d6bcf3416d11bc523cb2e93b2bcd5d60_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

d6bcf3416d11bc523cb2e93b2bcd5d60_NEIKI
Size

132KB
MD5

d6bcf3416d11bc523cb2e93b2bcd5d60
SHA1

0224fd481f37176fe4765973dcb886ba0d33ffd7
SHA256

f54b46c140dc814b9f3a036cf05ef86d0d79681d631d479cfa477d54fad6219a
SHA512

9437e2cd7934e63cf60651206d600d272fe3ad60bfdbab50e76595f798a8f2007d2ab7736f0408f91fd3f6fbfbab62513d981fd5d2a7d09860d2e5ccf5aaff8e
SSDEEP

3072:4+i6y4KkovCzU17x8r5cJwpD3Y//DQAMZqE:47p3vjf8rwwpD0/E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6bcf3416d11bc523cb2e93b2bcd5d60_NEIKI

Files

d6bcf3416d11bc523cb2e93b2bcd5d60_NEIKI
.dll regsvr32 windows:5 windows x86 arch:x86

3c3b1753e26d2d1314337c6e8544fc23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
IsDBCSLeadByte
lstrcpynA
HeapDestroy
lstrcpyA
lstrcatA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
DisableThreadLibraryCalls
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
GetShortPathNameA
ResetEvent
SetEvent
CloseHandle
IsBadWritePtr
IsBadCodePtr
IsBadReadPtr
CreateEventA
WaitForMultipleObjects
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleA
TlsFree
SetLastError
TlsGetValue
lstrlenA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LCMapStringA
LCMapStringW
RtlUnwind
VirtualProtect
GetSystemInfo
VirtualQuery
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection

user32

MessageBoxW
CharNextA

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegEnumKeyExA
RegSetValueExA

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID

oleaut32

SysAllocString
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c3b1753e26d2d1314337c6e8544fc23

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 46KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 68KB - Virtual size: 65KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 46KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 68KB - Virtual size: 65KB

.reloc
Size: 8KB - Virtual size: 4KB