d338d490b22397864c9b113f63f26fa0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

d338d490b22397864c9b113f63f26fa0_NEIKI
Size

1.7MB
MD5

d338d490b22397864c9b113f63f26fa0
SHA1

7595d0b5f335381de5704ef98b2023d739dcd5a5
SHA256

04715b264fa03be0d61da7106f363808a59487d4f35534b016fc0c092fb66552
SHA512

425a0401d812dc9c18f7671f3090cbb308b6192874ca81a139187900f7e739ebbeeea1b711ecaa0d89d589c02c5cfd29ffe1f47b6c003d7926ec8b0a3df357e5
SSDEEP

49152:pFmRUv9hK0OP7EZHCvHsv/dP5J+4l/iXa2uEjktUbcwVHyYLZh35m:UUfKTPKHCvHsv/d79/iXMkgUgwVHyQI

Score

1^/10

Malware Config

Signatures

Files

d338d490b22397864c9b113f63f26fa0_NEIKI
.exe windows:5 windows x86 arch:x86

6d968f47961807794bbc4517f4c919fd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:14:84
Certificate

Issuer

OU=Starfield Class 2 Certification Authority,O=Starfield Technologies\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

28:0f:0a:44:45:2b:0f
Certificate

Issuer

CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

25/08/2014, 17:00

Not After

25/08/2017, 17:00

Subject

CN=Foxit Software Incorporated,O=Foxit Software Incorporated,L=Fremont,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:3a:b4:29:ff:fb:43:7f:17:62:4e:31:18:0f:81:6d:75:28:aa:9c
Signer

Actual PE Digest

b0:3a:b4:29:ff:fb:43:7f:17:62:4e:31:18:0f:81:6d:75:28:aa:9c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Jenkins\workspace\BuildStarship\trunk\librel\FoxitConnectedPDFService_phantom.pdb

Imports

kernel32

CreateFileA
GetConsoleMode
GetConsoleCP
LCMapStringW
GetStringTypeW
QueryPerformanceCounter
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
SetHandleCount
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
HeapSize
HeapQueryInformation
ExitProcess
HeapReAlloc
RaiseException
RtlUnwind
HeapFree
HeapAlloc
CreateEventW
GetDriveTypeW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
ExitThread
FindResourceExW
VirtualProtect
GetNumberFormatW
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
GetTempPathW
GetTempFileNameW
FreeResource
GlobalFindAtomW
InitializeCriticalSectionAndSpinCount
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
GlobalAddAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GlobalFlags
GetSystemDirectoryW
GetCurrentDirectoryW
lstrlenA
GlobalGetAtomNameW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GetCurrentProcessId
CompareStringW
ReleaseActCtx
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
ActivateActCtx
DeactivateActCtx
lstrcmpW
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
FindNextFileW
SetLastError
CopyFileW
GlobalSize
GlobalLock
GlobalUnlock
FormatMessageW
lstrlenW
MulDiv
GetTimeZoneInformation
GetModuleHandleW
GlobalFree
GlobalAlloc
GetVersionExW
GetSystemInfo
DeleteFileW
SetFileAttributesW
CreateDirectoryW
FindClose
FindFirstFileW
SetThreadPriority
CreateThread
Sleep
QueueUserWorkItem
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
lstrcpyW
LocalAlloc
FindResourceW
LoadResource
LockResource
SizeofResource
FreeLibrary
GetProcAddress
LoadLibraryW
GetLocalTime
GetModuleFileNameW
LocalFree
GetLastError
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
ResumeThread
WaitForSingleObject
CloseHandle

user32

CloseClipboard
SetClipboardData
OpenClipboard
GetMenuDefaultItem
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageW
CreateMenu
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
LoadImageW
InsertMenuItemW
TranslateAcceleratorW
CopyImage
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
IsIconic
OffsetRect
IsRectEmpty
DestroyMenu
GetMenuItemInfoW
InflateRect
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
EmptyClipboard
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
RedrawWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
CallWindowProcW
GetMenu
SetWindowPos
ShowWindow
SetWindowLongW
IsWindow
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
CharUpperW
DestroyIcon
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetDesktopWindow
RealChildWindowFromPoint
GetWindow
GetDlgCtrlID
GetClassNameW
PtInRect
SetWindowTextW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
GetIconInfo
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
InvertRect
HideCaret
GetNextDlgGroupItem
MapDialogRect
DrawIcon
DestroyCursor
TabbedTextOutW
FillRect
GetClassInfoW
DefWindowProcW
MapWindowPoints
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoW
GetMonitorInfoW
SetRectEmpty
GetWindowRgn
SetActiveWindow
CopyRect
DeleteMenu
ShowOwnedPopups
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
UnhookWindowsHookEx
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
PostMessageW
PostQuitMessage
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetForegroundWindow
MoveWindow
GetClientRect
GetWindowRect
IntersectRect

gdi32

RealizePalette
StretchBlt
SetPixel
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
CreateRectRgn
SelectClipRgn
SetDIBColorTable
GetRgnBox
OffsetRgn
DPtoLP
SetRectRgn
Polygon
Ellipse
Polyline
CreateEllipticRgn
PatBlt
GetTextColor
GetBkColor
CombineRgn
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetTextExtentPoint32W
CreateHatchBrush
GetObjectType
SelectPalette
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
SetLayout
GetLayout
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
EnumFontFamiliesW
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetTextCharsetInfo
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateBitmap
CreateDIBitmap
GetStockObject
CreatePen
CreateSolidBrush
CreatePatternBrush
CreateFontIndirectW
GetObjectW
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsW
BitBlt
CreateCompatibleDC
GetViewportExtEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegCreateKeyExW
OpenSCManagerW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegisterEventSourceW
ReportEventW
LockServiceDatabase
EnumServicesStatusW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
UnlockServiceDatabase
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
StartServiceW
RegEnumKeyExW
RegDeleteValueW
RegEnumValueW
RegSetValueExW
RegEnumKeyW
RegQueryValueW
RegDeleteKeyW
ControlService
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
DeleteService
QueryServiceStatus
DeregisterEventSource

shell32

SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHAppBarMessage
DragQueryFileW
DragFinish

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoUninitialize
CoInitialize
CoCreateInstance
OleLockRunning
CreateStreamOnHGlobal
DoDragDrop
CoInitializeEx
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoTaskMemFree

oleaut32

SysFreeString
VariantInit
VarBstrFromDate
SysAllocStringLen
SysStringLen
VariantTimeToSystemTime
VariantChangeType
VariantClear
SysAllocString
SystemTimeToVariantTime

gdiplus

GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipCreateBitmapFromStream
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipDrawImageRectI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d968f47961807794bbc4517f4c919fd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

39:14:84Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

28:0f:0a:44:45:2b:0fCertificate

Extended Key Usages

Key Usages

b0:3a:b4:29:ff:fb:43:7f:17:62:4e:31:18:0f:81:6d:75:28:aa:9cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 269KB - Virtual size: 268KB

.data Size: 23KB - Virtual size: 52KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 164KB - Virtual size: 164KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

39:14:84
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07
Certificate

28:0f:0a:44:45:2b:0f
Certificate

b0:3a:b4:29:ff:fb:43:7f:17:62:4e:31:18:0f:81:6d:75:28:aa:9c
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 269KB - Virtual size: 268KB

.data
Size: 23KB - Virtual size: 52KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 164KB - Virtual size: 164KB