cc2ebe38019644ade3078e4419425320_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cc2ebe38019644ade3078e4419425320_NEIKI
Size

68KB
MD5

cc2ebe38019644ade3078e4419425320
SHA1

15538a81efa670098165295c7761a0cb7bd363a0
SHA256

67e9e1638ced2a72e0e4d255cdf86cb53120d02e08cb0905e3e8aa88b0e21a2c
SHA512

ad9d369b5f46e0ce8436344368b10575607e3a9bc9f0d267b43d7f1a98fd598976c9e66070d4ec1caf5609aeebce86a1a22647344f2ef7110b595d437f0ba05a
SSDEEP

1536:4bZSsiIY3r73y+HjkIbr6RyQjcC89IZEofK:cS3BDGyA8mz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc2ebe38019644ade3078e4419425320_NEIKI

Files

cc2ebe38019644ade3078e4419425320_NEIKI
.exe windows:4 windows x86 arch:x86

8fdb822ba0cd29d0022cae98b2966b80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cblrtss

ord1271
ord1100
ord1117
ord1116
ord1472
ord1309
ord1363
ord1365
ord1366
mF_eloc
ord1015
ord1115
_mFgAE
_mFgprogchain
CBL_GET_PROGRAM_INFO
mF_xe_odbc_load
_mFginitdat_dll
ord969
ord733
ord968
ord2038
ord2006
ord1125
ord1237
ord1257
ord1261
ord1269
ord1223
ord1227
ord1097
ord1424
ord1379
ord1308
ord1094
ord1370
ord1335
_mFgprogcheckexit
_mFfindp
_mFgmain2
_mFgWinMain2
CBL_REF_EXT_DATA
_mFgtypecheck
_mFgprogunchain

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit

kernel32

GetCommandLineA
GetModuleHandleA

Exports

Exports

_mFdllinfo

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 980KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE