ord8617
ord13914
ord10121
ord10117
ord1504
ord7508
ord2365
ord4184
ord5303
ord305
ord5012
ord5801
ord10119
ord10120
ord10118
ord2717
ord8055
ord3253
ord3256
ord13541
ord6098
ord3208
ord4039

msvcr120

_setmbcp
_CxxThrowException
__CxxFrameHandler3
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
memset
_chmod
_mbscmp
strstr
__argc
_purecall
atoi
malloc
_beginthreadex
_endthreadex
sprintf_s
free
memmove
memcpy_s
memcpy

kernel32

FindClose
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
CreateDirectoryA
DeleteFileA
MoveFileA
WritePrivateProfileSectionA
WinExec
OutputDebugStringW
OpenSemaphoreA
SetEnvironmentVariableA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
RemoveDirectoryA
CloseHandle
FindNextFileA
FindFirstFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
DeleteCriticalSection
DecodePointer
GetLastError
InitializeCriticalSectionEx

user32

KillTimer
DrawIcon
GetSystemMetrics
IsIconic
LoadIconW
PostMessageA
MessageBoxA
SetTimer
EnableWindow
IsWindow
SendMessageA
SetCursor
OffsetRect
FillRect
GetClientRect
UpdateWindow
InvalidateRect
GetParent
RedrawWindow
GetWindowRect
GetSysColor

gdi32

CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
GetViewportOrgEx
SetViewportOrgEx
BitBlt
GetStockObject
Rectangle
CreateSolidBrush
DeleteObject

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

ole32

StringFromCLSID
CoCreateGuid
CoTaskMemFree

msvcp120

?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4263d93afb8dc55436f1734cb7797d3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

fmlsclient_vc12

mfc120

msvcr120

kernel32

user32

gdi32

shell32

comctl32

ole32

msvcp120

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 69KB - Virtual size: 68KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 69KB - Virtual size: 68KB

.reloc
Size: 6KB - Virtual size: 6KB