0eeb0cc1262579a9577d9f70cf26fdf0_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

0eeb0cc1262579a9577d9f70cf26fdf0_NEIKI
Size

71KB
MD5

0eeb0cc1262579a9577d9f70cf26fdf0
SHA1

8501f618b13add4b8221730ee2936ba3deebe444
SHA256

abf5c530bcfba87e2acea43548ea6735356fbc7f5b3095a0597b52fd75c9ec40
SHA512

8640f1c971800d46037282d768bda594f31aba76f419d864f1837e1f456caf02494b44a27d914705cdf3b2b41e7be86dc99338927cb87d99d1670109c58dc0a8
SSDEEP

1536:lBPx2U42W0zzlvfOtHtYalJsK9jIPaYB6d:lpYF2jlvmVfYB6d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0eeb0cc1262579a9577d9f70cf26fdf0_NEIKI

Files

0eeb0cc1262579a9577d9f70cf26fdf0_NEIKI
.dll windows:5 windows x86 arch:x86

7a8cd6640489a53ced6e68f479d6118b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
FreeLibrary
GetProcAddress
LocalAlloc
InterlockedExchange
lstrcmpiW
CreateFileW
MulDiv
WriteFile
GetSystemTime
lstrcatW
RaiseException
FileTimeToSystemTime
GetProcessHeap
SystemTimeToFileTime
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
CreateThread
lstrcpyW
CloseHandle
CreateEventW
EnterCriticalSection
ExitThread
LeaveCriticalSection
SetEvent
WaitForSingleObject
HeapFree
HeapAlloc
DisableThreadLibraryCalls
GetLastError
lstrlenW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
HeapSize
QueryPerformanceCounter
LoadLibraryA

user32

CreateIconIndirect
CreateIconFromResourceEx
GetIconInfo
PeekMessageW
wsprintfW
GetDC
ReleaseDC
DispatchMessageW
DestroyIcon
PostThreadMessageW
TranslateMessage
GetMessageW
IsWindow
SendMessageTimeoutW

gdi32

CreateCompatibleBitmap
StretchBlt
SetStretchBltMode
CreateDIBSection
GetWindowExtEx
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
SetMapMode
GetViewportExtEx
GetMapMode

advapi32

CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptAcquireContextW
CryptEncrypt
CryptReleaseContext
CryptDeriveKey

ole32

CoUninitialize
OleInitialize
CreateStreamOnHGlobal
CreateBindCtx
CoCreateInstance
CoInitializeEx
OleUninitialize

oleaut32

SysFreeString
SysStringLen
VariantChangeType
SysAllocString

urlmon

CreateURLMoniker

Exports

Exports

?CanUnloadNow@@YGJXZ
GetClassObject
_crt_debugger_hook

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a8cd6640489a53ced6e68f479d6118b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

urlmon

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 784B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 784B

.reloc
Size: 4KB - Virtual size: 3KB