42d5668597ea2e490917889531866910_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

42d5668597ea2e490917889531866910_NEIKI
Size

5.2MB
MD5

42d5668597ea2e490917889531866910
SHA1

c5767e8792173e556074c9d5ebedfdc2d496b1bd
SHA256

5738af4b61face5cfd3650d869431fc64fa135315c37c304fea6dc800c1f674d
SHA512

b02640f3cf3832bc3881b889443deb7261fd5c8f432d9e168260d50f18bdf297ebfdecec2b95bcaefbf83a6c27f63965ed5d53d0107469a99ad995bafc596322
SSDEEP

49152:rpkL/jxsZMboVMoybfyg+p3wB5q0eygSlKQyV/gL6pDju3V4Ptm/RmFkdoGi0+uQ:re+MbG5c8ekZX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42d5668597ea2e490917889531866910_NEIKI

Files

42d5668597ea2e490917889531866910_NEIKI
.exe windows:6 windows x64 arch:x64

aba5f826725158db33fda9c00d76f239

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dev\xenia\build\bin\Windows\Release\xenia.pdb

Imports

kernel32

GetProcAddress
LocalFree
GetModuleHandleW
CreateThread
RaiseException
CloseHandle
GetThreadPriority
PulseEvent
WaitForSingleObjectEx
TerminateThread
InitializeConditionVariable
GetCurrentThread
SetEvent
GetLastError
Sleep
CreateEventW
CancelWaitableTimer
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateTimerQueue
DeleteTimerQueueEx
FreeLibrary
GlobalAddAtomW
GlobalDeleteAtom
AttachConsole
FlushInstructionCache
GetThreadContext
ExitThread
ResumeThread
SuspendThread
ReleaseMutex
GetCurrentThreadId
WaitForMultipleObjectsEx
CreateMutexW
SetThreadPriority
SignalObjectAndWait
GetProcessAffinityMask
ReleaseSemaphore
CreateWaitableTimerW
SetProcessAffinityMask
GetCurrentProcess
SetWaitableTimer
CreateTimerQueueTimer
SetThreadAffinityMask
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
QueueUserAPC
SwitchToThread
GetThreadId
CreateSemaphoreW
SleepEx
GetStdHandle
VirtualProtect
GetCommandLineW
GlobalAlloc
GlobalLock
GlobalUnlock
SetFilePointer
UnmapViewOfFile
FlushViewOfFile
GetSystemInfo
GetFileSize
CreateFileMappingW
DeleteTimerQueueTimer
MapViewOfFile
MapViewOfFileEx
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
RemoveVectoredContinueHandler
VirtualFree
VirtualAlloc
VirtualQuery
LoadLibraryA
IsDebuggerPresent
OpenProcess
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
K32GetModuleBaseNameA
InitializeCriticalSectionEx
SleepConditionVariableCS
GetCurrentProcessId
WakeAllConditionVariable
WakeConditionVariable
CreateDirectoryW
ReadFile
FindFirstFileW
FindNextFileW
WriteFile
SetEndOfFile
FindClose
CreateFileW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
SetFilePointerEx
FlushFileBuffers
OutputDebugStringA
LoadLibraryW
ResetEvent

shell32

DragFinish
DragAcceptFiles
DragQueryFileW
SHFileOperationW
SHGetFolderPathW
ShellExecuteA
CommandLineToArgvW

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance

ntdll

RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlInstallFunctionTableCallback
RtlDeleteFunctionTable
RtlVirtualUnwind

shlwapi

ord219

wsock32

WSAGetLastError
htonl
ioctlsocket
WSAStartup
select
__WSAFDIsSet
accept
bind
closesocket
ntohl
shutdown
listen
send
socket
connect
recvfrom
recv
sendto
inet_ntoa
setsockopt

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
_Cnd_init_in_situ
_Thrd_hardware_concurrency
_Thrd_join
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
_Cnd_init
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_lock
_Mtx_unlock
?uncaught_exception@std@@YA_NXZ
_Mtx_destroy
_Thrd_id
_Thrd_start
_Mtx_init
_Cnd_wait
_Cnd_destroy
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_signal
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
_Mtx_trylock
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xbad_alloc@std@@YAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

vcruntime140

memmove
memcpy
memcmp
memchr
__RTDynamicCast
__RTtypeid
__CxxFrameHandler3
__std_terminate
strstr
strchr
strrchr
__std_exception_destroy
memset
_CxxThrowException
__std_type_info_name
wcschr
_purecall
__C_specific_handler
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

terminate
_beginthreadex
abort
exit
_initialize_wide_environment
perror
_invalid_parameter_noinfo_noreturn
_initterm
_errno
_configure_wide_argv
_initterm_e
_register_thread_local_exe_atexit_callback
_get_wpgmptr
_initialize_onexit_table
_register_onexit_function
_c_exit
_set_app_type
_seh_filter_exe
_exit
_cexit
_crt_atexit
_get_wide_winmain_command_line

api-ms-win-crt-convert-l1-1-0

_strtoui64
strtod
_strtoi64
wcstombs
mbstowcs
atoi
strtof
strtoll
strtoull
strtol
strtoul

api-ms-win-crt-stdio-l1-1-0

_set_fmode
ftell
fseek
__stdio_common_vsprintf_s
fread
__stdio_common_vswprintf
__p__commode
__stdio_common_vsscanf
__stdio_common_vsprintf
fputc
fgetc
__stdio_common_vfprintf
_wfopen
fgetpos
fclose
fflush
fopen
ferror
fputs
ungetc
fsetpos
_fseeki64
_get_stream_buffer_pointers
__acrt_iob_func
fwrite
setvbuf
_isatty
_open_osfhandle

api-ms-win-crt-math-l1-1-0

_dclass
sin
log
_fdopen
asin
llrint
atan
cos
sqrt
sinf
sqrtf
acos
fabs
exp
tanh
cosh
pow
__setusermatherr
tan
powf
log10f
fmodf
log2f
exp2f
log2
floorf
round
floor
cosf
truncf
sinh
exp2
ceilf
trunc
_dtest
ceil
roundf
_fdtest

api-ms-win-crt-string-l1-1-0

_strdup
strncmp
isspace
tolower
_strnicmp
strcmp
wcsncpy
strncpy
isprint
toupper
_stricmp

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
realloc
_aligned_malloc
_aligned_free
calloc
_aligned_realloc
_set_new_mode
free

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_wfullpath
_unlock_file

api-ms-win-crt-time-l1-1-0

strftime
_time64
_localtime64
_gmtime64
_mkgmtime64

api-ms-win-crt-utility-l1-1-0

qsort
rand
bsearch

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

GetMonitorInfoW
SetWindowPlacement
SetMenuInfo
ValidateRect
MoveWindow
AdjustWindowRect
SetMenu
DestroyMenu
SetFocus
SetPropW
LoadIconW
LoadCursorW
DrawMenuBar
SetRectEmpty
DestroyWindow
GetWindowRect
CreateIconFromResourceEx
GetKeyState
CloseWindow
DefWindowProcW
GetWindowPlacement
DestroyIcon
TranslateMessage
PeekMessageW
DispatchMessageW
GetMessageW
GetAsyncKeyState
RegisterClassExW
GetWindowLongPtrW
CreatePopupMenu
SetWindowTextW
SendMessageW
ScreenToClient
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowLongW
MessageBoxA
InvalidateRect
ShowCursor
UpdateWindow
PostThreadMessageW
ShowWindow
CreateMenu
EnableMenuItem
AppendMenuW
GetMenuInfo
GetClientRect
SetWindowLongPtrW
CreateWindowExW
GetWindowLongW
MonitorFromWindow

imm32

ImmSetCompositionWindow
ImmGetContext

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 688KB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aba5f826725158db33fda9c00d76f239

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ole32

ntdll

shlwapi

wsock32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

imm32

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 688KB - Virtual size: 5.8MB

.pdata Size: 102KB - Virtual size: 102KB

_RDATA Size: 6KB - Virtual size: 6KB

.rsrc Size: 104KB - Virtual size: 103KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 688KB - Virtual size: 5.8MB

.pdata
Size: 102KB - Virtual size: 102KB

_RDATA
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 104KB - Virtual size: 103KB

.reloc
Size: 20KB - Virtual size: 20KB