3e54c53afc80d116a1a34109bd065d00_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

3e54c53afc80d116a1a34109bd065d00_NEIKI
Size

2.3MB
MD5

3e54c53afc80d116a1a34109bd065d00
SHA1

9c251b17cde467218fe5bee3c29a4d9c14843b94
SHA256

98c5d50351b716ea9d385ea73e06ebe6cc1bb6c857590d77fbed0526daa8a20f
SHA512

e6f303cac9cd9c7dfe4112f1f6c3fdd7d4336527322a5144b8a95271b1dc2d1445426070d8c927403744b19cd094401d75ccde2bc2406dc70f5375ba1c45e146
SSDEEP

49152:L5e0qES1uEFWbp+TxfIrj9cje98eZVnNF1MJ+j56CgTEt5VlWYH4sV9IQY:8EmePVYYH47

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e54c53afc80d116a1a34109bd065d00_NEIKI

Files

3e54c53afc80d116a1a34109bd065d00_NEIKI
.exe windows:6 windows x64 arch:x64

5f9f01dd7a4578804cc2390c260f05e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\full-fbsource\buck-out\gen\3b9ce0ae\xplat\third-party\crashpad\handlerWindows.pdb

Imports

kernel32

AcquireSRWLockExclusive
AreFileApisANSI
ChangeTimerQueueTimer
CloseHandle
CloseThreadpoolTimer
CompareStringW
ConnectNamedPipe
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateIoCompletionPort
CreateMutexExW
CreateNamedPipeW
CreateProcessW
CreateSemaphoreExW
CreateSemaphoreW
CreateThread
CreateThreadpoolTimer
CreateTimerQueue
CreateTimerQueueTimer
DebugBreak
DecodePointer
DeleteCriticalSection
DeleteFileW
DeleteTimerQueueTimer
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnterCriticalSection
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeLibrary
FreeLibraryAndExitThread
GetCPInfo
GetComputerNameA
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDynamicTimeZoneInformation
GetExitCodeThread
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileTime
GetFileType
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalProcessorInformation
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNamedPipeHandleStateA
GetNumaHighestNodeNumber
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessId
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDefaultLCID
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathA
GetThreadContext
GetThreadLocale
GetThreadPriority
GetThreadTimes
GetTickCount
GetTickCount64
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExW
GetWindowsDirectoryA
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsWow64Process
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalFree
LockFileEx
MapViewOfFileEx
MultiByteToWideChar
OpenEventA
OpenProcess
OpenSemaphoreW
OpenThread
OutputDebugStringA
OutputDebugStringW
PostQueuedCompletionStatus
QueryDepthSList
QueryPerformanceCounter
QueryPerformanceFrequency
QueryUnbiasedInterruptTime
RaiseException
ReadFile
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetEndOfFile
SetEvent
SetFilePointerEx
SetHandleInformation
SetLastError
SetNamedPipeHandleState
SetProcessShutdownParameters
SetThreadAffinityMask
SetThreadPriority
SetThreadpoolTimer
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
SleepEx
SuspendThread
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransactNamedPipe
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
UnregisterWait
UnregisterWaitEx
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQueryEx
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WideCharToMultiByte
Wow64GetThreadContext
WriteConsoleA
WriteFile

advapi32

BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ImpersonateNamedPipeClient
InitializeSecurityDescriptor
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RevertToSelf
SetSecurityDescriptorDacl
SystemFunction036

user32

CreateWindowExW
DefWindowProcW
DestroyWindow
DispatchMessageW
GetMessageW
GetWindowLongPtrW
PostMessageW
RegisterClassW
SetWindowLongPtrW
TranslateMessage
UnregisterClassW

dbghelp

MiniDumpWriteDump

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpWriteData

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

powrprof

CallNtPowerInformation

shell32

SHGetKnownFolderPath

ws2_32

WSACleanup
WSAEnumNetworkEvents
WSAGetLastError
WSAStartup
closesocket
send

vcruntime140

_CxxThrowException
__AdjustPointer
__C_specific_handler
__CxxFrameHandler3
__RTDynamicCast
__RTtypeid
__current_exception
__processing_throw
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_name
__uncaught_exception
_purecall
memchr
memcmp
memcpy
memmove
memset
strchr
strrchr

api-ms-win-crt-time-l1-1-0

_Getdays
_Getmonths
_Gettnames
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_gmtime64_s
_localtime64
_localtime64_s
_time64
clock
strftime

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
__pctype_func
_configthreadlocale
_lock_locales
_unlock_locales
localeconv
setlocale

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
_close
_fseeki64
_get_osfhandle
_get_stream_buffer_pointers
_isatty
_pclose
_popen
_set_fmode
_sopen_dispatch
_wfsopen
_write
_wsopen_dispatch
fclose
fflush
fgetc
fgetpos
fputc
fread
fseek
fsetpos
fwrite
setvbuf
ungetc

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___wargv
_beginthreadex
_c_exit
_cexit
_configure_wide_argv
_crt_atexit
_errno
_exit
_get_wide_winmain_command_line
_getpid
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
abort
exit
perror
signal
strerror
strerror_s
terminate

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dsign
_dtest
_fdopen
_fdtest
_ldtest
exp
frexp
ldexp
pow
powf
sqrt

api-ms-win-crt-string-l1-1-0

__strncnt
_wcsdup
_wcsicmp
isalnum
islower
isspace
isupper
strcmp
strcspn
strlen
strncmp
strncpy
strnlen
tolower
wcscmp
wcscpy
wcslen
wcsncmp
wcsnlen

api-ms-win-crt-heap-l1-1-0

_aligned_free
_aligned_malloc
_callnewh
_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlink
_unlock_file
_wstat64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-convert-l1-1-0

strtod
strtof
strtol
strtoul
strtoull

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 565KB - Virtual size: 565KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 321B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5f9f01dd7a4578804cc2390c260f05e4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

dbghelp

winhttp

version

powrprof

shell32

ws2_32

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 565KB - Virtual size: 565KB

.data Size: 38KB - Virtual size: 153KB

.pdata Size: 103KB - Virtual size: 103KB

.00cfg Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 321B

CPADinfo Size: 512B - Virtual size: 56B

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 565KB - Virtual size: 565KB

.data
Size: 38KB - Virtual size: 153KB

.pdata
Size: 103KB - Virtual size: 103KB

.00cfg
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 321B

CPADinfo
Size: 512B - Virtual size: 56B

.reloc
Size: 576KB - Virtual size: 580KB