3a8bd43dba756a3e359f8003febbad90_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

3a8bd43dba756a3e359f8003febbad90_NEIKI
Size

384KB
MD5

3a8bd43dba756a3e359f8003febbad90
SHA1

0c7164371630a32398c39b7b48311825e002cc19
SHA256

9ccfef9b5e698fde901bfa1664c57b6eb5755fd83589a123ae96533b16676633
SHA512

99a0684a4b05cf52a3a43fb1a67b6538fa242765111bf939a82adb3df76f776cea6a6b51734845f95db659eb9dc7dfdadbee35fae170b669006adee2240b9aba
SSDEEP

6144:aHXkjVWgL1IinueiX4NRe1Y2Uj5w7edGngnlMubij1S9:asVWiXn8IebUju2iO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a8bd43dba756a3e359f8003febbad90_NEIKI

Files

3a8bd43dba756a3e359f8003febbad90_NEIKI
.dll regsvr32 windows:4 windows x86 arch:x86

e3191e4d5e3cbd0a2fc6d0f7ea90c0db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
GetTimeZoneInformation
GetACP
HeapSize
HeapReAlloc
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
CompareStringA
CompareStringW
ExitProcess
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
SetEnvironmentVariableA
IsBadReadPtr
IsBadCodePtr
GetFileType
MultiByteToWideChar
SetStdHandle
ExitThread
CreateThread
HeapFree
HeapAlloc
RaiseException
GetCommandLineA
RtlUnwind
GetProfileIntA
CopyFileA
GlobalSize
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
SizeofResource
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
FileTimeToLocalFileTime
GetUserDefaultLCID
IsDBCSLeadByte
lstrlenW
GlobalAlloc
lstrcmpA
GetCurrentThread
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
EnterCriticalSection
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
GetFileAttributesA
CreateEventA
SuspendThread
SetThreadPriority
SetEvent
FormatMessageA
LocalFree
GetShortPathNameA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
MulDiv
SetLastError
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
SetFileAttributesA
WinExec
GetModuleFileNameA
CreateFileA
GetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CloseHandle
WaitForSingleObject
GetTickCount
Sleep
GetTempPathA
DeleteFileA
GetLastError
ResumeThread
GetWindowsDirectoryA
CreateDirectoryA
SetUnhandledExceptionFilter

user32

InsertMenuA
GetSysColorBrush
GetDialogBaseUnits
UnregisterClassA
LockWindowUpdate
EnumChildWindows
GetClassNameA
SetRect
SetCapture
PtInRect
RegisterClipboardFormatA
IsRectEmpty
CreateMenu
DrawEdge
SetParent
PostQuitMessage
InflateRect
WindowFromPoint
DestroyMenu
ReleaseCapture
SetRectEmpty
LoadStringA
GetDesktopWindow
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
CharUpperA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetMenuStringA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
LoadIconA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
CopyRect
IsWindowVisible
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
DestroyIcon
AppendMenuA
GetDCEx
GetTabbedTextExtentA
RemoveMenu
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
FillRect
GetClientRect
GetDC
SetCursor
GetParent
GetWindowRect
LoadBitmapA
EnableWindow
SendMessageA
GetWindowDC
ReleaseDC
LoadCursorA
InvalidateRect
PostMessageA
GetFocus

gdi32

PtVisible
RectVisible
TextOutA
MoveToEx
ExtTextOutA
Escape
SetRectRgn
CreateFontIndirectA
LPtoDP
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
CreatePatternBrush
GetTextExtentPoint32A
GetTextMetricsA
CopyMetaFileA
CreateDCA
GetTextAlign
UnrealizeObject
Rectangle
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
CreatePen
GetDeviceCaps
GetCurrentPositionEx
CreateFontA
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetBkMode
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateRectRgnIndirect
PatBlt
SetBkColor
SetTextColor
GetClipBox
GetStockObject
Ellipse
CreateSolidBrush
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
BitBlt
GetObjectA
CreateRectRgn
CombineRgn
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyA
RegEnumKeyA
RegSetValueA
RegCreateKeyA
RegQueryValueA
RegSetValueExA
RegDeleteKeyA

shell32

ShellExecuteA
ExtractIconA

comctl32

_TrackMouseEvent
ord17

ole32

OleLoadFromStream
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2
CreateDataCache
CoTaskMemAlloc
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CreateDataAdviseHolder
CoInitialize
OleSaveToStream
CoTaskMemFree
CreateOleAdviseHolder
CoDisconnectObject
StringFromCLSID
ReadFmtUserTypeStg
OleDuplicateData
ReadClassStm
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ReleaseStgMedium

olepro32

ord250
ord252
ord251
ord253

oleaut32

SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
VariantCopy
SysAllocString
VariantChangeType
VariantClear
LoadTypeLi
RegisterTypeLi
SysStringByteLen
LoadRegTypeLi

wsock32

ioctlsocket

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetSetStatusCallback
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetErrorDlg
InternetSetOptionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3191e4d5e3cbd0a2fc6d0f7ea90c0db

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

wsock32

wininet

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 245KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 248KB - Virtual size: 245KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 36KB - Virtual size: 35KB