cd2773f8def8b534a9d34def74641f30_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

cd2773f8def8b534a9d34def74641f30_NEIKI
Size

2.9MB
MD5

cd2773f8def8b534a9d34def74641f30
SHA1

2811bf438fc13c79f11fea807651766c6221a110
SHA256

2ff7a8dc7e2cb1d04e04d5f2d8a958a2d5e101a0f5e1c024f5a1bce5e85caf57
SHA512

2473a69f1d453cf46a4cd579b06345146c47b9eb706bb5d13bdbb24d2b051bebe4566efe9c97211b956399e6f16e7dae314c08fcff4164d09f6df92e15d02b03
SSDEEP

49152:u6DVf99yx2jmyUYQZYNpXgUHrnlU563Idd4sYSKX5zEzQZsMUhx96S7k8IguqybM:u6DV5mSBTRU563Idd49SKX5zEjM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd2773f8def8b534a9d34def74641f30_NEIKI

Files

cd2773f8def8b534a9d34def74641f30_NEIKI
.exe windows:4 windows x86 arch:x86

cbda87d9c1587ed7ad668cec91be227e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\project\Nostradamus\Nostradamus\Clicker_src\bin\CassandraJourney_Nostradamus.pdb

Imports

winmm

mixerGetLineControlsA
PlaySoundA
timeEndPeriod
timeBeginPeriod
mixerOpen
timeGetTime
mixerGetLineInfoA
mixerClose
mixerGetControlDetailsA
mixerSetControlDetails
mixerGetDevCapsA

shell32

ShellExecuteA
SHCreateDirectoryExA
SHGetSpecialFolderPathA

advapi32

RegOpenKeyA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclA
RegCloseKey

gdi32

CreateFontIndirectA
GetDeviceCaps
CreateDIBSection
DeleteDC
SetTextColor
CreateRectRgn
SelectClipRgn
SetBkMode
DeleteObject
CreateFontA
GetTextMetricsA
SelectObject
GetTextExtentPoint32A
TextOutA
GetStockObject
GetObjectA
IntersectClipRect
CreateCompatibleDC

kernel32

LCMapStringW
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
TlsGetValue
SetEnvironmentVariableA
CreateFileW
SetEndOfFile
lstrlenA
RemoveDirectoryA
CompareStringW
CompareStringA
GetLocaleInfoW
WriteConsoleW
SetCurrentDirectoryA
GetCurrentDirectoryA
FindFirstFileA
FindClose
FindNextFileA
GetStdHandle
CreateDirectoryA
DeleteFileA
GetTickCount
CreateFileA
CloseHandle
LocalFree
MapViewOfFile
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileMappingA
GetCurrentProcessId
VirtualQuery
SetErrorMode
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
GetCurrentThread
InitializeCriticalSection
Sleep
LeaveCriticalSection
MulDiv
IsBadWritePtr
SetThreadPriority
GetLastError
EnterCriticalSection
GetModuleFileNameA
GetThreadPriority
VirtualProtect
QueryPerformanceFrequency
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
GlobalLock
GetCommandLineA
GlobalAlloc
MultiByteToWideChar
GlobalUnlock
GlobalFree
GetModuleHandleA
CreateMutexA
FileTimeToSystemTime
GetSystemDirectoryA
GetFileTime
InterlockedDecrement
GetFileSize
InterlockedIncrement
LCMapStringA
GetCPInfo
RaiseException
GetLocalTime
HeapReAlloc
GetFullPathNameA
GetDriveTypeA
CreateThread
ResumeThread
ExitThread
RtlUnwind
GetStartupInfoA
GetProcessHeap
HeapAlloc
ExitProcess
GetSystemTimeAsFileTime
HeapFree
GetFileType
TlsAlloc
SetStdHandle
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
WideCharToMultiByte
TlsSetValue
TlsFree
SetLastError
SetHandleCount
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FlushFileBuffers
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP

user32

ShowCaret
HideCaret
IsIconic
SetCapture
SetForegroundWindow
CreateCursor
EnumDisplaySettingsA
WindowFromPoint
DestroyCaret
CreateCaret
GetCursor
SetCaretPos
FillRect
GetWindowInfo
DrawTextExA
OffsetRect
AdjustWindowRectEx
GetClientRect
RegisterWindowMessageA
BeginPaint
EnumWindows
GetWindowPlacement
SetWindowLongA
UnregisterClassA
GetWindowLongA
GetClipboardData
PeekMessageA
EmptyClipboard
EndPaint
EndDialog
DestroyCursor
GetCursorPos
GetActiveWindow
PostMessageA
OpenClipboard
SystemParametersInfoA
ReleaseCapture
GetSystemMetrics
IsWindowVisible
SetClipboardData
DialogBoxIndirectParamA
ChangeDisplaySettingsA
DefWindowProcW
MoveWindow
DestroyWindow
SetCursor
GetMessageA
SetTimer
SetFocus
SendMessageA
GetDC
TranslateMessage
GetWindowTextA
MessageBoxA
CreateWindowExA
ReleaseDC
DefWindowProcA
ShowWindow
GetSysColorBrush
CreateWindowExW
DispatchMessageA
MessageBoxW
AdjustWindowRect
LoadCursorA
RegisterClassA
SetWindowTextA
ClientToScreen
CloseClipboard
ScreenToClient
GetDlgItem
GetWindowRect
LoadIconA

ole32

CoInitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocString

wsock32

closesocket
gethostbyname
send
__WSAFDIsSet
socket
recv
WSACleanup
htons
WSAGetLastError
select
ioctlsocket
WSAStartup
connect
inet_ntoa

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbda87d9c1587ed7ad668cec91be227e

Headers

File Characteristics

PDB Paths

Imports

winmm

shell32

advapi32

gdi32

kernel32

user32

ole32

oleaut32

wsock32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 304KB - Virtual size: 302KB

.data Size: 36KB - Virtual size: 263KB

.rsrc Size: 408KB - Virtual size: 404KB

.reloc Size: 92KB - Virtual size: 92KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 304KB - Virtual size: 302KB

.data
Size: 36KB - Virtual size: 263KB

.rsrc
Size: 408KB - Virtual size: 404KB

.reloc
Size: 92KB - Virtual size: 92KB