dbe9513f701bfd6e5b6bf5516f4c34d0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

dbe9513f701bfd6e5b6bf5516f4c34d0_NEIKI
Size

2.9MB
MD5

dbe9513f701bfd6e5b6bf5516f4c34d0
SHA1

e529361b632c793017b065967c9b812376bd6dd8
SHA256

fbae3efa033eff599208d0f52b77a0a3982e7721ae43ae651c3459c5eb0e132e
SHA512

a1b2ca95bcf1bd172f202a062873065415c11e6625da427549305f54814ed4cd92b8c17a293a8e62f94ce0816cd179d92bb2734305d1d29cdf4ccd6c4a69fd6f
SSDEEP

49152:czHrEYkOnn7fXKrKZHI+6J3LNmS7AHsUG2RS5dTMg7hfw34Gof3E8p4:UEQnz6KONmS7AHJGhv7hYIL8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbe9513f701bfd6e5b6bf5516f4c34d0_NEIKI

Files

dbe9513f701bfd6e5b6bf5516f4c34d0_NEIKI
.exe windows:4 windows x64 arch:x64

46bea5c86c3471ae1de28e60dd954f28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\git-sdk-64-build-installers\usr\src\MINGW-packages\mingw-w64-git\src\git\git-remote-http.pdb

Imports

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
CloseServiceHandle
ConvertSidToStringSidA
CopySid
EqualSid
FreeSid
GetLengthSid
GetNamedSecurityInfoW
GetTokenInformation
GetUserNameW
InitializeSecurityDescriptor
IsValidSid
IsWellKnownSid
LookupAccountSidA
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatusEx
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetEntriesInAclA
SetSecurityDescriptorDacl
SystemFunction036

libiconv-2

libiconv
libiconv_close
libiconv_open

libintl-8

__printf__
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_fprintf
libintl_gettext
libintl_ngettext
libintl_setlocale
libintl_snprintf
libintl_swprintf
libintl_textdomain
libintl_vfprintf
libintl_vprintf
libintl_vsnprintf

kernel32

CloseHandle
ConnectNamedPipe
CopyFileW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateNamedPipeW
CreatePipe
CreateProcessW
CreateRemoteThread
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
FillConsoleOutputCharacterA
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlsAlloc
FlsFree
FlsSetValue
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetHandleInformation
GetLargePageMinimum
GetLastError
GetLongPathNameW
GetModuleHandleA
GetModuleHandleW
GetNamedPipeHandleStateA
GetNamedPipeInfo
GetNumaHighestNodeNumber
GetNumaNodeProcessorMask
GetNumberOfConsoleInputEvents
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessTimes
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount64
GetVersion
GetVolumeInformationW
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeProcThreadAttributeList
IsDebuggerPresent
IsProcessorFeaturePresent
IsWow64Process
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFileEx
MoveFileExW
MultiByteToWideChar
OpenProcess
PeekConsoleInputA
PeekNamedPipe
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ResetEvent
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTextAttribute
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetNamedPipeHandleState
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
UpdateProcThreadAttribute
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeW
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile

msvcrt

__C_specific_handler
___mb_cur_max_func
__iob_func
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_assert
_beginthreadex
_cexit
_commit
_commode
_close
_dup
_dup2
_endthreadex
_errno
_fdopen
_fileno
_flushall
_fmode
_fileno
_get_osfhandle
_getpid
_gmtime64
_initterm
_isatty
_localtime64
_lseeki64
_mktime64
_onexit
_open_osfhandle
_rmdir
_read
_setmode
_stricmp
_strnicmp
_strnicmp
_strtoi64
_strtoui64
_telli64
_umask
_vscprintf
_vsnprintf
_vsnwprintf
_waccess
_wchdir
_wchmod
_wcsicmp
_wcsicmp
_wcsnicmp
_wcsnicmp
_wfopen
_wfreopen
_wmkdir
_wmktemp
_wopen
_wpgmptr
_wrmdir
_write
_wunlink
abort
atoi
atol
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
getchar
getenv
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putchar
puts
raise
rand
realloc
rewind
setvbuf
signal
srand
sscanf
strchr
strcmp
strcspn
strerror
strftime
strlen
strncmp
strpbrk
strrchr
strspn
strstr
strtol
strtoul
tolower
toupper
ungetc
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsstr
wcstombs

ntdll

NtQueryDirectoryFile
NtQueryInformationFile
NtQueryObject
NtSetEaFile

libpcre2-8-0

pcre2_code_free_8
pcre2_compile_8
pcre2_compile_context_create_8
pcre2_compile_context_free_8
pcre2_config_8
pcre2_general_context_create_8
pcre2_general_context_free_8
pcre2_get_error_message_8
pcre2_get_ovector_pointer_8
pcre2_jit_compile_8
pcre2_jit_match_8
pcre2_maketables_8
pcre2_maketables_free_8
pcre2_match_8
pcre2_match_data_create_from_pattern_8
pcre2_match_data_free_8
pcre2_pattern_info_8
pcre2_set_character_tables_8

libwinpthread-1

pthread_getspecific
pthread_key_create
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
pthread_setspecific

user32

DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage

ws2_32

WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSASetLastError
WSASocketA
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
gethostname
getnameinfo
htons
listen
recv
select
setsockopt
shutdown

zlib1

compress2
crc32
deflate
deflateBound
deflateEnd
deflateInit2_
deflateInit_
inflate
inflateEnd
inflateInit2_
inflateInit_
inflateReset

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 295KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

46bea5c86c3471ae1de28e60dd954f28

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

libiconv-2

libintl-8

kernel32

msvcrt

ntdll

libpcre2-8-0

libwinpthread-1

user32

ws2_32

zlib1

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.data Size: 36KB - Virtual size: 36KB

.rdata Size: 277KB - Virtual size: 276KB

.pdata Size: 63KB - Virtual size: 62KB

.xdata Size: 72KB - Virtual size: 71KB

.bss Size: - Virtual size: 295KB

.edata Size: 512B - Virtual size: 60B

.idata Size: 15KB - Virtual size: 14KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

.debug Size: 568KB - Virtual size: 572KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 36KB - Virtual size: 36KB

.rdata
Size: 277KB - Virtual size: 276KB

.pdata
Size: 63KB - Virtual size: 62KB

.xdata
Size: 72KB - Virtual size: 71KB

.bss
Size: - Virtual size: 295KB

.edata
Size: 512B - Virtual size: 60B

.idata
Size: 15KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB

.debug
Size: 568KB - Virtual size: 572KB