4bba3ca52819a2e4cd37ef12cc7663f0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

4bba3ca52819a2e4cd37ef12cc7663f0_NEIKI
Size

1.8MB
MD5

4bba3ca52819a2e4cd37ef12cc7663f0
SHA1

78ec8a4a42fe5a5ca3c5247d0adf14a2ac898229
SHA256

94206026359c648564b55866dac706c68890d2d426c02dc05e9bcb79feab4d72
SHA512

ff2343c08e8a9d8740786f0529b3d620f7b5e06c463f4c012cb4d7caf1e9916cd93cd8305712d87741b3a5fec15f6209234244f4bcb78b5fd0b47fbb1336a678
SSDEEP

49152:r7vSji9C4UfSh61BVnFQIAkMp2ijfxI5l6:rrSj5J7FKgqn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bba3ca52819a2e4cd37ef12cc7663f0_NEIKI

Files

4bba3ca52819a2e4cd37ef12cc7663f0_NEIKI
.dll windows:4 windows x86 arch:x86

e7043827dc62bb788c175a2dae680ae9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
InterlockedIncrement
InterlockedDecrement
GetProcAddress
LoadLibraryA
MapViewOfFile
GetFileSize
CreateFileMappingA
CreateFileA
CloseHandle
UnmapViewOfFile
FreeLibrary
LCMapStringW
VirtualAlloc
VirtualFree
GetEnvironmentVariableA
SetLastError
lstrlenW
GetModuleHandleA
ExitProcess
WaitForSingleObject
CreateSemaphoreA
DisableThreadLibraryCalls
GetSystemInfo
Sleep
ReleaseSemaphore
SetHandleCount
GetSystemTimeAsFileTime
GetConsoleMode
GetStdHandle
GetFileType
CreateMutexA
GetConsoleOutputCP
FindClose
FindFirstFileA
FormatMessageW
ReleaseMutex
GetLastError
GetComputerNameA
WriteFile
ReadFile
SetFilePointer
MapViewOfFileEx
GetShortPathNameW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LocalAlloc
GetCurrentProcessId

user32

LoadStringW
CharNextA

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?compare@?$char_traits@G@std@@SAHPBG0I@Z
?eq@?$char_traits@G@std@@SA_NABG0@Z
?assign@?$char_traits@G@std@@SAXAAGABG@Z
?copy@?$char_traits@G@std@@SAPAGPAGPBGI@Z
?move@?$char_traits@G@std@@SAPAGPAGPBGI@Z
?_Xran@_String_base@std@@QBEXXZ
?_Xlen@_String_base@std@@QBEXXZ
?length@?$char_traits@G@std@@SAIPBG@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z

msvcr71

free
abort
wcslen
_mbctype
_setmbcp
sprintf
strchr
fputc
fwrite
atol
strncmp
strrchr
printf
_close
_pctype
fflush
malloc
_tell
_lseek
_read
_winminor
_winmajor
_wfullpath
_splitpath
strncpy
_waccess
time
_snprintf
_stricmp
_makepath
memmove
_strdup
setlocale
_memicmp
toupper
getenv
mbtowc
putchar
qsort
strtoul
_errno
ctime
_fstat
ceil
floor
_flsbuf
_filbuf
_unlink
fread
fseek
setvbuf
fopen
_stat
ftell
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
__CxxFrameHandler
strncat
atoi
fclose
fgets
rewind
strstr
__unDName
_getcwd
_strnicmp
_wsopen
freopen
_dup
_resetstkoflw
_chsize
rename
remove
_fsopen
_futime
realloc
_get_osfhandle
_write
_cputws
_mbstrlen
wcscat
_wcserror
_ltoa
_ultoa
atof
sscanf
iswspace
_strdate
_strtime
fprintf
swprintf
_vsnprintf
wcscmp
wcsncmp
wcscpy
_finite
longjmp
_setjmp3
_ecvt
_i64toa
strpbrk
wcsncpy
wcsrchr
wcschr
wcsstr
_setmode
memset
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
__security_error_handler
?terminate@@YAXXZ
_except_handler3
_iob

Exports

Exports

_AbortCompilerPass@4
_IDLMerge@16
_InvokeCompilerPass@12

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7043827dc62bb788c175a2dae680ae9

Headers

File Characteristics

Imports

kernel32

user32

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 180KB - Virtual size: 178KB

.data Size: 44KB - Virtual size: 181KB

.rsrc Size: 276KB - Virtual size: 274KB

.reloc Size: 104KB - Virtual size: 102KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 180KB - Virtual size: 178KB

.data
Size: 44KB - Virtual size: 181KB

.rsrc
Size: 276KB - Virtual size: 274KB

.reloc
Size: 104KB - Virtual size: 102KB