0dd7e4704c2d6ce8bee5774077f00810_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

0dd7e4704c2d6ce8bee5774077f00810_NEIKI
Size

3.8MB
MD5

0dd7e4704c2d6ce8bee5774077f00810
SHA1

d02648471ae37689af5f372c38650b481430d4b2
SHA256

9d64516da8301bef365f322f416bcca81c52dc02736f68d6e99f1356bd70bf6a
SHA512

95d40a461eca188500c3a316cb1bbdf55ce87f1836460853c38d8b8f4ed2b44c2d3b7f97be07d13b3de11dc6fe5a4dcf5cf52b31881b489d4f92e886b20b1d67
SSDEEP

49152:/oF7oRb5KO8WEC1/9yoH3AeY9072SmWNHf4hi/4WmxAHDMZBULe24O8b8ITDnl8T:gF78pV5H3Tj72Szd4AqsT

Score

1^/10

Malware Config

Signatures

Files

0dd7e4704c2d6ce8bee5774077f00810_NEIKI
.exe windows:6 windows x86 arch:x86

ccb53a063d3d964fc7ce625cb9792bf7

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:1a:34:0f:78:d7:d0:00:e0:89:fd:ba:ad:65:22:df
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/11/2023, 00:00

Not After

04/11/2025, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:ab:fc:a2:0f:60:f4:3f:1c:06:45:6c:52:b6:2d:04:0d:90:c7:10:5d:10:31:b7:db:25:4d:37:32:2a:21:be
Signer

Actual PE Digest

46:ab:fc:a2:0f:60:f4:3f:1c:06:45:6c:52:b6:2d:04:0d:90:c7:10:5d:10:31:b7:db:25:4d:37:32:2a:21:be

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\T\BuildResults\bin\Release\AcroRd32Exe.pdb

Imports

kernel32

lstrcmpW
CreateEventA
GetCurrentThread
SetThreadPriority
TerminateThread
GetModuleFileNameA
GetSystemPowerStatus
CreateFileA
FindFirstFileA
FindNextFileA
GetFinalPathNameByHandleW
SetFilePointer
GetSystemInfo
VirtualQueryEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadLibraryExA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
FindResourceExW
LockResource
SetErrorMode
QueryPerformanceCounter
HeapSetInformation
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
CreateProcessW
GetSystemTime
GetSystemTimeAsFileTime
AddAtomW
SystemTimeToFileTime
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MulDiv
IsProcessorFeaturePresent
lstrcmpA
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
QueryDosDeviceW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
GetCurrentDirectoryW
MultiByteToWideChar
SetDllDirectoryW
LoadLibraryA
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
GetExitCodeProcess
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
GetLongPathNameW
SetCurrentDirectoryW
GetTickCount
OpenMutexW
GetVolumeInformationW
CreateThread
CreateEventW
CreateMutexW
WaitForSingleObject
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitNamedPipeW
CreateNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
ReadFile
GetFileType
CreateFileW
GetStartupInfoW
WriteConsoleW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ExitProcess
SetStdHandle
GetConsoleOutputCP
FreeLibraryAndExitThread
InitializeCriticalSectionAndSpinCount
RtlUnwind
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
GetLocaleInfoEx
lstrlenW
GetCurrentProcess
GetTempPathW
CreateDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
VerifyVersionInfoW
lstrcmpiW
LocalFree
LocalAlloc
VerSetConditionMask
GetModuleHandleExW
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
GetConsoleMode
WideCharToMultiByte
GetDynamicTimeZoneInformation
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
OpenProcess
GetCurrentThreadId
GetCurrentProcessId
Sleep
SetLastError
GetLastError
CloseHandle
OutputDebugStringW
OutputDebugStringA
WriteFile
GetFileAttributesA
GetCommandLineW
GetVersionExW
InitOnceComplete
InitOnceBeginInitialize
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetStringTypeW
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
QueryFullProcessImageNameW
GlobalHandle
GlobalSize
WaitForSingleObjectEx
GetComputerNameExW
OpenEventW
CreateDirectoryExW
CompareFileTime
GetFileTime
GetFullPathNameW
GetExitCodeThread
GetTempFileNameW
GetModuleHandleExA
ExitThread
SearchPathW
VirtualFree
GetStdHandle
VirtualProtect
VirtualQuery
GetProcessId
TerminateProcess
DuplicateHandle
GetProcessTimes
ExpandEnvironmentStringsW
ProcessIdToSessionId
IsWow64Process
GetProductInfo
GetNativeSystemInfo
DeleteFileW
GetFileSizeEx
GetLocalTime
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceFrequency
QueryThreadCycleTime
GetThreadPriority
UnregisterWaitEx
RegisterWaitForSingleObject
GetUserDefaultLangID
IsDebuggerPresent
GetThreadId
TlsGetValue
AcquireSRWLockExclusive
MoveFileExW
GetFileAttributesExW
TlsAlloc
TlsFree
TlsSetValue
SetFilePointerEx
SetEndOfFile
GetFileInformationByHandle
FlushFileBuffers
FindFirstFileExW
GetWindowsDirectoryW
lstrcmpiA
SetEnvironmentVariableW
GetEnvironmentVariableW
GetLocaleInfoW
GetDriveTypeW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
GetFileSize
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
GetVolumeInformationByHandleW
GetProfileStringW
ReadProcessMemory
CreateIoCompletionPort
TerminateJobObject
GetQueuedCompletionStatus
UnregisterWait
PostQueuedCompletionStatus
SetInformationJobObject
IsProcessInJob
QueryInformationJobObject
ResumeThread
DebugBreak
GetUserDefaultLCID
GetUserDefaultLocaleName
SetHandleInformation
SetProcessDEPPolicy
AssignProcessToJobObject
SignalObjectAndWait
CreateRemoteThread
CreateJobObjectW

user32

SetProcessWindowStation
CreateWindowStationW
CreateDesktopW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
GetParent
MessageBoxW
RemovePropW
GetPropW
SetPropW
GetActiveWindow
GetDlgItem
SendMessageW
GetClipboardData
GetProcessWindowStation
ReleaseDC
GetDC
MsgWaitForMultipleObjects
RegisterClipboardFormatW
PeekMessageW
DispatchMessageW
DdeDisconnect
DdeConnect
DdeAddData
DdeCreateDataHandle
DdeGetData
EnumThreadWindows
IsWindowVisible
DdeFreeStringHandle
DdeCreateStringHandleW
DdeNameService
DdeUninitialize
DdeInitializeW
SetWindowLongW
ShowWindow
SendNotifyMessageW
RegisterWindowMessageA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
RegisterWindowMessageW
LoadIconA
LoadCursorA
GetThreadDesktop
PostThreadMessageW
IsWindowEnabled
AllowSetForegroundWindow
CloseWindowStation
GetFocus
MonitorFromWindow
GetMonitorInfoW
GetAsyncKeyState
EnumChildWindows
FindWindowExW
EnableWindow
GetRawInputDeviceInfoW
GetAncestor
SetActiveWindow
CreateIconFromResourceEx
GetWindowTextLengthW
RegisterClassW
GetWindowInfo
SetDlgItemTextW
GetRawInputDeviceList
DdeClientTransaction
LoadIconW
SendDlgItemMessageW
CloseWindow
GetPropA
OpenClipboard
CloseClipboard
IsClipboardFormatAvailable
EnumClipboardFormats
CountClipboardFormats
EmptyClipboard
SetClipboardData
GetClipboardFormatNameW
GetClipboardFormatNameA
GetClipboardSequenceNumber
GetClipboardOwner
GetPriorityClipboardFormat
GetOpenClipboardWindow
GetClipboardViewer
LoadCursorW
GetWindowDC
GetMessageW
SystemParametersInfoW
BeginPaint
EndPaint
ScreenToClient
GetClientRect
MapWindowPoints
SetCursor
IsChild
IsDialogMessageW
FillRect
LoadBitmapW
MapDialogRect
SetWindowContextHelpId
GetClassInfoExW
GetSysColor
CallWindowProcW
RedrawWindow
CreateAcceleratorTableW
ClientToScreen
MoveWindow
SetCapture
ReleaseCapture
InvalidateRect
InvalidateRgn
SetFocus
DestroyAcceleratorTable
CreateDialogIndirectParamW
UpdateWindow
SetRect
IsRectEmpty
FindWindowA
KillTimer
SetTimer
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
PostQuitMessage
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
UserHandleGrantAccess
GetWindow
EnumWindows
SetParent
GetWindowLongW
GetWindowTextW
IsWindow
FindWindowW
GetDesktopWindow
GetWindowRect
SetForegroundWindow
GetSystemMetrics
BringWindowToTop
SetWindowPos
SendMessageTimeoutW
EnumDesktopWindows
GetGUIThreadInfo
GetWindowThreadProcessId
SetWindowTextW
GetForegroundWindow
CharNextW
EndDialog
DialogBoxParamW
UnregisterClassW
GetUserObjectInformationW

advapi32

CryptGenKey
RegGetValueW
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
RegOpenKeyA
EqualSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyW
ReportEventW
RegisterEventSourceW
CloseEventLog
ConvertSidToStringSidW
LookupPrivilegeValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
SetTokenInformation
GetSecurityDescriptorSacl
GetLengthSid
FreeSid
DuplicateTokenEx
CreateWellKnownSid
CopySid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteKeyExW
SystemFunction036
GetNamedSecurityInfoW
MapGenericMask
AccessCheck
OpenThreadToken
InitializeSecurityDescriptor
InitializeAcl
SetSecurityDescriptorDacl
GetAce
SetKernelObjectSecurity
GetKernelObjectSecurity
InitializeSid
GetAclInformation
AddAce
RevertToSelf
RegDisablePredefinedCache
CreateRestrictedToken
DuplicateToken
CreateProcessAsUserW
SetThreadToken
CheckTokenMembership
RegDeleteTreeW
SaferiIsExecutableFileType
CryptAcquireContextA
CryptAcquireContextW
CryptReleaseContext
CryptImportKey
CryptDestroyKey
CryptGetProvParam
CryptSetProvParam
CryptGenRandom
CryptGetUserKey
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptSignHashA
CryptSignHashW
CryptGetHashParam
CryptSetHashParam
CryptSetKeyParam
CryptContextAddRef
GetUserNameW
ImpersonateAnonymousToken

shlwapi

UrlUnescapeW
UrlIsW
PathCanonicalizeW
PathFileExistsW
PathRemoveBackslashW
PathAppendW
PathRemoveFileSpecW
PathFindExtensionA
PathCombineW
PathIsRelativeW
PathFindExtensionW
AssocQueryStringW
UrlGetPartW
PathIsDirectoryW
PathIsUNCW
PathFindFileNameW
PathIsUNCServerShareW
ord219
PathIsURLW
UrlCanonicalizeW
PathCreateFromUrlW
PathAddBackslashW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winhttp

WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetCredentials

Exports

Exports

AcroRd32IsBrokerProcess
GetHandleVerifier
GetWinstaDesktopInfo
IsSandboxedProcess

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 726KB - Virtual size: 725KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccb53a063d3d964fc7ce625cb9792bf7

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:1a:34:0f:78:d7:d0:00:e0:89:fd:ba:ad:65:22:dfCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

46:ab:fc:a2:0f:60:f4:3f:1c:06:45:6c:52:b6:2d:04:0d:90:c7:10:5d:10:31:b7:db:25:4d:37:32:2a:21:beSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

version

winhttp

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 568KB - Virtual size: 567KB

.data Size: 37KB - Virtual size: 57KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 726KB - Virtual size: 725KB

.reloc Size: 119KB - Virtual size: 119KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:1a:34:0f:78:d7:d0:00:e0:89:fd:ba:ad:65:22:df
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

46:ab:fc:a2:0f:60:f4:3f:1c:06:45:6c:52:b6:2d:04:0d:90:c7:10:5d:10:31:b7:db:25:4d:37:32:2a:21:be
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 568KB - Virtual size: 567KB

.data
Size: 37KB - Virtual size: 57KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 726KB - Virtual size: 725KB

.reloc
Size: 119KB - Virtual size: 119KB