1baff5fc1b38528778a02c0284c12d90_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

1baff5fc1b38528778a02c0284c12d90_NEIKI
Size

45KB
MD5

1baff5fc1b38528778a02c0284c12d90
SHA1

077927bce59ef92c30c9c65d2049a9cad07aec9b
SHA256

69b37d99fb459ede0e5d59d4b15cf1f6210853e004acc972d8c28f2ef878f616
SHA512

bebdc926482b5a5e08efa738ed3128ebf7c484da974cabf61ce908c820f0bc5313d9364f320c91ec32684531d3f319c7ba4a5dbf0e613ab4d5a92d44d975a7c6
SSDEEP

768:coohfw8GTTeOkMUSSY5J6SD2nEvEtOs4+lB7OZplyQEnco53inJBROtJ4lIGs:coCwLTvUSSY5J6ekW2B6Oco53inJTOt7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1baff5fc1b38528778a02c0284c12d90_NEIKI

Files

1baff5fc1b38528778a02c0284c12d90_NEIKI
.dll windows:5 windows x86 arch:x86

84a95e91b6feab5da2eecb25c0549d2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\Integrad\V3.7.1\bin\ivapiimpl_cpp.pdb

Imports

mfc90u

ord5676
ord4996
ord6018
ord2447
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord3670
ord2087
ord3217
ord5674
ord4347
ord4043
ord5680
ord5663
ord2771
ord2983
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord6019
ord5677
ord3673
ord3993
ord605
ord1274
ord321
ord1241
ord1239
ord1264
ord1180
ord1233
ord2084
ord391
ord1152
ord1273
ord1271
ord1145
ord1076
ord1137
ord322
ord802
ord1088
ord589
ord794
ord266
ord4211
ord593
ord796
ord2448
ord1884
ord1134
ord1165
ord4905
ord4681
ord4348
ord4997
ord4448
ord2891
ord4423

msvcr90

__FrameUnwindFilter
_crt_debugger_hook
_cexit
_except_handler4_common
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
??2@YAPAXI@Z
__CxxFrameHandler3
??3@YAXPAX@Z

kernel32

GetSystemTimeAsFileTime
LocalAlloc
InterlockedExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalFree
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep

user32

PostThreadMessageW

msvcm90

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84a95e91b6feab5da2eecb25c0549d2c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90u

msvcr90

kernel32

user32

msvcm90

mscoree

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 1024B - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 1024B - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB