e46e4c99babb4601112162cb8edc6020_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

e46e4c99babb4601112162cb8edc6020_NEIKI
Size

1.4MB
MD5

e46e4c99babb4601112162cb8edc6020
SHA1

9dfa18a5ebea9fab518c7fd160e98aa49832f5d1
SHA256

776823bd3e82143c1856389dd90b4b53f09079ec8e5e51025fb9bf872698ed7d
SHA512

8f1f51be5bde1de8b6559022d88371d6dfcb35155042d29b36d169dc342b729269b708fc7f1b14158030ede2624b73fe3b299e1e1703f2e5e33e8c1467a75b62
SSDEEP

24576:szV2YQzGtGoyav7E+V9I3QY2zaKw2sgd+w8Y3u7ftANESqJb99yfD7zIULlPreXO:3tiYo539I3jPKvshwxuDteEdJb92D4ah

Score

1^/10

Malware Config

Signatures

Files

e46e4c99babb4601112162cb8edc6020_NEIKI
.exe windows:6 windows x86 arch:x86

59c132afed5719236cc1dde3d13a2f30

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:20:fb:84:cf:8f:a5:27:88:ba:48:58:b3:d4:12:31:52:b2:1e:df:b9:e2:e9:d6:83:9d:c4:40:2d:1f:af:fa
Signer

Actual PE Digest

2d:20:fb:84:cf:8f:a5:27:88:ba:48:58:b3:d4:12:31:52:b2:1e:df:b9:e2:e9:d6:83:9d:c4:40:2d:1f:af:fa

Digest Algorithm

sha256

PE Digest Matches

false

22:7b:c5:06:ae:f6:de:09:cd:94:7c:e9:fc:f4:80:26:bb:ed:d9:ab
Signer

Actual PE Digest

22:7b:c5:06:ae:f6:de:09:cd:94:7c:e9:fc:f4:80:26:bb:ed:d9:ab

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

webstub.pdb

Imports

advapi32

GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids

kernel32

CreateThread
CloseHandle
DeleteCriticalSection
GetExitCodeThread
EnterCriticalSection
GetLastError
GetTempPathW
CompareStringW
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetCommandLineW
GetProcAddress
Sleep
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
VerSetConditionMask
HeapAlloc
HeapFree
GetProcessHeap
SetLastError
LocalFree
CreateFileA
SetFilePointer
CreateFileW
GetModuleFileNameW
WriteFile
WideCharToMultiByte
FormatMessageW
GetFullPathNameW
CreateDirectoryW
HeapReAlloc
HeapSize
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
SetFilePointerEx
ReadFile
SetEndOfFile
GetShortPathNameW
DuplicateHandle
DosDateTimeToFileTime
SetFileTime
LocalFileTimeToFileTime
GetVersionExW
GetModuleHandleW
GetCurrentThreadId

user32

CreateDialogParamW
MessageBoxW
ShowWindow
LoadStringW
SetWindowTextW
DispatchMessageW
GetDlgItem
IsDialogMessageW
GetWindowTextW
TranslateMessage
PostQuitMessage
GetMessageW
SendMessageW
DestroyWindow

msvcrt

_onexit
__dllonexit
_unlock
_lock
_controlfp
?terminate@@YAXXZ
memset
memcpy
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_wcsnicmp
wcsncmp
wcschr
_vscwprintf
_exit
_vsnwprintf
_vsnprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
wcsrchr

comctl32

ord17

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

shell32

ShellExecuteExW
CommandLineToArgvW

ntdll

RtlInitializeCriticalSection
RtlAllocateHeap
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlFreeHeap
RtlNtStatusToDosError
RtlUnwind
RtlDeleteCriticalSection
RtlVerifyVersionInfo

cabinet

ord23
ord20
ord22

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boxload
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 185KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59c132afed5719236cc1dde3d13a2f30

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate

Extended Key Usages

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7bCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

2d:20:fb:84:cf:8f:a5:27:88:ba:48:58:b3:d4:12:31:52:b2:1e:df:b9:e2:e9:d6:83:9d:c4:40:2d:1f:af:faSigner

22:7b:c5:06:ae:f6:de:09:cd:94:7c:e9:fc:f4:80:26:bb:ed:d9:abSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

comctl32

rpcrt4

shell32

ntdll

cabinet

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 512B - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 3KB

.boxload Size: 512B - Virtual size: 132B

.rsrc Size: 185KB - Virtual size: 188KB

.reloc Size: 2KB - Virtual size: 1KB

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

2d:20:fb:84:cf:8f:a5:27:88:ba:48:58:b3:d4:12:31:52:b2:1e:df:b9:e2:e9:d6:83:9d:c4:40:2d:1f:af:fa
Signer

22:7b:c5:06:ae:f6:de:09:cd:94:7c:e9:fc:f4:80:26:bb:ed:d9:ab
Signer

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 512B - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 3KB

.boxload
Size: 512B - Virtual size: 132B

.rsrc
Size: 185KB - Virtual size: 188KB

.reloc
Size: 2KB - Virtual size: 1KB