f4661baa316795c9bf5342afc3d54b70_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

f4661baa316795c9bf5342afc3d54b70_NEIKI
Size

1007KB
MD5

f4661baa316795c9bf5342afc3d54b70
SHA1

77a546b1cd5d79d3757dad1fe88e2c2cf85c5b55
SHA256

b0206cbb7a91df455bd32cdd01d405d066d0990e727a3ffe58e66e9ee27722a7
SHA512

3a89a5acff82168d6ab7c7f1397c5a3531d5f7e36b4956d8a35dfe00537810b7d60c4b67f6408def05f47d04a23ec8587991881c7da65e6ddb35fa18169735a2
SSDEEP

12288:G+YqDoSdbaPkQB77aHH0YoVRp9RSjVMYwFCh8:myoETtGsqhFN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4661baa316795c9bf5342afc3d54b70_NEIKI

Files

f4661baa316795c9bf5342afc3d54b70_NEIKI
.exe windows:6 windows x86 arch:x86

d62d162cffc97112f602d312aeb42eae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Min\Documents\Visual Studio 2015\Projects\SigGen\Debug\SigGen.pdb

Imports

libfftw3-3

fftw_plan_r2r_1d
fftw_destroy_plan
fftw_execute

mfc140ud

ord8242
ord3848
ord4922
ord10941
ord13097
ord13211
ord12917
ord10686
ord11080
ord10979
ord8236
ord1050
ord3247
ord12604
ord1572
ord1982
ord3470
ord14545
ord15285
ord3597
ord14549
ord15307
ord14234
ord3013
ord5141
ord9830
ord4534
ord974
ord4221
ord1525
ord543
ord4224
ord1262
ord15123
ord15034
ord15268
ord15270
ord16538
ord10596
ord10597
ord10085
ord10086
ord4968
ord4988
ord8535
ord8449
ord6687
ord10552
ord15199
ord10050
ord9085
ord6095
ord8532
ord4911
ord10938
ord16803
ord9559
ord8790
ord799
ord7082
ord14586
ord4667
ord4666
ord4668
ord13242
ord12161
ord12155
ord12097
ord12096
ord11075
ord14128
ord17174
ord1417
ord11206
ord5437
ord4740
ord9086
ord8791
ord800
ord12162
ord12156
ord10940
ord17175
ord14129
ord1418
ord5438
ord5585
ord16810
ord1645
ord9896
ord4490
ord2624
ord2790
ord334
ord8642
ord534
ord13899
ord7150
ord14408
ord3457
ord1255
ord11283
ord376
ord5834
ord5564
ord4848
ord14707
ord11519
ord15699
ord2337
ord12208
ord9164
ord1652
ord1662
ord12076
ord6994
ord1915
ord9884
ord15877
ord5709
ord7124
ord4264
ord14183
ord14233
ord9885
ord14215
ord7198
ord4493
ord8268
ord1095
ord16367
ord7728
ord17261
ord7729
ord17262
ord7727
ord17260
ord9592
ord14599
ord17050
ord13920
ord13921
ord2379
ord9533
ord15117
ord4757
ord4819
ord11212
ord17188
ord9511
ord17182
ord14609
ord14610
ord2887
ord10069
ord10024
ord9589
ord5501
ord15030
ord15098
ord12265
ord14223
ord10108
ord1606
ord3024
ord5153
ord10210
ord15727
ord1036
ord8824
ord16938
ord270
ord2776
ord2774
ord2780
ord2809
ord2857
ord2856
ord1675
ord3575
ord14914
ord16934
ord15052
ord10533
ord10204
ord532
ord1647
ord1655
ord269
ord361
ord1168
ord17197
ord3446
ord17268
ord14482
ord1897
ord972
ord3983
ord3881
ord1894
ord8278
ord3046
ord4609
ord15525
ord4895
ord13993
ord5570
ord15269
ord2881
ord4455
ord15297
ord9381
ord8465
ord6482
ord9726
ord5370
ord15933
ord17095
ord11163
ord13555
ord12258
ord12679
ord12687
ord12924
ord16049
ord7160
ord14940
ord16407
ord8297
ord16396
ord16394
ord8293
ord2522
ord2587
ord2589
ord10150
ord535
ord1256
ord4760
ord7674
ord6746
ord1041
ord16347
ord16346
ord16342
ord16275
ord1565
ord985
ord16341
ord16274
ord1533
ord7941
ord7676
ord8392
ord16440
ord8393
ord3591
ord10087
ord14546
ord15304
ord3844
ord9764
ord2759
ord12778
ord8997
ord8951
ord1100
ord15099
ord12266
ord5503
ord14224
ord1609
ord3026
ord5155
ord9004
ord267
ord299
ord1938
ord1941
ord11191
ord8618
ord489
ord14136
ord3779
ord7048
ord7508
ord3855
ord8324
ord7108
ord16017
ord7083
ord15274
ord16368
ord6402
ord3981
ord4966
ord4876
ord12421
ord12400
ord7898
ord8417
ord16449
ord6147
ord1080
ord2037
ord2374
ord14611
ord17135
ord14020
ord1594
ord16564
ord14582
ord9718
ord6234
ord16660
ord1517
ord963
ord1220
ord3114
ord15265
ord4511
ord3882
ord481
ord5832
ord10072
ord15089
ord9626
ord4487
ord3569
ord1939
ord1673
ord6123
ord6042
ord1861
ord10532
ord7201
ord1674
ord1671
ord286
ord291
ord3588
ord16878
ord7148
ord10932
ord4905
ord3732
ord8577
ord7549
ord16164
ord5156
ord3027
ord3313
ord14184
ord12563
ord12521
ord11065
ord7646
ord11017
ord9165
ord9817
ord3319
ord2687
ord2610
ord1245
ord16352
ord7801
ord520
ord1181
ord15281
ord9703
ord16015
ord6415
ord389
ord1177
ord15514
ord15600
ord6207
ord379
ord6554
ord15857
ord9386
ord16667
ord14034
ord16887
ord5844
ord8280
ord1175
ord10113
ord371
ord5762
ord1145
ord302
ord1885
ord11179
ord11044
ord14137
ord493
ord8620
ord1225
ord1578
ord1059
ord14092
ord7547
ord16160
ord3312
ord11018
ord5037
ord2928
ord1223
ord10840
ord12901
ord13299
ord12304
ord4759
ord4016
ord4017
ord3751
ord3752
ord3902
ord3899
ord12081
ord9876
ord17378
ord12112
ord12114
ord12113
ord12111
ord12115
ord6832
ord13644
ord13645
ord10945
ord14049
ord4477
ord13868
ord17181
ord10763
ord5393
ord3089
ord4739
ord8456
ord12887
ord3857
ord16316
ord14245
ord14241
ord1978
ord2000
ord2026
ord2012
ord2616
ord2033
ord5894
ord5961
ord5906
ord5924
ord5918
ord5912
ord5971
ord5955
ord5900
ord5977
ord5932
ord5870
ord5885
ord5946
ord5405
ord7021
ord11511
ord5391
ord3635
ord17183
ord9512
ord17189
ord8290
ord15764
ord6789
ord13636
ord16776
ord9379
ord10603
ord16093
ord7225
ord15869
ord6549
ord6546
ord3220
ord14085
ord4596
ord3976
ord3977
ord3856
ord14132
ord6303
ord6711
ord6991
ord11164
ord6679
ord6306
ord6537

kernel32

LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
FindResourceW
WideCharToMultiByte
ReleaseMutex
CreateMutexW
GetCurrentProcess
SetPriorityClass
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CreateDirectoryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetExitCodeThread
GetPriorityClass
FreeResource
GetTickCount
GetModuleFileNameW
GlobalReAlloc
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
OutputDebugStringW
GetProcAddress
LoadLibraryW
IsProcessorFeaturePresent
WaitForSingleObjectEx
TerminateProcess
ResumeThread
WaitForSingleObject
ResetEvent
SetEvent
VirtualQuery
FreeLibrary
MultiByteToWideChar
WaitCommEvent
SetCommTimeouts
SetCommState
SetCommMask
PurgeComm
GetCommState
SetupComm
ClearCommError
CreateThread
Sleep
CreateEventW
GetOverlappedResult
SetLastError
GetLastError
CloseHandle
WriteFile
ReadFile
GetSystemTime
CreateFileW

user32

TranslateMessage
MessageBoxW
CopyRect
SetRect
ReleaseDC
GetDC
DispatchMessageW
GetSysColor
GetSystemMetrics
FillRect
PostQuitMessage
PeekMessageW
PostMessageW
LoadImageW
DrawTextExW
GetWindowDC
UnregisterClassW
GetNextDlgGroupItem
GetCapture
ReleaseCapture
GetCursorPos
ClientToScreen
WindowFromPoint
SetRectEmpty
OffsetRect
DestroyIcon
GetIconInfo
InflateRect

gdi32

SetDIBitsToDevice
StretchDIBits
GetStockObject
GetObjectW
CreateDIBSection
SelectObject
GetDeviceCaps
DeleteDC
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SetStretchBltMode
CreateSolidBrush
BitBlt

advapi32

RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW

comctl32

ord8
InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW

uxtheme

SetWindowTheme

ole32

CreateStreamOnHGlobal

oleaut32

SysFreeString
OleLoadPicture

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromHBITMAP

ws2_32

ntohs
WSAStartup
inet_ntop
inet_pton
GetNameInfoW
WSAGetLastError
gethostname
htons
htonl
gethostbyname

msvcp140d

?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Debug_message@std@@YAXPB_W0I@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ

winmm

waveInPrepareHeader
waveInStop
waveInStart
waveInAddBuffer
waveOutUnprepareHeader
waveInOpen
waveInGetErrorTextW
sndPlaySoundW
waveOutGetDevCapsW
waveOutGetErrorTextW
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveInGetDevCapsW
waveOutWrite
waveOutPause
waveOutRestart
waveOutReset
waveOutGetPosition

vcruntime140d

memmove
__vcrt_LoadLibraryExW
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__std_type_info_destroy_list
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
__telemetry_main_return_trigger
__telemetry_main_invoke_trigger
_CxxThrowException
memcpy
memcmp
memset
__CxxFrameHandler3

ucrtbased

__stdio_common_vswprintf_s
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
free
malloc
wcscpy
_CrtDbgReport
_wtof
_invalid_parameter
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
_beginthreadex
strlen
_invalid_parameter_noinfo
_errno
_wtoll
fopen_s
fclose
fread
fseek
ftell
rewind
__stdio_common_vsprintf_s
labs
_resetstkoflw
asin
fabs
log
pow
sqrt
rand
cos
exp
wcslen
fwrite
calloc
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
terminate
_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_except1
_controlfp_s
_wmakepath_s
_wsplitpath_s
_recalloc
wcscpy_s
_wtoi
sin
_CrtDbgReportW

Sections

.textbss
Size: - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 661.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 329B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d62d162cffc97112f602d312aeb42eae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libfftw3-3

mfc140ud

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

ws2_32

msvcp140d

winmm

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 230KB

.text Size: 496KB - Virtual size: 496KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 3KB - Virtual size: 661.6MB

.idata Size: 15KB - Virtual size: 14KB

.gfids Size: 512B - Virtual size: 329B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 218KB - Virtual size: 218KB

.reloc Size: 181KB - Virtual size: 180KB

.textbss
Size: - Virtual size: 230KB

.text
Size: 496KB - Virtual size: 496KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 3KB - Virtual size: 661.6MB

.idata
Size: 15KB - Virtual size: 14KB

.gfids
Size: 512B - Virtual size: 329B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 218KB - Virtual size: 218KB

.reloc
Size: 181KB - Virtual size: 180KB