1384d0d307189b0c864a1b876abdeee0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

1384d0d307189b0c864a1b876abdeee0_NEIKI
Size

744KB
MD5

1384d0d307189b0c864a1b876abdeee0
SHA1

377172ac4ef880106246e90e06cbd72fa47709d7
SHA256

9d9e7f5a42311aeabff0d4dfd27fadf556292c3b843fe6888b1d3011ba301198
SHA512

e85b35d513316a296a34890229c9a64369c931c36a70ea457cfab86045f919675ee220dc478511a0abd270e3cfb387197a154d064b914f9bf28940568cc6adf3
SSDEEP

12288:yZIK/pGTiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:GP/pGn/TwSfVcYG3K/cJHlnFR+IGNe8c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1384d0d307189b0c864a1b876abdeee0_NEIKI

Files

1384d0d307189b0c864a1b876abdeee0_NEIKI
.exe windows:6 windows x64 arch:x64

fe1fbbee926f89337319e615f2b18fc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadResource
SizeofResource
lstrcmpiW
FindResourceW
MultiByteToWideChar
GetCommandLineW
DecodePointer
CloseHandle
SetEvent
WaitForSingleObject
CreateEventW
Sleep
LoadLibraryExW
GetCurrentThreadId
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection
CreateFileW
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
CreateThread
RaiseException
GetStringTypeW
LCMapStringW
WideCharToMultiByte
LoadLibraryW
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapSize
HeapReAlloc
TlsFree
LocalFree
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
HeapAlloc
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
SetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetProcessHeap
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue

user32

PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharUpperW
CharNextW

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

ole32

CoTaskMemFree
CoCreateInstance
CoRevokeClassObject
CoResumeClassObjects
CoUninitialize
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
CoAddRefServerProcess
CoReleaseServerProcess
StringFromGUID2
CoInitialize
OleRun

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysStringLen
SysFreeString
SysAllocString
VarUI4FromStr

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fe1fbbee926f89337319e615f2b18fc5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 8KB - Virtual size: 17KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 8KB - Virtual size: 17KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 568KB - Virtual size: 572KB