a867eb047348e38323c3b7bf0d24f780_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

a867eb047348e38323c3b7bf0d24f780_NEIKI
Size

644KB
MD5

a867eb047348e38323c3b7bf0d24f780
SHA1

fbbca2f0828cf5af886822ca60647b4891dc2d6f
SHA256

a95fe0d970473e945b4465e8f407072489332565869182b65d7971d586cca405
SHA512

4c3911794f8772f38df3ecc4f903f4660e10163f8ec7f856c993db5239004b2fc0b2dc91515240cbf475a72d8dfa55c3b464e2c11dba38ed29aee42b20ee2eef
SSDEEP

12288:JTrXj93th5qLU7OeCGcAVl/p1S3EZNsn+tnw6:JRth5qLoOeAaB1h6+tw6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a867eb047348e38323c3b7bf0d24f780_NEIKI

Files

a867eb047348e38323c3b7bf0d24f780_NEIKI
.dll windows:4 windows x86 arch:x86

7132ca363da41d622d7694a40899e1ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
SetFilePointer
WriteFile
LockFile
UnlockFile
FlushFileBuffers
SetEndOfFile
SetFileTime
GetFileTime
DeleteFileA
MoveFileA
CopyFileA
CreateDirectoryA
RemoveDirectoryA
FindClose
FindFirstFileA
GetDriveTypeA
GetFileAttributesA
SetFileAttributesA
FindNextFileA
GetTempPathA
GetCurrentDirectoryA
GetTempFileNameA
GetDiskFreeSpaceA
GetProcAddress
LoadLibraryA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
MultiByteToWideChar
FreeLibrary
CompareStringA
LCMapStringA
HeapAlloc
_lclose
SetErrorMode
CloseHandle
TerminateProcess
GetCurrentProcess
_lcreat
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
SetLocalTime
GetExitCodeProcess
CreateProcessA
GlobalSize
GetTickCount
MulDiv
OpenProcess
GetProcessHeap
HeapFree
SetCurrentDirectoryA
GetShortPathNameA
GetVolumeInformationA
GetLocaleInfoA
GetWindowsDirectoryA
WritePrivateProfileStringA
WriteProfileStringA
GetProfileStringA
GetSystemDirectoryA
GlobalMemoryStatus
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentVariableA
lstrcpynA
lstrcpyA
GetCurrentThreadId
lstrcatA
_lread
CreateFileA
SetLastError
GetLocalTime
GetModuleFileNameA
GetPrivateProfileStringA
LocalFree
FormatMessageA
GetVersion
GetLastError
GetFullPathNameA
Sleep
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
FileTimeToSystemTime
SystemTimeToFileTime
WideCharToMultiByte
_llseek
_lwrite
SetEnvironmentVariableA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
CompareStringW
lstrlenA
LCMapStringW
GetStartupInfoA
GetStdHandle
SetHandleCount
SetStdHandle
IsBadWritePtr
VirtualAlloc
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCommandLineA
GetFileType
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
RtlUnwind
RaiseException
LocalAlloc
InterlockedExchange

user32

PostMessageA
ScreenToClient
GetParent
SetClassLongA
GetClassLongA
ShowWindow
GetDlgItem
RedrawWindow
EnableWindow
IsDlgButtonChecked
GetSysColor
CheckDlgButton
SetActiveWindow
GetWindowTextA
GetWindowTextLengthA
SetSysColors
FindWindowA
SetForegroundWindow
IsIconic
GetSubMenu
ExitWindowsEx
TrackPopupMenu
UnregisterClassA
MapVirtualKeyA
UnhookWindowsHookEx
CallNextHookEx
GetDoubleClickTime
GetKeyState
AttachThreadInput
GetWindowThreadProcessId
VkKeyScanA
GetMessageA
SetWindowTextA
LoadIconA
LoadCursorA
RegisterClassA
GetSystemMetrics
CreateWindowExA
SetPropA
GetDC
ReleaseDC
InvalidateRect
UpdateWindow
SetWindowPos
DestroyWindow
GetPropA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
DefWindowProcA
GetActiveWindow
MessageBoxA
IsWindow
SendMessageA
GetAsyncKeyState
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DdeCmpStringHandles
DdePostAdvise
DdeNameService
TranslateMessage
DispatchMessageA
PeekMessageA
DdeQueryStringA
DdeCreateDataHandle
DdeClientTransaction
DdeGetData
DdeFreeDataHandle
DdeCreateStringHandleA
DdeConnect
DdeGetLastError
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
DdeInitializeA
GetMenu
AdjustWindowRect
GetWindowRect
GetWindowLongA
GetCursor
ShowCursor
CreateCursor
GetForegroundWindow
SetCapture
ReleaseCapture
DestroyCursor
SetWindowLongA
RemovePropA
SetCursor
CharUpperA
wsprintfA
LoadStringA
SetWindowsHookExA
SetFocus
SetCursorPos
GetCursorPos

gdi32

SetTextColor
SetBkMode
SelectObject
CreateFontIndirectA
DeleteObject
RealizePalette
SelectPalette
CreateSolidBrush
CreatePalette
GetDeviceCaps
GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC
GetObjectA
CreateDIBitmap
LPtoDP
GetTextExtentPoint32A
EnumFontsA
ExtTextOutA
SetBkColor
CreateCompatibleBitmap

Exports

Exports

?WndProcFond@@YGJPAUHWND__@@IIJ@Z
?lJournalPlaybackProc@@YGJHIJ@Z
?lWndProc@@YGJPAUHWND__@@IIJ@Z
?lfTailleCompacte@@YAJPBD@Z
?lfTailleDecompacte@@YAJPBD@Z
?nfCompacte@@YAFPBD0@Z
DeclareProxy
pQueryProxy

Sections

.text
Size: 348KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_HA
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7132ca363da41d622d7694a40899e1ea

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 348KB - Virtual size: 344KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 20KB - Virtual size: 34KB

_TEXT_HA Size: 68KB - Virtual size: 66KB

.rsrc Size: 112KB - Virtual size: 109KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 348KB - Virtual size: 344KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 20KB - Virtual size: 34KB

_TEXT_HA
Size: 68KB - Virtual size: 66KB

.rsrc
Size: 112KB - Virtual size: 109KB

.reloc
Size: 24KB - Virtual size: 23KB