1e91d22b59c52298daefc61cf6838e20_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

1e91d22b59c52298daefc61cf6838e20_NEIKI
Size

5.4MB
MD5

1e91d22b59c52298daefc61cf6838e20
SHA1

ccb0922651dab9fbd152f0f49331a98689babd01
SHA256

ba92211ecdf4e2d35889244afac593e5e94077273469f606f61b782ccb5854d9
SHA512

dcff85d65716f8df17dcb110981fa7d14c1daf840b973c0f1d78e5875c4dfe047f4d0f06c2f38f0817ebd7cec91a976b60176fb20eaaba5d14eb8a2d3bcff00d
SSDEEP

49152:EwYV15jTAh9TbGQQLwhPgr69rvsMHa3TTKjIfPl0MGAyPFeXTerRJtyyf7CaRkPG:EhVYCCgrET6jtPlEPFptrzj+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e91d22b59c52298daefc61cf6838e20_NEIKI

Files

1e91d22b59c52298daefc61cf6838e20_NEIKI
.exe windows:5 windows x86 arch:x86

136177b8fac9550f25929d2c3fe0d229

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\liuxuan\Documents\Visual Studio 2013\Projects\dinosaur\Release\dinosaur.pdb

Imports

kernel32

DeleteFileW
LocalFree
GetNativeSystemInfo
GetComputerNameW
GetModuleFileNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetVersionExA
GetSystemTimeAsFileTime
CreateFileA
SetFilePointerEx
CreateDirectoryW
WriteFile
GetDriveTypeA
ReadFile
GetFileSizeEx
GetLogicalDriveStringsA
FindNextFileW
GetFileAttributesExW
GetDiskFreeSpaceExA
GetFullPathNameW
GetFullPathNameA
GetFileSize
CreateMutexW
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
SystemTimeToFileTime
QueryPerformanceCounter
WaitForSingleObject
UnlockFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
FormatMessageA
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
GetFileAttributesA
LeaveCriticalSection
HeapCreate
HeapValidate
GetFileAttributesW
FlushFileBuffers
GetTempPathW
GetProcAddress
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
CloseHandle
GetSystemInfo
OutputDebugStringA
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
DeleteCriticalSection
DecodePointer
FindClose
HeapSize
RaiseException
MultiByteToWideChar
CreateFileW
HeapDestroy
FormatMessageW
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
FindFirstFileW
HeapReAlloc
SetThreadExecutionState
GetCurrentThreadId
GetLastError
lstrlenA
SetEnvironmentVariableA
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
GetDriveTypeW
FindFirstFileExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleW
MoveFileExW
ReadConsoleW
CreatePipe
GetExitCodeProcess
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetStartupInfoW
TerminateProcess
CreateEventW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
GetDiskFreeSpaceA
Sleep
InterlockedCompareExchange
SetNamedPipeHandleState
SetEvent
OpenEventA
OpenFileMappingA
WaitNamedPipeA
GetACP
GetConsoleCP
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetLocaleInfoA
CreateEventA
CancelIo
QueueUserAPC
OpenThread
FindFirstFileA
FindNextFileA
LoadLibraryExA
SwitchToFiber
DeleteFiber
CreateFiber
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
SetLastError
DisconnectNamedPipe
PeekNamedPipe
GetOverlappedResult
WaitForMultipleObjects
QueryPerformanceFrequency
GetStdHandle
GetFileAttributesExA
DuplicateHandle
GetCurrentProcess
GetLogicalDrives
GetCurrentThread
EncodePointer
GetStringTypeW
IsProcessorFeaturePresent
SetConsoleCtrlHandler
CreateProcessA
GetCPInfo
IsDebuggerPresent
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFileType
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
GetConsoleMode
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
RtlUnwind
GetTimeZoneInformation
SetStdHandle
SystemTimeToTzSpecificLocalTime
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetModuleHandleW

user32

GetSystemMetrics

advapi32

RevertToSelf
RegCloseKey
RegEnumValueA
RegOpenKeyExA
CryptAcquireContextA
CryptReleaseContext
LogonUserA
QueryServiceConfigA
CryptGenRandom
OpenSCManagerA
ImpersonateLoggedOnUser
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

shell32

SHCreateDirectoryExW

ole32

CoInitialize
OleRun
CoUninitialize
CoCreateInstance

oleaut32

SystemTimeToVariantTime
VariantChangeType
VariantInit
SysAllocStringByteLen
VariantCopy
GetErrorInfo
SysFreeString
VariantTimeToSystemTime
SysAllocString
SysStringLen
VariantClear
SysStringByteLen

ws2_32

WSAGetLastError
getsockopt
WSAStartup
getpeername
ntohs
setsockopt
closesocket
select
accept
listen
send
freeaddrinfo
socket
bind
recv
htons
getaddrinfo
connect
ioctlsocket
getsockname
getservbyname
htonl
shutdown
WSASetLastError
WSAIoctl
WSACleanup
__WSAFDIsSet
getnameinfo

shlwapi

PathFileExistsW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

136177b8fac9550f25929d2c3fe0d229

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

iphlpapi

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 1.6MB - Virtual size: 1.9MB

.tls Size: 512B - Virtual size: 81B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 100KB - Virtual size: 100KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 1.6MB - Virtual size: 1.9MB

.tls
Size: 512B - Virtual size: 81B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 100KB - Virtual size: 100KB