1ca1635e62f07e66ae931ebc8c5aa930_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

1ca1635e62f07e66ae931ebc8c5aa930_NEIKI
Size

303KB
MD5

1ca1635e62f07e66ae931ebc8c5aa930
SHA1

25142e615a577b09505db3258e08c29afa93290a
SHA256

dbdc4e1786742461fb739b679470c7e6e873e03592156bafdeb90125d667d1fc
SHA512

a1359358b17e0d94dbf89cdb731aca6cfa4bdb6e57497d36299f311a45c7262df8ea3ea62a19f6045f5a628102704820d70600b3f89f525aaff694a175aedd0b
SSDEEP

6144:onOr3yofb0B4wuQwDAMP4WJjFirm4YuvwLRkeGO4ya6:onOr3yofb0Bhyii4rCxT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ca1635e62f07e66ae931ebc8c5aa930_NEIKI

Files

1ca1635e62f07e66ae931ebc8c5aa930_NEIKI
.exe windows:6 windows x86 arch:x86

6210419bd12cf82f32f0f2fb54acec2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\T\Acrobat\Installers\ADNotificationManager\Reader Release_Win32\ADNotificationManager.pdb

Imports

urlmon

URLDownloadToFileW

kernel32

GetTickCount64
Process32NextW
K32GetModuleBaseNameW
DeleteFileW
Process32FirstW
CloseHandle
K32EnumProcesses
GetWindowsDirectoryW
GetProcAddress
LocalFree
SystemTimeToFileTime
CreateProcessW
GetModuleHandleW
lstrcpyW
K32EnumProcessModules
GetSystemTime
CreateToolhelp32Snapshot
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
OpenProcess
K32GetProcessImageFileNameW
CreateFileW
GetEnvironmentVariableW
GetModuleFileNameW
GetPackageFamilyName
GetCurrentProcess
GetProcessHeap
DeleteCriticalSection
HeapAlloc
GetLastError
Sleep
InitializeCriticalSectionEx
FormatMessageW
GetCommandLineW
HeapFree
IsDebuggerPresent
LoadLibraryW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FreeLibrary
InterlockedPushEntrySList

user32

GetMessageW
CreateWindowExW
SendMessageW
SystemParametersInfoW
TranslateMessage
CharUpperBuffW
GetSystemMetrics
GetLastInputInfo
DispatchMessageW
RegisterClassExW
DefWindowProcW
GetDesktopWindow
FindWindowW

advapi32

SetNamedSecurityInfoW
CryptAcquireContextW
RegOpenKeyA
RegCreateKeyExW
GetNamedSecurityInfoW
CryptCreateHash
CryptHashData
RegSetValueExW
CryptDestroyHash
OpenProcessToken
RegOpenKeyExW
ConvertSidToStringSidW
RegDeleteValueW
CryptGetHashParam
CryptReleaseContext
GetTokenInformation
RegSetKeyValueW
RegDeleteKeyW
RegDeleteKeyValueW
RegCloseKey
RegCreateKeyW
RegQueryValueExW

shell32

SHChangeNotify
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW

ole32

CoRegisterClassObject
CoAllowSetForegroundWindow
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoInitializeEx
CLSIDFromString

oleaut32

SysFreeString
SetErrorInfo
SysStringLen
GetErrorInfo
SysAllocString

msvcp140

_Mtx_lock
?_Xbad_function_call@std@@YAXXZ
_Mtx_init_in_situ
_Mtx_unlock
_Mtx_destroy_in_situ
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

_except_handler4_common
memcpy
memmove
_CxxThrowException
__current_exception_context
__current_exception
memset
wcsstr
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
terminate
_c_exit
_register_thread_local_exe_atexit_callback
_cexit
_errno
_controlfp_s
_invalid_parameter_noinfo_noreturn
exit
_crt_atexit
abort
_invalid_parameter_noinfo
_set_app_type
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_beginthreadex

api-ms-win-crt-string-l1-1-0

iswspace
_wcslwr_s
_wcsicmp
strncpy_s
wcsncpy_s
wcscat_s
wcscpy_s

api-ms-win-crt-convert-l1-1-0

_itow_s

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__p__commode
_set_fmode

api-ms-win-crt-math-l1-1-0

ceil
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6210419bd12cf82f32f0f2fb54acec2e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 83KB - Virtual size: 84KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 83KB - Virtual size: 84KB