27d3105273529cfca93f73865ee43a40_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

27d3105273529cfca93f73865ee43a40_NEIKI
Size

513KB
MD5

27d3105273529cfca93f73865ee43a40
SHA1

5f0adbe4946e65ca32356e9dc68b6ccc5ef8b01a
SHA256

25e6bf67410dffb95c527c19dcff5223dbc3bf4c987650e45fbea1267072e8ff
SHA512

fc7b7307189d76e9551781420761206843eb2b81ad7003a39e09b65080e8da45be5c5efcb7654672a300b597fd5ee7ba25f3f237b35beaebbe41f9ddcd933b7c
SSDEEP

12288:IMuAI4y5x8cVF8hn+kZnBfQp/EAzC8ctjhoOpC/YP5pZun73PyV:IMS4cLF8Ii+Hz/ctjho+CARyaV

Score

1^/10

Malware Config

Signatures

Files

27d3105273529cfca93f73865ee43a40_NEIKI
.exe windows:5 windows x86 arch:x86

c8223625452bc2da47201a9d1f00196f

Code Sign

08:1b:23:05:66:2c:bb:a4:4f:07:49:ca:9b:b6:97:26
Certificate

Issuer

CN=john,OU=,O=,1.2.840.113549.1.9.1=#0c13726f636b5f3230303740676d61696c2e636f6d

Not Before

12/03/2015, 10:45

Not After

31/12/2039, 23:59

Subject

CN=john,OU=,O=,1.2.840.113549.1.9.1=#0c13726f636b5f3230303740676d61696c2e636f6d

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:65:99:1c:53:31:68:de:87:69:71:1b:14:8b:87:84:1e:38:d9:00
Signer

Actual PE Digest

08:65:99:1c:53:31:68:de:87:69:71:1b:14:8b:87:84:1e:38:d9:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Acms\2\docs\Visual Studio 2013\Projects\DownloadExcute\DownloadExcute\Release\DownExecute.pdb

Imports

iphlpapi

GetAdaptersInfo

ws2_32

listen
select
WSACleanup
WSAStartup
__WSAFDIsSet
WSAGetLastError
recv
send
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
gethostname
ntohl
htonl
ioctlsocket
getaddrinfo
accept
recvfrom
sendto
WSASetLastError

wldap32

ord60
ord143
ord32
ord22
ord50
ord35
ord79
ord200
ord33
ord301
ord26
ord30
ord27
ord41
ord46
ord211

normaliz

IdnToAscii

shlwapi

PathFileExistsW

psapi

GetProcessImageFileNameW

kernel32

TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
WriteFile
HeapCreate
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
SetFilePointer
GetFileInformationByHandle
GetCurrentThreadId
ExitThread
GetSystemTimeAsFileTime
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetStartupInfoW
CreateProcessW
GetCurrentProcess
SetHandleInformation
WaitForSingleObject
OpenProcess
Sleep
GetExitCodeProcess
TerminateProcess
ReadFile
GetModuleFileNameW
lstrlenW
GetStdHandle
GetLastError
Process32FirstW
QueryDosDeviceW
CreatePipe
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
DeleteFileW
CreateThread
ExpandEnvironmentStringsW
TlsSetValue
IsDebuggerPresent
lstrlenA
GetTickCount
LoadLibraryW
GetProcAddress
lstrcmpiW
HeapSetInformation
CreateMutexW
FindResourceA
MapViewOfFile
UnmapViewOfFile
LoadResource
ExpandEnvironmentStringsA
SizeofResource
MultiByteToWideChar
OpenMutexW
LockResource
GetModuleFileNameA
ReleaseMutex
GetCurrentProcessId
OpenFileMappingA
GlobalAlloc
GlobalFree
GetComputerNameW
FindFirstFileA
FindClose
IsWow64Process
FindNextFileA
GetModuleHandleA
GetVolumeInformationW
GetModuleHandleW
GetSystemInfo
GetVersionExA
LoadLibraryA
VerifyVersionInfoA
VerSetConditionMask
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
SleepEx
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
WideCharToMultiByte
GetCommandLineW
WriteConsoleW
HeapReAlloc
TlsFree
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetHandleCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFullPathNameA
GetCurrentDirectoryW
FlushFileBuffers
SetStdHandle
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileW
GetDriveTypeW
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
CompareStringW
CreateFileA
ExitProcess
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
SetEnvironmentVariableA

user32

GetSystemMetrics

gdi32

CreateDCW
BitBlt
DeleteDC
CreateDIBSection
GetDeviceCaps
RestoreDC
DeleteObject
SelectObject
CreateCompatibleDC
SaveDC

advapi32

RegQueryValueExW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetUserNameW
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegEnumValueW
RegQueryInfoKeyW

shell32

SHGetFolderPathA

ole32

CreateStreamOnHGlobal
CoInitialize
CoCreateInstance

gdiplus

GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipCloneImage
GdipGetImageWidth
GdiplusStartup
GdipGetImagePixelFormat
GdipGetImageHeight
GdipFree
GdipSaveImageToStream
GdipCreateBitmapFromScan0

Sections

.text
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8223625452bc2da47201a9d1f00196f

Code Sign

08:1b:23:05:66:2c:bb:a4:4f:07:49:ca:9b:b6:97:26Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:65:99:1c:53:31:68:de:87:69:71:1b:14:8b:87:84:1e:38:d9:00Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

ws2_32

wldap32

normaliz

shlwapi

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

Sections

.text Size: 387KB - Virtual size: 387KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 7KB - Virtual size: 17.0MB

.rsrc Size: 14KB - Virtual size: 14KB

.rsrc Size: 15KB - Virtual size: 15KB

08:1b:23:05:66:2c:bb:a4:4f:07:49:ca:9b:b6:97:26
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:65:99:1c:53:31:68:de:87:69:71:1b:14:8b:87:84:1e:38:d9:00
Signer

.text
Size: 387KB - Virtual size: 387KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 7KB - Virtual size: 17.0MB

.rsrc
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 15KB - Virtual size: 15KB