59268fffbbd0bf59b12636804e33b480_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

59268fffbbd0bf59b12636804e33b480_NEIKI
Size

573KB
MD5

59268fffbbd0bf59b12636804e33b480
SHA1

d8e843d9141d8a86a2540bfc6752df5406e21780
SHA256

e914047aaeb5dadcd78286c71a4a25763e5053f88ac66e160c98832124b4aff1
SHA512

040611d11f8c467124df098fc44946023de4bf31a16c18c586f5b2f0d5e9cc33f61e85f4b858b815984e4fd48722716f3192be0b3c611ebde0c236cfc0344c78
SSDEEP

12288:lx88qwuFhSZ/ivI7XHgZQKhJgeCmATvTh:lNqwgAZ/iQLHgZpJETbh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59268fffbbd0bf59b12636804e33b480_NEIKI

Files

59268fffbbd0bf59b12636804e33b480_NEIKI
.exe windows:5 windows x86 arch:x86

6010f59818bcccb8c7917646e471715b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\misc_selfcert\x86\ship\0\selfcert.pdb

Imports

kernel32

GetSystemDefaultLCID
GetACP
GetUserDefaultLangID
GetSystemDefaultUILanguage
GetSystemDefaultLangID
LoadLibraryW
GetModuleFileNameW
GetStringTypeExW
GetLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetLastError
GetCommandLineW
GlobalFree
lstrlenW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
QueryPerformanceCounter
VirtualProtect
GetUserDefaultUILanguage
GetCalendarInfoW
GetDateFormatW
EnumSystemLocalesW
EnumUILanguagesW
IsProcessorFeaturePresent
ReleaseSemaphore
GlobalMemoryStatus
RaiseException
HeapFree
HeapAlloc
GetProcessHeap
GetModuleHandleA
VirtualAlloc
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
HeapUnlock
HeapLock
TlsSetValue
SetLastError
VirtualFree
TlsGetValue
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsFree
DeleteCriticalSection
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
OutputDebugStringA
MultiByteToWideChar
WideCharToMultiByte
MulDiv
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
IsValidLocale
GetVersionExA
GetModuleHandleExW
RtlCaptureStackBackTrace
WaitForSingleObject
ReleaseMutex
CloseHandle
GetSystemTimeAsFileTime
GetTickCount
WriteFile
SetFileAttributesW
DeleteFileW
CreateFileW
GetLocaleInfoW
ExpandEnvironmentStringsW
GetProcessTimes
GetCurrentProcess
CreateMutexA
OpenMutexA
CreateSemaphoreA
GetShortPathNameA
GetModuleFileNameA
GlobalAlloc
GetSystemDirectoryW
GetTimeZoneInformation
GetDiskFreeSpaceExW
IsWow64Process
GetUserDefaultLCID
FreeLibrary
GetSystemInfo
GetVersionExW
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
LocalFree
LocalAlloc
Sleep
IsDBCSLeadByte
IsValidCodePage
CompareStringW
GetTempPathW
CreateDirectoryW
GetFileType
InitializeCriticalSection
LoadLibraryExW
GetCurrentThread

advapi32

RegQueryValueExA
RegSetValueExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsA
TraceEvent
RegQueryInfoKeyW
RegEnumKeyW
RegOpenKeyExA
CryptDestroyKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
AllocateAndInitializeSid
CopySid
GetTokenInformation
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CheckTokenMembership
IsValidSid
ConvertSidToStringSidA
RegCreateKeyExW
UnregisterTraceGuids
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenThreadToken

gdi32

CreateFontIndirectA
GetObjectA
CreateFontIndirectW
GetObjectW
GetDeviceCaps
DeleteDC
CreateDCA
CreateSolidBrush
TranslateCharsetInfo
SelectObject
GetTextExtentPoint32W
CreatePen
SetBkColor
SetTextColor
SetTextAlign
TextOutW
MoveToEx
LineTo
DeleteObject

user32

LoadStringW
MessageBoxW
LoadIconW
SendDlgItemMessageW
GetDlgItem
LoadCursorW
RegisterClassExW
GetDC
SetWindowPos
ReleaseDC
SetFocus
BeginPaint
GetClientRect
GetSysColor
GetFocus
DrawFocusRect
EndPaint
InvalidateRect
DefWindowProcW
GetParent
SendMessageW
GetClassNameA
SendMessageA
IsWindowUnicode
GetWindowLongA
GetWindowLongW
SetRectEmpty
MapWindowPoints
GetWindowRect
MoveWindow
IsWindowVisible
SetWindowTextW
IsWindow
CreateWindowExA
CreateDialogIndirectParamA
DrawTextA
DrawTextW
DestroyWindow
MapDialogRect
GetSystemMetrics
SystemParametersInfoA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMonitorInfoA
EnumDisplayMonitors
GetKeyboardLayoutList
GetKeyboardLayout
GetDlgCtrlID
EndDialog
GetWindow
DialogBoxParamW
GetWindowTextW

ole32

CoCreateInstance
CoCreateGuid
CoUninitialize
CoInitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

secur32

GetUserNameExW

msvcr90

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_crt_debugger_hook
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
wcscat_s
_wtoi
_wcsicmp
wcscpy_s
_CxxThrowException
_vsnprintf
__CxxFrameHandler3
vswprintf_s
memmove
_CIsqrt
wcsncat_s
_vsnprintf_s
bsearch
wcschr
strncpy_s
memcpy
memset
wcsncpy_s
_vsnwprintf_s

rpcrt4

UuidCreate

Exports

Exports

_GetAllocCounters@0

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 196KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6010f59818bcccb8c7917646e471715b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

gdi32

user32

ole32

version

secur32

msvcr90

rpcrt4

Exports

Exports

Sections

.text Size: 292KB - Virtual size: 291KB

.data Size: 196KB - Virtual size: 223KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 74KB - Virtual size: 76KB

.text
Size: 292KB - Virtual size: 291KB

.data
Size: 196KB - Virtual size: 223KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 74KB - Virtual size: 76KB