c4c31b019bcc43e1921adba0d01697e0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

c4c31b019bcc43e1921adba0d01697e0_NEIKI
Size

116KB
MD5

c4c31b019bcc43e1921adba0d01697e0
SHA1

3660e5ebce3a7c975435ee2cd7031af4febfa98e
SHA256

14e37cd5d22508b520ddac8f3548bb63c7c78a45fcbddf9503e2ca8d50c8d9a7
SHA512

691f04310317c848992c76061754ab695144710e219495af8a125aaa1f5090faf0cb2e18ac61f230f958c69f7602c15509a45927a38460e49894751e6907ef32
SSDEEP

1536:gPVAqP878uJibtbUcFewe7z7JCacwPDpcDqhIUurzqh5bZVF:5tdQtbZetvkVw7pcD8uPqhfVF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4c31b019bcc43e1921adba0d01697e0_NEIKI

Files

c4c31b019bcc43e1921adba0d01697e0_NEIKI
.exe windows:4 windows x86 arch:x86

20b4d90f07ea290b9e27e121600d702c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord800
ord4160
ord540
ord5714
ord1168
ord4234
ord2379
ord755
ord470
ord823
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord1576
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673

msvcrt

??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
strncat
strncmp
setlocale
localtime
strftime
_splitpath
_makepath
_controlfp
wcstombs
_setmbcp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
mktime
__p__fmode
__p__commode
_adjust_fdiv
time
sscanf
strncpy
sprintf
__CxxFrameHandler
atoi
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??0exception@@QAE@XZ
_purecall
memmove

kernel32

GetModuleHandleA
GetLogicalDriveStringsA
lstrlenA
GetDriveTypeA
SetErrorMode
GetVolumeInformationA
GetProcAddress
LoadLibraryA
GetStartupInfoA
GetTempPathA

user32

SendMessageA
MessageBoxA
wsprintfA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon

advapi32

RegSetValueExA
RegEnumKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyA

shell32

ShellExecuteA

ole32

StringFromCLSID
CoTaskMemFree

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20b4d90f07ea290b9e27e121600d702c

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

msvcp60

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 28KB - Virtual size: 25KB