7875020bf01183d79b83b6bfdc364560_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

7875020bf01183d79b83b6bfdc364560_NEIKI
Size

144KB
MD5

7875020bf01183d79b83b6bfdc364560
SHA1

be53b88aec7d7f635b0d7ca60be1d2dbc9c5474b
SHA256

d022335a3190e01efe153c376edd0b6f88f802288715e4870e95fd03f61f5c33
SHA512

081ef053c4d4ca8908b96fe9dbe69d3137e79fbc7213f241c64f4153c67638dd964b46975cf5b547f4fbe2ebcfe4b47fe287e248d5d456461cf83bf2046d8e68
SSDEEP

3072:Q7LQgAWoF7DmenVsOv6oW7y0bOJGthwdc+7Nc4Q:v3F7DmeVsgW2ozw3Rc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7875020bf01183d79b83b6bfdc364560_NEIKI

Files

7875020bf01183d79b83b6bfdc364560_NEIKI
.dll regsvr32 windows:4 windows x86 arch:x86

dd603db9c34746445906435955610d19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

FlushInstructionCache
GetCurrentProcess
lstrcmpA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetCurrentThreadId
GetCommandLineA
GlobalFree
HeapReAlloc
HeapSize
FlushFileBuffers
SetStdHandle
SetFilePointer
ReadFile
LCMapStringW
LCMapStringA
LoadLibraryA
VirtualQuery
GetSystemInfo
VirtualProtect
HeapAlloc
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
GetModuleHandleA
GetProcAddress
TlsAlloc
TlsGetValue
SetLastError
TlsFree
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
MulDiv
IsDBCSLeadByte
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetModuleFileNameA
lstrcatA
lstrcpyA
lstrcmpiA
lstrlenA
GetProcessHeap
HeapFree
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
TlsSetValue
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CloseHandle
RtlUnwind
RaiseException
ExitProcess
LocalFree

user32

EndPaint
CharNextA
SetWindowLongA
GetWindowLongA
DestroyAcceleratorTable
DefWindowProcA
GetWindow
UnregisterClassA
GetWindowTextA
GetWindowTextLengthA
GetDesktopWindow
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
GetSysColor
SetWindowTextA
CallWindowProcA
ReleaseCapture
SetCapture
FillRect
GetClientRect
GetDC
ReleaseDC
InvalidateRect
RegisterClassExA
CallNextHookEx
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
ShowWindow
GetKeyState
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
UnionRect
PtInRect
UnhookWindowsHookEx
SystemParametersInfoA
SetWindowsHookExA
BeginPaint
wsprintfA
CreateWindowExA
CreateAcceleratorTableA
GetParent
GetClassNameA
SetWindowPos
DestroyWindow
RedrawWindow
GetDlgItem
IsWindow
SendMessageA
GetFocus
IsChild
SetFocus
InvalidateRgn

gdi32

CreateMetaFileA
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreateDCA
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
RestoreDC
SetTextAlign
TextOutA
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
SetWindowExtEx

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

ShellExecuteA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CreateBindCtx
OleSaveToStream
WriteClassStm
OleLoadFromStream
CoCreateInstance
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
CreateOleAdviseHolder

oleaut32

VarBstrCmp
VarBstrCat
OleCreatePropertyFrame
SysAllocStringByteLen
VariantChangeType
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

PathFindExtensionA

urlmon

CreateURLMoniker
RegisterBindStatusCallback
RevokeBindStatusCallback

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd603db9c34746445906435955610d19

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 8KB