0acf7ba43c5832dc0705c0c158e57aa0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

0acf7ba43c5832dc0705c0c158e57aa0_NEIKI
Size

175KB
MD5

0acf7ba43c5832dc0705c0c158e57aa0
SHA1

b30dfcea1981feebc1f104201b7dfd2d6377a2fe
SHA256

b699f1e7161cbff668d74083ff85457d5abfb9c4d5d0f6d78e3de52e062afe6d
SHA512

45d0efdd6fbe5e3b09fdf8311c675c25219c50fb13fb6e3cac9c2b3407e6aedd9590ea64c4b5dec63f244996c7f3d659b176e8df1a622106bb4750e8624d2cac
SSDEEP

3072:A91q1EF1T6inzzXmj+0xfZWmmWx1Dxii42uB6yxqzr6GV5ZKvfPnRnQCRW3VaCWN:2960zjmFxB71DxI6jKJbW3VaSFh65

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0acf7ba43c5832dc0705c0c158e57aa0_NEIKI

Files

0acf7ba43c5832dc0705c0c158e57aa0_NEIKI
.dll windows:6 windows x86 arch:x86

100b049d5914fc0e4ad190ae5d03e196

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BUILD\work\b69487f8af4577da\BUILDSENG\Release\x86\aswCmnOS.pdb

Imports

kernel32

DeviceIoControl
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DuplicateHandle
OpenFileMappingW
GetTempFileNameW
GetFileAttributesExW
FindFirstFileW
FindClose
GetFileInformationByHandle
SetFileTime
GetFileAttributesW
GetFullPathNameW
CreateDirectoryW
RemoveDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
QueryDosDeviceW
GetLogicalDrives
GetFinalPathNameByHandleW
CreateHardLinkW
GetModuleFileNameW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
VirtualAlloc
VirtualFree
VirtualProtect
ReadProcessMemory
VirtualQueryEx
OpenProcess
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapSummary
GlobalMemoryStatusEx
LocalFree
GetProcessTimes
GetCurrentThread
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableW
FormatMessageW
GetDateFormatW
GetTimeFormatW
GetVolumeInformationW
WaitForSingleObject
CreateEventW
OpenEventW
WaitForMultipleObjects
PulseEvent
SetEvent
ResetEvent
CreateMutexW
OpenMutexW
ReleaseMutex
CreateSemaphoreW
OpenSemaphoreW
ReleaseSemaphore
InitializeCriticalSectionEx
SetCriticalSectionSpinCount
TryEnterCriticalSection
GetSystemInfo
GetVersionExW
GetCurrentProcessId
IsBadReadPtr
IsBadWritePtr
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetThreadTimes
ExpandEnvironmentStringsW
LoadLibraryExW
GetSystemWindowsDirectoryW
SetErrorMode
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
SuspendThread
ResumeThread
TerminateThread
GetExitCodeThread
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToSystemTime
RaiseException
VirtualQuery
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnlockFile
Sleep
LockFileEx
GetShortPathNameW
MoveFileExW
SetEndOfFile
GetFileSize
SetFileAttributesW
DeleteFileW
WriteFile
ReadFile
SetFilePointer
CreateFileW
CloseHandle
GetDriveTypeW
GetSystemDirectoryW
GetProcessAffinityMask
GetLastError
GetLongPathNameW
FreeLibrary
GetProcAddress
GetCurrentProcess
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
LeaveCriticalSection
SetLastError
EnterCriticalSection
UnhandledExceptionFilter

user32

CharToOemBuffA
OemToCharBuffA
OemToCharW
CharToOemW

advapi32

SystemFunction036
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
GetUserNameW
RevertToSelf
AdjustTokenPrivileges
ImpersonateSelf
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAce
InitializeAcl
GetLengthSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
GetSidSubAuthorityCount
FreeSid
EqualSid
AllocateAndInitializeSid
ConvertSidToStringSidW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
GetTokenInformation
OpenProcessToken

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

strchr
_except_handler4_common
_CxxThrowException
wcsstr
memset
memcpy
wcschr
wcsrchr
__std_exception_destroy
__std_exception_copy
__CxxFrameHandler3
__std_type_info_destroy_list
memmove

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_callnewh
free

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_endthreadex
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_beginthreadex
_cexit
_execute_onexit_table

api-ms-win-crt-string-l1-1-0

strncpy
_stricmp
wcsncmp
wcsncpy
_wcsnicmp
_wcsdup
_wcsicmp
_wcsupr

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

api-ms-win-crt-convert-l1-1-0

_wcstoui64
_ultow
wcstoul

api-ms-win-crt-utility-l1-1-0

rand

Exports

Exports

aswcmnosDllMain
cmnosFree
cmnosInit
cmnosMiniInit
cpuProcessUnexpected
dep_brandApplyName
dep_brandApplyPrefix
dep_brandFindRegistryKey
dep_brandGetFileInfo
dep_brandGetIniFileName
dep_brandGetName
dep_brandGetProductId
dep_brandGetRegistryKey
dep_brandIsAvast
dep_brandIsIcarus
dep_brandSetIniFileName
dep_brandSetName
dep_brandSetRegistryKey
dep_csCreate
dep_csDelete
dep_csRelease
dep_csTryWait
dep_csWait
dep_eventCreate
dep_eventDelete
dep_eventOpen
dep_eventPulse
dep_eventRelease
dep_eventReset
dep_eventWait
dep_fsCaseSensitiveSupported
dep_fsCloseFile
dep_fsCloseMap
dep_fsCopyFile
dep_fsCopyFileX
dep_fsCreateFileArgToOpenFile
dep_fsCreateFileArgToOpenFileX
dep_fsCreateFolder
dep_fsCreateFolderX
dep_fsCreateFromHandle
dep_fsCreateHardlink
dep_fsCreateMapFromHandle
dep_fsDeleteFile
dep_fsDeleteFileByHandle
dep_fsDeleteFileLater
dep_fsDeleteFileLaterX
dep_fsDeleteFileX
dep_fsDuplicateFile
dep_fsEnableWow64FsRedirection
dep_fsExistFile
dep_fsExistFileX
dep_fsExtractDriveRoot
dep_fsFileTimeToTime
dep_fsFindClose
dep_fsFindFirstFile
dep_fsFindFirstFileX
dep_fsFindNextFile
dep_fsGetAPIHandle
dep_fsGetCurFol
dep_fsGetDriveType
dep_fsGetExtAttr
dep_fsGetFileAttributes
dep_fsGetFileAttributesX
dep_fsGetFileId
dep_fsGetFileIdByHandle
dep_fsGetFileInfo
dep_fsGetFileInfoHandle
dep_fsGetFileInfoX
dep_fsGetFileNameFlags
dep_fsGetFilePointer
dep_fsGetFileSize
dep_fsGetFileSizeHandle
dep_fsGetFileSizeX
dep_fsGetFinalFileName
dep_fsGetFindHandleFlags
dep_fsGetFolderHandle
dep_fsGetFullPathName
dep_fsGetHandleFlags
dep_fsGetLinkTarget
dep_fsGetLogicalDrives
dep_fsGetLongPathName
dep_fsGetLongPathNameX
dep_fsGetNTLongPath
dep_fsGetObjectNameByHandle
dep_fsGetProcessFileMap
dep_fsGetReparseInfo
dep_fsGetStreamInfos
dep_fsGetUsnInfo
dep_fsGetVolumeInfoByHandle
dep_fsGetVolumeName
dep_fsGetVolumeNameByHandle
dep_fsGetVolumeNames
dep_fsIsFolderCaseSensitive
dep_fsIsGuidVolume
dep_fsIsOnSSDDrive
dep_fsIsVolumeMounted
dep_fsLockFile
dep_fsMapFile
dep_fsMoveFile
dep_fsMoveFileByHandle
dep_fsMoveFileX
dep_fsOpenFile
dep_fsOpenFileById
dep_fsOpenFileX
dep_fsOpenMapFile
dep_fsPossibleStreams
dep_fsPrefetchMapped
dep_fsQueryDosDevice
dep_fsReadBR
dep_fsReadFile
dep_fsReadMBR
dep_fsRemapFile
dep_fsRemoveFolder
dep_fsRemoveFolderRecursive
dep_fsRemoveFolderRecursiveX
dep_fsRemoveFolderX
dep_fsSeekReadFile
dep_fsSeekWriteFile
dep_fsSetEndOfFile
dep_fsSetFileAttributes
dep_fsSetFileAttributesX
dep_fsSetFilePointer
dep_fsSetFileTime
dep_fsSetHandleFlags
dep_fsSetRawAccess
dep_fsSetSparseFile
dep_fsUnlockFile
dep_fsUseNTLongPath
dep_fsWriteDefMBR
dep_fsWriteFile
dep_fsZeroData
dep_memCloseProcess
dep_memCloseSharedMemory
dep_memCreateSharedMemory
dep_memGetMemoryInfo
dep_memGetProcessHeap
dep_memHeapAlloc
dep_memHeapCreate
dep_memHeapDestroy
dep_memHeapFree
dep_memHeapReAlloc
dep_memHeapSummary
dep_memOpenProcess
dep_memOpenSharedMemory
dep_memPrefetch
dep_memProtect
dep_memQueryProcessMemory
dep_memReadProcessMemory
dep_memVirtualAlloc
dep_memVirtualFree
dep_mutexCreate
dep_mutexDelete
dep_mutexOpen
dep_mutexRelease
dep_mutexWait
dep_objectsWait
dep_osBeginThread
dep_osCallOpenedDriver
dep_osCloseDrvDevice
dep_osCloseThread
dep_osEndThread
dep_osExpandEnvironment
dep_osFreeModule
dep_osGetCPUSignature
dep_osGetCpuArchitecture
dep_osGetCpuCount
dep_osGetCpuFeatures
dep_osGetCurrentProcess
dep_osGetCurrentProcessID
dep_osGetCurrentThread
dep_osGetCurrentThreadId
dep_osGetCurrentThreadStackSize
dep_osGetCurrentThreadTimes
dep_osGetExitCodeThread
dep_osGetGranularity
dep_osGetID
dep_osGetLastError
dep_osGetMemPrefetchSize
dep_osGetModName
dep_osGetModPath
dep_osGetModuleFromAddress
dep_osGetModuleProc
dep_osGetPagingSize
dep_osGetPerformanceCounter
dep_osGetSystemDir
dep_osGetSystemDirT
dep_osGetThreadPriority
dep_osGetTickCount
dep_osGetTickCount64
dep_osGetUserAddressSpaceLimit
dep_osGetUserFullName
dep_osGetUserHomeDir
dep_osGetWin64
dep_osGetWinVer
dep_osGetWow64
dep_osIsArm
dep_osIsValidAddress
dep_osIsWin10OrBetter
dep_osIsWin64
dep_osIsWin8OrBetter
dep_osIsWow64
dep_osLdrLock
dep_osOpenDrvDevice
dep_osRand
dep_osRegistryClose
dep_osRegistryDeleteKey
dep_osRegistryDeleteValue
dep_osRegistryEnumKey
dep_osRegistryEnumVal
dep_osRegistryGetInfoKey
dep_osRegistryOpen
dep_osRegistryReadBinary
dep_osRegistryReadString
dep_osRegistryWriteBinary
dep_osRegistryWriteString
dep_osSetErrorMode
dep_osSetLastError
dep_osSetThreadDescription
dep_osSetThreadPriority
dep_osSleep
dep_osSuspendThread
dep_osTerminateThread
dep_osTlsAlloc
dep_osTlsFree
dep_osTlsGetValue
dep_osTlsSetValue
dep_osWaitForThread
dep_osWaitForThreads
dep_procGetCommandLine
dep_procGetEnvironment
dep_procGetFileName
dep_procGetParent
dep_procGetSID
dep_procGetTimes
dep_procOpenToRead
dep_secGetMyIntegrityLevel
dep_secGetPrivileges
dep_secGetPublicDirSecurity
dep_secGetPublicSecurity
dep_secGetRandomBuffer
dep_secGetRandomSeed
dep_secIsAdministrator
dep_secRestorePrivilege
dep_secSetPrivilege
dep_semaphoreCreate
dep_semaphoreDelete
dep_semaphoreOpen
dep_semaphoreRelease
dep_semaphoreWait
dep_strAnsiToNewUtf8
dep_strAnsiToOem
dep_strAnsiToUtf8
dep_strCodePageToUnicode
dep_strComparePath
dep_strConvert
dep_strConvertErrorToString
dep_strCopyAnsi
dep_strCopyUnicode
dep_strCurrToNewUtf8
dep_strCurrToOem
dep_strDupAnsi
dep_strDupUnicode
dep_strFreeString
dep_strGetDate
dep_strGetEnvVar
dep_strGetEnvVarT
dep_strGetTime
dep_strHasAnsiForm
dep_strNormalToNewUnicode
dep_strNormalToUnicode
dep_strOemToAnsi
dep_strOemToCurr
dep_strOemToUnicode
dep_strUnicode16ToUtf7
dep_strUnicodeToCodePage
dep_strUnicodeToNewNormal
dep_strUnicodeToNewUtf8
dep_strUnicodeToNormal
dep_strUnicodeToNormalFlags
dep_strUnicodeToOem
dep_strUnicodeToUtf8
dep_strUtf7ToUnicode16
dep_strUtf8ToAnsi
dep_strUtf8ToNewAnsi
dep_strUtf8ToNewCurr
dep_strUtf8ToNewUnicode
dep_strUtf8ToUnicode
dep_strUtfToUtf
dep_timeCompareFile
dep_timeFileToSystem
dep_timeGetSystemTime
dep_timeSystemToFile
dep_trcTrace1
dep_trcTraceFileClose
dep_trcTraceFileOpen
rawfsGetStreamInfo
rawfsProcessStream
secCreatePublicDirSA
secCreatePublicSA
secCreateSA

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

100b049d5914fc0e4ad190ae5d03e196

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 126KB - Virtual size: 125KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 6KB

.didat Size: 512B - Virtual size: 28B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 126KB - Virtual size: 125KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 28B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB