2db5d809fd021347ec0b6524d9c7f7a0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

2db5d809fd021347ec0b6524d9c7f7a0_NEIKI
Size

797KB
MD5

2db5d809fd021347ec0b6524d9c7f7a0
SHA1

d2fcb7c08c1dda4e6bbbfb25de7ebaefa6df84c3
SHA256

ea5aa6c45058c2b04f0df2578bb3fa15b99e99f940da0133f0a5f9caf9e82882
SHA512

95cabf667097cff8256e1498d1cf4404c475aa275bcaa1683febda2d872297129769a3ddc45db85162f8be030c2c96adbad9e668e8982f74374bd9e3f0321299
SSDEEP

24576:MhgKlo4O1tGCWrJd2S7gX0EVp6cxnmkU/CqkNVZQ65FJgqkK4:vKlo4O1tGCWrJd2S7gX0EVp6cxnmkU/G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2db5d809fd021347ec0b6524d9c7f7a0_NEIKI

Files

2db5d809fd021347ec0b6524d9c7f7a0_NEIKI
.exe windows:5 windows x86 arch:x86

b1bbb47ec0ea004fb5a47d51865b1e9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\TFSSource\LaptopDev\T5000TeamProject\Tools\AnalyzeT5Database\Debug\AnalyzeT5Database.pdb

Imports

mfc90d

ord6476
ord4082
ord4304
ord3794
ord3981
ord1666
ord1405
ord1502
ord926
ord687
ord8837
ord1452
ord5744
ord946
ord699
ord964
ord322
ord316
ord3462
ord967
ord1131
ord6230
ord6054
ord3378
ord3680
ord7580
ord9125
ord1106
ord306
ord750
ord406
ord2847
ord2562
ord2568
ord2682
ord2563
ord7237
ord7001
ord869
ord2940
ord3748
ord8217
ord5034
ord598
ord5953
ord8010
ord9251
ord8100
ord5837
ord3993
ord9042
ord2176
ord311
ord4455
ord9086
ord7909
ord3686
ord6121
ord1513
ord2168
ord4301
ord966
ord280
ord1560
ord2172
ord1189
ord9004
ord5633
ord4708
ord776
ord2862
ord440
ord1193
ord912
ord3625
ord3849
ord8285
ord1251
ord1250
ord671
ord7950
ord8435
ord3835
ord4342
ord3877
ord5187
ord6177
ord5912
ord5637
ord9007
ord8038
ord5036
ord808
ord765
ord8066
ord6102
ord1475
ord427
ord486
ord8573
ord1736
ord5168
ord3725
ord933
ord5828
ord269
ord8611
ord1374
ord3249
ord6231
ord941
ord1908
ord925
ord686
ord5250
ord3229
ord4451
ord931
ord1644
ord1640
ord1638
ord9127
ord4105
ord6729
ord3791
ord8106
ord7557
ord7592
ord6761
ord5954
ord3335
ord697
ord7582
ord2714
ord5746
ord7822
ord9228
ord3783
ord5563
ord7419
ord1386
ord5712
ord8123
ord2859
ord2904
ord6495
ord9297
ord5703
ord9299
ord6081
ord6124
ord4873
ord1772
ord3031
ord5564
ord5554
ord3979
ord5957
ord6664
ord6424
ord6669
ord4329
ord7544
ord2305
ord2382
ord2383
ord6423
ord3138
ord2780
ord7516
ord1971
ord4470
ord8667
ord7256
ord5043
ord9298
ord5454
ord7523
ord6365
ord6986
ord7160
ord6773
ord2861
ord2409
ord2408
ord2252
ord2251
ord4634
ord8715
ord2338
ord2335
ord5950
ord2035
ord6404
ord7492
ord2699
ord7377
ord9296
ord6335
ord7547
ord3243
ord1903
ord5166
ord6972
ord6445
ord2306
ord8803
ord7598
ord7596
ord1215
ord1220
ord1224
ord1222
ord1226
ord3544
ord3564
ord3548
ord3554
ord3552
ord3550
ord3567
ord3562
ord3546
ord3569
ord3557
ord1860
ord8241
ord5026
ord5496
ord3539
ord3541
ord3559
ord3254
ord3241
ord2210
ord9300
ord4404
ord5704

msvcr90d

_errno
_CrtDbgReport
strcpy
wcscpy
_vsnprintf_s
_vsnwprintf_s
_snwprintf_s
ceil
floor
_gmtime64_s
_localtime64_s
wcscpy_s
wcsncpy_s
_recalloc
memcmp
_wcsicmp
wcslen
_setmbcp
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
??_V@YAXPAX@Z
_CrtDbgReportW
sprintf_s
strcpy_s
strncpy_s
__CxxFrameHandler3
memset
strchr
free
calloc
_CxxThrowException
memmove_s
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_amsg_exit
__getmainargs
_exit
_XcptFilter
_cexit
exit
_ismbblead
_acmdln
??1exception@std@@UAE@XZ
_initterm
_initterm_e
?terminate@@YAXXZ
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
_CrtSetCheckCount
_snprintf_s
??0exception@std@@QAE@ABQBD@Z
_mktime64
_time64
malloc
??0exception@std@@QAE@XZ
atoi
sscanf
printf
strftime
_invalid_parameter
_resetstkoflw
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
_mbsnbcpy
_access
__FrameUnwindFilter
_encoded_null

kernel32

FileTimeToSystemTime
GetCurrentDirectoryA
GetPrivateProfileStringA
FileTimeToLocalFileTime
MulDiv
LocalFileTimeToFileTime
OpenFileMappingA
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
MultiByteToWideChar
OutputDebugStringW
OpenEventA
SetEvent
RaiseException
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
VirtualQueryEx
GetModuleFileNameA
SuspendThread
GetThreadContext
ResumeThread
GetCurrentThread
GetCurrentProcess
DuplicateHandle
GetLastError
CreateThread
WaitForSingleObject
CloseHandle
lstrlenA
OutputDebugStringA
GlobalAlloc
GlobalLock
GlobalSize
GlobalUnlock
GlobalReAlloc
GlobalFree

user32

GetWindowLongA
OpenClipboard
EmptyClipboard
ShowWindow
CloseClipboard
EnableWindow
SendMessageA
SetClipboardData
SetWindowTextA
FindWindowExA
GetWindowRect
MessageBoxA
GetSystemMetrics
ScreenToClient
IsWindow
MoveWindow
GetDlgItem
GetClientRect
SetWindowLongA
SubtractRect
UnionRect
CopyRect
IsRectEmpty
PtInRect
SetRect
SetRectEmpty
EqualRect
InflateRect
IntersectRect
OffsetRect

oleaut32

DosDateTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VarDateFromUdate
SystemTimeToVariantTime
SysStringByteLen
SysAllocStringByteLen
VariantCopy
VarDateFromStr
VarUdateFromDate
SysFreeString

dbghelp

StackWalk
SymGetOptions
SymInitialize
SymFunctionTableAccess
SymLoadModule
SymGetModuleInfo
SymUnDName
UnDecorateSymbolName
SymGetSymFromAddr
SymSetOptions

advapi32

RegOpenKeyExA
RevertToSelf
OpenThreadToken
RegCloseKey
RegQueryValueExA
SetThreadToken
RegCreateKeyExA
RegSetValueExA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA

msvcp90d

??0?$allocator@D@std@@QAE@ABV01@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Debug_message@std@@YAXPB_W0I@Z
??0?$_DebugHeapAllocator@D@std@@QAE@ABV01@@Z
??1_Container_base_secure@std@@QAE@XZ
??0?$allocator@_W@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0_Container_base_secure@std@@QAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Swap_all@_Container_base_secure@std@@QBEXAAV12@@Z
?_Swap_aux@_Container_base_secure@std@@QAEXAAV12@@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?_Orphan_all@_Container_base_secure@std@@QBEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ

msvcm90d

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z

mscoree

_CorExeMain

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 510KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1bbb47ec0ea004fb5a47d51865b1e9d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90d

msvcr90d

kernel32

user32

oleaut32

dbghelp

advapi32

shell32

comctl32

shlwapi

msvcp90d

msvcm90d

mscoree

Sections

.text Size: 239KB - Virtual size: 238KB

.rdata Size: 510KB - Virtual size: 510KB

.data Size: 7KB - Virtual size: 1.1MB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 239KB - Virtual size: 238KB

.rdata
Size: 510KB - Virtual size: 510KB

.data
Size: 7KB - Virtual size: 1.1MB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 11KB - Virtual size: 10KB