44af5a023e610716424f2012109e5390_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

44af5a023e610716424f2012109e5390_NEIKI
Size

148KB
MD5

44af5a023e610716424f2012109e5390
SHA1

36aba7dd7582bb05707f8e352ca80f9469e1b778
SHA256

8d3b6b97d6e9c09e6c32a2f4135513cc9b1bc8f94a63e969a51bcda31133bc1d
SHA512

c2bd22d8262a50400ff426ecb0624cea2cfc7addda6d22404c6a8482f87ca7cb02f13ae2d2a8b3b763f53ec14ebe24db6a5d217393cc3531791fda00994eb551
SSDEEP

3072:4a126tAPT6y/NQkpwi3VDEByey6sr9EgbX9J:48mTJ/mke7C6GDX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44af5a023e610716424f2012109e5390_NEIKI

Files

44af5a023e610716424f2012109e5390_NEIKI
.dll windows:4 windows x86 arch:x86

526c6931cb23e4bb1b2db62c518b8f12

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpage3

ord964
ord963

wflow

?GetXPInstance@CWorkFlow@@SAJXZ

tb99reghigh

?GetInstance@CTBSettings@@SAPAV1@XZ
?GetCurrentProfile@CTBSettings@@SAPAVCTBSettingsProfile@@XZ

kernel32

RtlUnwind
HeapFree
GetCommandLineA
GetModuleHandleA
RaiseException
GlobalAddAtomW
GlobalGetAtomNameW
TerminateProcess
HeapSize
HeapReAlloc
ExitProcess
GetLocaleInfoA
GetLocaleInfoW
HeapDestroy
HeapCreate
HeapAlloc
SetErrorMode
LeaveCriticalSection
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
InterlockedDecrement
InterlockedIncrement
LocalFree
lstrlenA
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileW
GetFullPathNameW
GetVolumeInformationW
FindClose
WriteFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
WritePrivateProfileStringW
GetProcAddress
GetProcessVersion
LoadLibraryA
lstrcpyW
GlobalFlags
lstrcmpiW
VirtualFree
LocalReAlloc
TlsGetValue
GetModuleFileNameA
GlobalReAlloc
TlsSetValue
EnterCriticalSection
VirtualAlloc
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
MulDiv
CloseHandle
lstrcmpW
GlobalDeleteAtom
GetCurrentThread
lstrcpynW
GetLastError
SetLastError
lstrlenW
GlobalFree
FindResourceW
LoadResource
LockResource
GetVersion
lstrcatW
GetCurrentThreadId
GetVersionExW
GetModuleFileNameW
FreeLibrary
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
SetHandleCount
GetStdHandle
GetCPInfo

user32

IsDialogMessageW
SetWindowTextW
ShowWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
LoadBitmapW
GetMenuCheckMarkDimensions
PostQuitMessage
ShowOwnedPopups
SetCursor
MessageBoxW
GetCursorPos
ValidateRect
TranslateMessage
GetMessageW
GetDC
ReleaseDC
BeginPaint
EndPaint
TabbedTextOutW
DrawTextW
GrayStringW
LoadStringW
UnregisterClassW
GetClassNameW
PtInRect
LoadCursorW
GetSysColorBrush
DestroyMenu
FindWindowW
InvalidateRect
CharUpperW
WindowFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
ReleaseCapture
LoadMenuW
SetMenu
ReuseDDElParam
UnpackDDElParam
IsIconic
BringWindowToTop
GetNextDlgTabItem
EndDialog
GetActiveWindow
CreateDialogIndirectParamW
LoadIconW
PostMessageW
SystemParametersInfoW
MapWindowPoints
GetSysColor
PeekMessageW
GetFocus
SetActiveWindow
IsWindow
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
SetScrollInfo
ShowScrollBar
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsWindowEnabled
IsChild
GetCapture
WinHelpW
wsprintfW
RegisterClassW
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetMenu
GetDlgItem
GetWindowTextW
GetDlgCtrlID
GetKeyState
DefWindowProcW
DestroyWindow
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
GetMessagePos
GetWindow
SetWindowLongW
SetWindowPos
RegisterWindowMessageW
IsWindowVisible
SetRectEmpty
GetClientRect
ClientToScreen
SetParent
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
UpdateWindow
SendDlgItemMessageA
DispatchMessageW
SendMessageA
GetWindowRect
ScreenToClient
GetSystemMetrics
GetParent
GetDesktopWindow
EnableWindow
GetWindowLongW
SendMessageW
GetClassInfoW

gdi32

GetObjectW
SetTextColor
SetBkColor
CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
DeleteObject
GetDeviceCaps
PtVisible
TextOutW
ExtTextOutW
RectVisible
Escape
CreateFontIndirectW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

DragFinish
DragQueryFileW

comctl32

ImageList_Destroy
ord17

Exports

Exports

CreateSCharDlg
DestroySCharDlg
SetSCharCodePage
SetSCharEditBox
SetSCharParent
ShowSCharDlg

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

526c6931cb23e4bb1b2db62c518b8f12

Headers

File Characteristics

Imports

xpage3

wflow

tb99reghigh

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 15KB - Virtual size: 28KB

.idata Size: 7KB - Virtual size: 6KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 15KB - Virtual size: 28KB

.idata
Size: 7KB - Virtual size: 6KB

.reloc
Size: 17KB - Virtual size: 16KB