073eadf7b20c74c740173e872a22d6f0_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

073eadf7b20c74c740173e872a22d6f0_NEIKI
Size

1.2MB
MD5

073eadf7b20c74c740173e872a22d6f0
SHA1

cb20555ad448a0d8be288105c1405c1f811a0db8
SHA256

5818bbce057760857df1e1f26207e5431ea7af05dd430f0d558c0c61715e3e0d
SHA512

c2646cab71e65eea45a6337d2c412667d09f762a6757a908ae514e36d8967fa914458a03eaf673e6d97b094f6422f3040f4dc359e7948d745f9ebd53ea6ff1f2
SSDEEP

12288:7ndzNU8WRqK3n8EYEVqgtMvhhe4CvRgt/7gsVDW8fBPxt6eYn3M+qnWZc27+H0QU:7nRybvYcqc+hxiozhce63M++Wt+H0QU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
073eadf7b20c74c740173e872a22d6f0_NEIKI

Files

073eadf7b20c74c740173e872a22d6f0_NEIKI
.exe windows:5 windows x86 arch:x86

dae6d36e2594688eceae71788f449424

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\TMP_SVN\Branches\WTS6X\6.2.3\WTS\wts64\NCWTService\Release_Win32\NCWTService.pdb

Imports

ws2_32

recv
ioctlsocket
send
inet_addr
gethostbyname
setsockopt
htons
WSASetLastError
connect
WSAStartup
WSACleanup
WSAGetLastError
select
socket
bind
shutdown
recvfrom
sendto
closesocket

rpcrt4

RpcServerInqDefaultPrincNameW
RpcServerUseProtseqW
RpcServerUnregisterIf
RpcServerListen
RpcBindingSetAuthInfoW
NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerInqBindings
RpcServerRegisterAuthInfoW
NdrServerCall2
RpcBindingVectorFree

wtsapi32

WTSLogoffSession
WTSEnumerateProcessesW
WTSSendMessageW
WTSDisconnectSession
WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory

setupapi

CM_Get_Child
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Locate_DevNodeW
CM_Get_DevNode_Registry_PropertyW
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW
CM_Get_DevNode_Status
SetupDiGetDeviceInstanceIdW
CM_Get_Parent
CM_Get_Sibling
SetupDiGetClassDevsW
CM_Get_Device_IDW

crypt32

CryptProtectData
CryptUnprotectData

kernel32

InterlockedExchange
GetCurrentProcess
LocalFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteFile
OutputDebugStringW
DeleteCriticalSection
CreateMutexW
ReleaseMutex
Sleep
IsBadReadPtr
IsBadWritePtr
GetLocalTime
GetEnvironmentVariableW
WaitForMultipleObjects
GetCurrentProcessId
SignalObjectAndWait
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
ResumeThread
CreateSemaphoreW
DuplicateHandle
VirtualUnlock
UnmapViewOfFile
OpenProcess
CreateFileMappingW
MapViewOfFile
VirtualLock
GetThreadPriority
SetThreadPriority
ReleaseSemaphore
lstrcpyW
lstrlenW
InterlockedCompareExchange
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetFileSize
ReadFile
SetUnhandledExceptionFilter
FlushFileBuffers
DeleteFileW
SetFilePointer
LockFile
OutputDebugStringA
GetFileAttributesW
HeapAlloc
HeapFree
GetProcessHeap
CancelIo
GetOverlappedResult
LoadLibraryW
GetProcAddress
FreeLibrary
MultiByteToWideChar
lstrlenA
CompareFileTime
FileTimeToSystemTime
GetSystemDirectoryW
GetVolumeInformationW
InterlockedCompareExchange64
GlobalAlloc
GlobalFree
IsDebuggerPresent
ProcessIdToSessionId
GetTickCount64
GetComputerNameW
GetModuleFileNameW
GetCommandLineW
SetConsoleCtrlHandler
FormatMessageW
ExitThread
TerminateThread
PulseEvent
GetTimeZoneInformation
GetModuleHandleW
GetExitCodeThread
WideCharToMultiByte
GetTickCount
GetFileSizeEx
GetVersionExW
GetSystemDefaultLCID
FindFirstFileW
GetModuleHandleA
FindClose
GetSystemInfo
lstrcatW
RaiseException
TerminateProcess
GetConsoleMode
GetConsoleCP
ExitProcess
HeapReAlloc
DeleteFileA
RtlUnwind
GetFileType
CreateFileA
WriteConsoleA
GetConsoleOutputCP
DeviceIoControl
CreateFileW
CreateThread
ResetEvent
SetEvent
GetLastError
WaitForSingleObject
CloseHandle
CreateEventW
SystemTimeToFileTime
GetSystemTime
UnlockFile
UnhandledExceptionFilter
WriteConsoleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
LCMapStringW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileAttributesA
SetEndOfFile
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetExitCodeProcess
CreateProcessA
FreeEnvironmentStringsA
GetEnvironmentStrings
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetLastError
FindNextFileW

user32

DrawTextW
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetIconInfo
LoadCursorW
MessageBeep
wsprintfW

gdi32

GetObjectW
SetBkColor
CreateFontIndirectW
CreateDIBSection
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
SetTextColor
GetBitmapBits

advapi32

LsaStorePrivateData
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
LsaOpenPolicy
RegFlushKey
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
IsValidSid
InitializeSecurityDescriptor
RegDeleteKeyValueW
RegEnumKeyExW
RegDeleteValueW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
DeregisterEventSource
ReportEventW
RegisterEventSourceW
DeleteService
ControlService
ChangeServiceConfig2W
CreateServiceW
GetSecurityDescriptorDacl
RegCreateKeyExW
RegEnumValueW
RegOpenKeyW
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
PerfSetCounterSetInfo
PerfStartProviderEx
PerfStopProvider
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
FreeSid
AllocateAndInitializeSid
LsaClose
RegCreateKeyW
LookupAccountNameW
ConvertSidToStringSidW
PerfIncrementULongCounterValue
PerfDecrementULongCounterValue
PerfCreateInstance
LsaNtStatusToWinError

shell32

SHGetKnownFolderPath
CommandLineToArgvW

ole32

CoInitializeEx
CoInitializeSecurity
PropVariantClear
CoTaskMemFree
CoCreateGuid
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 720KB - Virtual size: 719KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae6d36e2594688eceae71788f449424

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

rpcrt4

wtsapi32

setupapi

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 720KB - Virtual size: 719KB

.rdata Size: 131KB - Virtual size: 130KB

.data Size: 41KB - Virtual size: 100KB

.rsrc Size: 234KB - Virtual size: 233KB

.reloc Size: 51KB - Virtual size: 50KB

.text
Size: 720KB - Virtual size: 719KB

.rdata
Size: 131KB - Virtual size: 130KB

.data
Size: 41KB - Virtual size: 100KB

.rsrc
Size: 234KB - Virtual size: 233KB

.reloc
Size: 51KB - Virtual size: 50KB