d3545adca64ee35b90d0e6872947a6a0_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

d3545adca64ee35b90d0e6872947a6a0_NEIKI
Size

616KB
MD5

d3545adca64ee35b90d0e6872947a6a0
SHA1

fbd1b5c8e247bb0d977d012af79cb69f8b8dd777
SHA256

5ce170161599b6a5b9e6c0f4dee08a38cc38f7d89fa23618e8b6e7026cd3b7f3
SHA512

4751a4e3d093cbc8ba4a5c53ed9730fd11dbf917f2af14a0e1ef2ea69e8ddcbe6aa132a8c47562146a9c42faedf5dc6fa5cd6fb78ce419ffb877ebe088830443
SSDEEP

12288:yJqv04GJZswgaC2rEKQXqd0yiTTFKOaZNxkuZQcdO/t12+0dvbl+:Fv04GJSwBZ/QaiyiXFKvZElcdm0dh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3545adca64ee35b90d0e6872947a6a0_NEIKI

Files

d3545adca64ee35b90d0e6872947a6a0_NEIKI
.exe windows:4 windows x86 arch:x86

1721ee8f02cb34ad255f19ad480db2e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord861
ord858
ord6115
ord2854
ord6211
ord5047
ord2371
ord2746
ord2859
ord535
ord941
ord6279
ord5852
ord6868
ord3749
ord4686
ord5140
ord6125
ord6126
ord6127
ord6212
ord6354
ord537
ord6195
ord1197
ord4197
ord3170
ord3494
ord2507
ord355
ord5878
ord2004
ord2857
ord2506
ord940
ord860
ord4215
ord2576
ord3649
ord2430
ord6266
ord2858
ord1637
ord1143
ord6065
ord6452
ord823
ord1863
ord5783
ord2855
ord1165
ord2606
ord5706
ord5679
ord665
ord1971
ord5438
ord3313
ord5180
ord354
ord3566
ord640
ord5781
ord1633
ord323
ord5261
ord4370
ord4847
ord4992
ord6048
ord1767
ord5237
ord6370
ord5276
ord5257
ord2438
ord4419
ord3592
ord324
ord2293
ord2359
ord2291
ord2294
ord4229
ord6330
ord2634
ord3087
ord5949
ord4704
ord2356
ord3397
ord6735
ord2574
ord4396
ord5286
ord3365
ord3635
ord693
ord6511
ord567
ord2355
ord2362
ord6896
ord5977
ord6898
ord538
ord613
ord289
ord3092
ord2910
ord798
ord1989
ord5461
ord5188
ord533
ord6403
ord3312
ord2350
ord2354
ord3693
ord765
ord2836
ord2099
ord5446
ord5436
ord6379
ord6390
ord3593
ord3889
ord922
ord2140
ord4078
ord1840
ord3288
ord6754
ord4470
ord3296
ord3871
ord668
ord1972
ord2762
ord356
ord5647
ord3122
ord3611
ord6381
ord350
ord5568
ord4273
ord2755
ord4272
ord4124
ord5769
ord353
ord4053
ord3176
ord3173
ord2773
ord6640
ord925
ord942
ord6388
ord5444
ord384
ord686
ord772
ord3696
ord500
ord1854
ord6138
ord5602
ord3568
ord2559
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5869
ord5785
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord6190
ord2397
ord2088
ord2400
ord5856
ord4294
ord807
ord2915
ord2112
ord554
ord4158
ord2914
ord1614
ord2756
ord536
ord2444
ord2745
ord1192
ord472
ord2567
ord5784
ord3569
ord809
ord609
ord556
ord4270
ord4279
ord4768
ord6871
ord2114
ord1088
ord3389
ord2579
ord4400
ord3724
ord804
ord4262
ord6777
ord2078
ord6193
ord6375
ord3701
ord1850
ord4240
ord5095
ord2093
ord2715
ord2382
ord3054
ord5094
ord5098
ord4461
ord4298
ord3346
ord5006
ord5468
ord3398
ord2874
ord2873
ord4147
ord4072
ord5233
ord2374
ord5279
ord2641
ord1658
ord4430
ord2437
ord4421
ord401
ord674
ord5250
ord3344
ord976
ord4452
ord6205
ord2879
ord1851
ord4241
ord3864
ord2119
ord2383
ord5096
ord5099
ord4462
ord3345
ord975
ord2875
ord4148
ord2375
ord4431
ord3605
ord3716
ord796
ord656
ord795
ord529
ord402
ord2445
ord2486
ord2619
ord2618
ord6063
ord5996
ord2109
ord6617
ord4451
ord2081
ord2108
ord5251
ord4422
ord5280
ord5026
ord4609
ord4604
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord617
ord5297
ord5208
ord296
ord986
ord411
ord4154
ord6113
ord2613
ord1131
ord1196
ord1244
ord1817
ord4233
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4414
ord4947
ord2391
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord652
ord338
ord4817
ord4852
ord1912
ord4257
ord4583
ord4893
ord5070
ord4335
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord5236
ord3743
ord1718
ord4426
ord784
ord517
ord5256
ord4717
ord4343
ord2527
ord4448
ord2070
ord2079
ord4230
ord825
ord327
ord642
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2436
ord5244
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5275
ord4347
ord6365
ord5157
ord2377
ord1704
ord1709
ord5867
ord4225
ord298
ord1634
ord620
ord3578
ord6051
ord3688
ord3614
ord4292
ord4128
ord293
ord2505
ord641
ord4753
ord1172
ord470
ord540
ord283
ord2406
ord6168
ord5871
ord2810
ord800
ord755
ord3658
ord4390
ord3621
ord5230
ord4401
ord1768
ord4073
ord6049
ord1705
ord1702
ord5076
ord2381
ord4116
ord5467
ord4051
ord4358
ord2522
ord6150
ord1809
ord1569

msvcrt

_ftol
wcscmp
wcstod
wcscpy
_CIacos
wcstol
fclose
fread
rewind
ftell
fseek
_wfopen
atoi
atof
_CIasin
strtol
wcstoul
free
malloc
wcslen
memmove
wcsncpy
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
__CxxFrameHandler

kernel32

GetModuleHandleW
lstrcmpiW
FindResourceW
LoadResource
LockResource
GetCPInfo
GetVersion
GetVersionExW
GetExitCodeThread
TerminateThread
CreateFileW
CloseHandle
RemoveDirectoryW
CreateDirectoryW
GetModuleFileNameW
VirtualAlloc
VirtualFree
LoadLibraryW
GetProcAddress
FreeLibrary
DeleteFileW
Sleep
WideCharToMultiByte
GetSystemTime
CopyFileW
lstrlenW
GetStartupInfoW

user32

GetActiveWindow
PostMessageW
DrawFocusRect
FrameRect
DrawStateW
CreateIconIndirect
GetIconInfo
SetWindowRgn
DrawIcon
LoadIconW
GetWindowTextW
GetMenu
GetFocus
ReleaseCapture
DestroyCursor
InflateRect
UpdateWindow
GetDC
ReleaseDC
GetSysColor
SetRectEmpty
EnableWindow
PtInRect
SendMessageW
FillRect
DrawEdge
InvalidateRect
GetNextDlgTabItem
SetRect
OffsetRect
GrayStringW
DrawTextW
TabbedTextOutW
GetSysColorBrush
GetMenuStringW
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
GetMenuItemCount
AppendMenuW
GetSystemMetrics
DrawIconEx
DestroyIcon
SystemParametersInfoW
GetMenuItemInfoW
MessageBoxW
GetDesktopWindow
GetWindowRect
WindowFromPoint
ScreenToClient
LoadBitmapW
KillTimer
IsMenu
GetClientRect
GetWindowLongW
SetTimer
GetCursorPos
LoadImageW
LoadCursorW
SetCursor
SetCapture
ClientToScreen
LoadMenuW
GetSubMenu
ModifyMenuW
GetDlgCtrlID
IsRectEmpty
CopyRect
GetKeyboardState
GetCapture
GetParent

gdi32

CreateCompatibleBitmap
PtVisible
DeleteDC
CreateDIBSection
RectVisible
SetPixel
GetPixel
TextOutW
ExtTextOutW
BitBlt
Escape
SetBkColor
CreateBitmap
CreateRoundRectRgn
RoundRect
CreateSolidBrush
GetBkMode
EnumFontFamiliesExW
GetObjectW
CreateCompatibleDC
StretchBlt
CreateFontIndirectW
GetGlyphOutlineW
Arc
GetStockObject
Ellipse
DPtoLP
LPtoDP
GetTextExtentPoint32W
GetDeviceCaps
CreateFontW
CreatePen
PatBlt
DeleteObject
SelectObject

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW
ShellExecuteExW

comctl32

ImageList_GetIcon
ImageList_Draw
ImageList_DragEnter
ImageList_DragLeave
ImageList_AddMasked
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Replace
ImageList_BeginDrag
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_EndDrag
_TrackMouseEvent

Sections

.text
Size: 484KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1721ee8f02cb34ad255f19ad480db2e4

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

Sections

.text Size: 484KB - Virtual size: 481KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 52KB - Virtual size: 49KB

.text
Size: 484KB - Virtual size: 481KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 52KB - Virtual size: 49KB