a7d39698b84a46cbc876f902aa3ff7c0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

a7d39698b84a46cbc876f902aa3ff7c0_NEIKI
Size

127KB
MD5

a7d39698b84a46cbc876f902aa3ff7c0
SHA1

b6687270d97ff74d76c7c452de7426927cb8b71f
SHA256

3f88300945e9f016ac616e4c330b4f6f3e2bf8fdb01e640d0d4cd01e861a0395
SHA512

b6ad1f76e8f94f39b00eaaac0106cee1517770d5e856a78a7468258fec7aed79c96f43a8b313090bc6590e90db04f5886276b75c711a238e35cc3d7e53d3b32f
SSDEEP

1536:8j16xSUqLn/860EJfbFTaKcl7WEjejkuTFdTeMj:8j16xMk61Gl7WEjGkirTeMj

Score

1^/10

Malware Config

Signatures

Files

a7d39698b84a46cbc876f902aa3ff7c0_NEIKI
.exe windows:6 windows x86 arch:x86

13559c8afeb68ab443a0bfd1460a3a74

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:ba:e5:32:00:4d:74:d7:97:a7:06:58
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

25/08/2021, 01:50

Not After

30/09/2022, 05:46

Subject

SERIALNUMBER=110111-0725064,CN=HANCOM. INC\,,O=HANCOM. INC\,,STREET=49\, Daewangpangyo-ro 644beon-gil\, Bundang-gu,L=Seongnam-si,ST=Gyeonggi-do,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

28/01/2021, 11:08

Not After

01/03/2032, 11:08

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:9e:3d:58:fb:b7:fe:ba:14:44:44:46:60:43:ad:36:7c:ca:ea:1e:23:28:17:43:6f:c3:d8:cd:a5:f3:c7:9f
Signer

Actual PE Digest

3b:9e:3d:58:fb:b7:fe:ba:14:44:44:46:60:43:ad:36:7c:ca:ea:1e:23:28:17:43:6f:c3:d8:cd:a5:f3:c7:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\HOffice120\Build\WindowsDesktopOffice\Bin\HwpCtrlHelper.pdb

Imports

hnchdkdll

HdkIsHwp30File
HdkIsHwp50File
HdkIsHwp90File

mfc140u

ord12251
ord10433
ord8217
ord4590
ord12247
ord12239
ord5918
ord3852
ord6349
ord14668
ord6350
ord14669
ord6348
ord14667
ord8000
ord12531
ord14466
ord11983
ord11982
ord2034
ord7941
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord12542
ord12541
ord2486
ord5357
ord8324
ord12865
ord8386
ord8470
ord8461
ord2801
ord13007
ord11893
ord14216
ord8974
ord9208
ord8479
ord14308
ord12583
ord6531
ord6359
ord13863
ord12569
ord845
ord8123
ord7139
ord7506
ord2132
ord515
ord1152
ord634
ord1240
ord758
ord1306
ord9303
ord13442
ord7311
ord8554
ord14137
ord4374
ord3305
ord4349
ord4436
ord8529
ord12103
ord2246
ord4886
ord13544
ord9213
ord789
ord11685
ord286
ord13986
ord503
ord1144
ord4715
ord4735
ord1559
ord883
ord278
ord2990
ord4815
ord885
ord1539
ord290
ord8757
ord10032
ord9424
ord5934
ord13700
ord14591
ord7918
ord9238
ord2557
ord4495
ord12178
ord12081
ord8209
ord3174
ord8399
ord12219
ord5034
ord6130
ord7493
ord1788
ord5763
ord5939
ord13707
ord5271
ord11431
ord5955
ord8832
ord9352
ord11801
ord11796
ord5369
ord3844
ord4587
ord11495
ord10402
ord2070
ord10840
ord2060
ord5747
ord11509
ord1854
ord9204
ord9719
ord11503
ord2409
ord3302
ord8210
ord2761
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord11936
ord14588
ord8965
ord12220
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13703
ord5935
ord2682
ord3941
ord3372
ord3371
ord3265
ord12168
ord5249
ord5549
ord5760
ord9350
ord5525
ord5790
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10255
ord9209
ord6865
ord1391
ord5033
ord12928
ord890
ord2350
ord12124
ord7654
ord1476
ord1002
ord3697
ord1915
ord8464
ord1111
ord10250
ord6861
ord13709
ord458
ord14234
ord7306
ord7676
ord7107
ord14077
ord8024
ord7999
ord7946
ord13911
ord8124
ord2205
ord2303
ord2307
ord7997
ord1473
ord996
ord7653
ord1045
ord296
ord12131
ord9040
ord6129
ord7441
ord11015
ord11396
ord4092
ord3404
ord3403
ord3164
ord6218
ord13752
ord2760
ord12172
ord9210
ord1511
ord2405
ord3296
ord5938
ord10472
ord6220
ord12461
ord13756
ord1513
ord13474

kernel32

GetFileAttributesW
CreateDirectoryW
GetPrivateProfileStringW
GetModuleFileNameW
CreateFileW
CloseHandle
WritePrivateProfileStringW
CreateToolhelp32Snapshot
GetLastError
OutputDebugStringW
Process32FirstW
OpenProcess
GetComputerNameW
CopyFileW
GetPriorityClass
Process32NextW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
GetProcAddress
GetModuleHandleW
CreateSemaphoreW

user32

TranslateMessage
DispatchMessageW
KillTimer
GetWindowThreadProcessId
PeekMessageW
GetParent
GetWindow
LoadCursorW
RegisterClassW
GetClassInfoW
UpdateWindow
SetTimer
SendMessageW
FindWindowW
EnableWindow

shell32

SHGetFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW

oleaut32

VariantClear

vcruntime140

memset
_except_handler4_common
__std_terminate
__CxxFrameHandler3
memcpy

api-ms-win-crt-runtime-l1-1-0

_exit
_errno
_controlfp_s
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_app_type
_invalid_parameter_noinfo
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
strftime

api-ms-win-crt-string-l1-1-0

wcsncmp
wcscat_s

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
fclose
_wfopen_s
__stdio_common_vswprintf_s
__stdio_common_vswscanf

api-ms-win-crt-filesystem-l1-1-0

_waccess_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13559c8afeb68ab443a0bfd1460a3a74

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

7a:ba:e5:32:00:4d:74:d7:97:a7:06:58Certificate

Extended Key Usages

Key Usages

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

3b:9e:3d:58:fb:b7:fe:ba:14:44:44:46:60:43:ad:36:7c:ca:ea:1e:23:28:17:43:6f:c3:d8:cd:a5:f3:c7:9fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

hnchdkdll

mfc140u

kernel32

user32

shell32

comctl32

shlwapi

oleaut32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 4KB - Virtual size: 4KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

7a:ba:e5:32:00:4d:74:d7:97:a7:06:58
Certificate

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

3b:9e:3d:58:fb:b7:fe:ba:14:44:44:46:60:43:ad:36:7c:ca:ea:1e:23:28:17:43:6f:c3:d8:cd:a5:f3:c7:9f
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 4KB - Virtual size: 4KB