f5d9227afdcd27a6ce203e56ae3655e0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

f5d9227afdcd27a6ce203e56ae3655e0_NEIKI
Size

204KB
MD5

f5d9227afdcd27a6ce203e56ae3655e0
SHA1

2fc5c56a6e46227fe41d7aa670c3afbfbd320703
SHA256

4859090c975972182933a1254251f2b55034921509e1f7efc9efdb678adb4209
SHA512

25e948d256a2200e1038dea4ce8feebd72c0975a5a9a61a7e6930011ba08144e12d68584b613d27a6bf3f41cd56d66d453047633a88c557e7ef1ee766fb99a99
SSDEEP

3072:NaSdR9c1/fuWL0AjMilpCOT+kICtApWFK1WHk25weLcKznxbQFFNj6QU:N7oFuhAwM+kICeseWEEPznxbJ

Score

1^/10

Malware Config

Signatures

Files

f5d9227afdcd27a6ce203e56ae3655e0_NEIKI
.exe windows:4 windows x86 arch:x86

002de085159dcce8b0cd54386af8e46d

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:e3:2a:fa:f3:f0:dc:2e:26:4a:ee:bf:47:54:f5:a2:0b:85:68:e6
Signer

Actual PE Digest

6c:e3:2a:fa:f3:f0:dc:2e:26:4a:ee:bf:47:54:f5:a2:0b:85:68:e6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy
GetCurrentDirectoryW
lstrcat
GetAtomNameW
GetProcAddress
EnumCalendarInfoA
SetCurrentDirectoryA
GetThreadLocale
DuplicateHandle
GetPriorityClass
SetCurrentDirectoryW
OpenWaitableTimerA
LoadResource
GetTimeFormatA
lstrlen
CreateFileA
GetMailslotInfo
GetDateFormatW
GetModuleHandleA
GetFullPathNameW
GetStartupInfoA
GetFullPathNameA
SetEvent
lstrcmpW
FindAtomA
SetErrorMode
GetFileTime
lstrcpynW
Beep
GetCurrentThreadId
GetSystemDirectoryW

user32

RegisterClassExW
LoadIconW
IsChild
CreateDesktopA
SetCursorPos
GetClassInfoExA
ShowWindow
CreateDialogParamW
SetTimer
GetAsyncKeyState
WaitMessage
SetDlgItemTextA
EnumDesktopWindows
EnumChildWindows
CallWindowProcA
SendMessageW
LoadBitmapA
CreateDialogIndirectParamW
GetMenuItemInfoW
DefDlgProcA
GetDesktopWindow
OffsetRect
GetActiveWindow
GetDC
EmptyClipboard
RegisterClassW
InsertMenuItemW
WaitForInputIdle
GetWindowTextW

gdi32

SetGraphicsMode
GetLogColorSpaceW
GetObjectA
EnumEnhMetaFile
SetPaletteEntries
GetTextCharset
DeleteEnhMetaFile
PolyPolyline
GetMetaFileW
GetTextAlign
GetGlyphIndicesW
GetTextExtentExPointI
ExtTextOutW
GetDCBrushColor

advapi32

RegQueryValueA
RegDeleteValueA
RegCreateKeyW

shlwapi

SHRegGetUSValueW
PathIsUNCServerW
PathRelativePathToA
StrFormatKBSizeA
SHDeleteEmptyKeyW
PathCombineW
StrRChrIA
UrlCompareW
StrCatW
StrFormatKBSizeW
PathFindExtensionW
PathFindFileNameA

comctl32

ImageList_LoadImageA
ImageList_Replace
ImageList_SetImageCount
FlatSB_SetScrollInfo
CreatePropertySheetPageW

winmm

mmioAdvance
mmioInstallIOProcW
mixerGetLineControlsA
mmioSetInfo
waveInReset
midiOutLongMsg

crypt32

CryptHashCertificate
CryptSignCertificate
CertRDNValueToStrA
CryptHashPublicKeyInfo

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.c
Size: 1024B - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdTw
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MbOy
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hsn
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.umshMn
Size: 2KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BQPZ
Size: 512B - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

002de085159dcce8b0cd54386af8e46d

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

6c:e3:2a:fa:f3:f0:dc:2e:26:4a:ee:bf:47:54:f5:a2:0b:85:68:e6Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comctl32

winmm

crypt32

Sections

.text Size: 11KB - Virtual size: 10KB

.c Size: 1024B - Virtual size: 41KB

.sdTw Size: 512B - Virtual size: 4KB

.MbOy Size: 3KB - Virtual size: 21KB

.hsn Size: 1024B - Virtual size: 22KB

.data Size: 10KB - Virtual size: 10KB

.umshMn Size: 2KB - Virtual size: 35KB

.BQPZ Size: 512B - Virtual size: 215KB

.rsrc Size: 164KB - Virtual size: 163KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

6c:e3:2a:fa:f3:f0:dc:2e:26:4a:ee:bf:47:54:f5:a2:0b:85:68:e6
Signer

.text
Size: 11KB - Virtual size: 10KB

.c
Size: 1024B - Virtual size: 41KB

.sdTw
Size: 512B - Virtual size: 4KB

.MbOy
Size: 3KB - Virtual size: 21KB

.hsn
Size: 1024B - Virtual size: 22KB

.data
Size: 10KB - Virtual size: 10KB

.umshMn
Size: 2KB - Virtual size: 35KB

.BQPZ
Size: 512B - Virtual size: 215KB

.rsrc
Size: 164KB - Virtual size: 163KB