39963ffb3d54fda4edf02f95edfd4f60_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

39963ffb3d54fda4edf02f95edfd4f60_NEIKI
Size

59KB
MD5

39963ffb3d54fda4edf02f95edfd4f60
SHA1

a9fdb233e85a11b143f7dfb55a3a32ecbb1d4366
SHA256

6b43bff7bbde15320418cfaf540c6ffdee78695df927b81f2159aafa95ee1038
SHA512

4e774e0a363f3ca830fc51b8df11d1ca9ae1f0435809db645d792ae9228c3040f23c78d3ca1104e7f23c869270a73a7c06d784195069253942e9d6aa67373c88
SSDEEP

768:jJeGyqKCpodOjuOnsZJNOnaelROaGC2ugqn3DUHDADTCgOFQnk7j:jMXqydwuZVObOs2uvIHMnlO0k3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39963ffb3d54fda4edf02f95edfd4f60_NEIKI

Files

39963ffb3d54fda4edf02f95edfd4f60_NEIKI
.exe windows:5 windows x86 arch:x86

cdc46e7ab374a8de3fa68cbfa79a12c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

GetClassFile
CoCreateInstance
OleRun
StgOpenStorage
CoInitialize
CreateFileMoniker
CreateBindCtx
CoUninitialize

oleaut32

SafeArrayAccessData
VariantClear
SysFreeString
SysAllocString

advapi32

RegQueryValueExA
RegOpenKeyExA

edgemaths

get_3_det
InvertMatrix
normalise_arc
transform
dircos

user32

PostMessageA
DefWindowProcA
RegisterClassA
CreateWindowExA
TranslateMessage
PostQuitMessage
GetMessageA
MessageBoxA
PeekMessageA
GetQueueStatus
MsgWaitForMultipleObjects
DispatchMessageA

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
DecodePointer
EncodePointer
UnmapViewOfFile
SetUnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalFree
lstrlenA
MultiByteToWideChar
GetLastError
MapViewOfFile
CloseHandle
OpenFileMappingA
GetCurrentProcessId
OpenEventA
OpenProcess
SetEvent
WaitForSingleObject
GetModuleFileNameA
InterlockedDecrement

msvcr100

__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
strncpy
_CIsqrt
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler3
_CxxThrowException
??_V@YAXPAX@Z
atoi
??_U@YAPAXI@Z
fclose
fflush
vfprintf
fprintf
fopen
free
_setjmp3
longjmp
sprintf
fread
fseek
exit
calloc
vsprintf
realloc
malloc
?terminate@@YAXXZ
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter

mfc100

ord744
ord7265
ord11447

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdc46e7ab374a8de3fa68cbfa79a12c5

Headers

DLL Characteristics

File Characteristics

Imports

ole32

oleaut32

advapi32

edgemaths

user32

kernel32

msvcr100

mfc100

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB