642167aaca914523c60d1cff1f952610_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

642167aaca914523c60d1cff1f952610_NEIKI
Size

208KB
MD5

642167aaca914523c60d1cff1f952610
SHA1

fb8ef7fd082ddc3495be3f613118c82599b74a2a
SHA256

8e53f0c77d6e741dccfa2ab687b77ecd09284cca4b2472d36282f49563039a56
SHA512

9122ecdcd9d999888b13f09577b0d962885d34d2fa623d130f47f87eabd920ffacc2cece4065a881f15017bb9624562234e0d777f89f3a32cd2e3b7247f3f011
SSDEEP

3072:VlYUaeN4hBoxT3O14cHydiFlqan0pMwmQIN3C9ISE0qJiNlUdp34UZP:Vl474CSgqXKQISzqJBpJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
642167aaca914523c60d1cff1f952610_NEIKI

Files

642167aaca914523c60d1cff1f952610_NEIKI
.exe windows:5 windows x86 arch:x86

887216cd14dc07ac5c7539304e24449b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\PMS\pms4\Project(20130805)\_NewAgent_dll\bin\Release\HanAgent.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetMessageW

gdi32

DeleteObject

advapi32

AdjustTokenPrivileges

shell32

ShellExecuteW

ws2_32

WSAStartup

Sections

.text
Size: 82KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE