a0a71880e2437809b9104a1efd7c8dd0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

a0a71880e2437809b9104a1efd7c8dd0_NEIKI
Size

496KB
MD5

a0a71880e2437809b9104a1efd7c8dd0
SHA1

68aae5d1acf778c5a95fec146b485205d31aff65
SHA256

d61dd596ca157ede6310eec8e7233e3d39d8e4d36296c57ca0f04163bfdd2103
SHA512

e2d195953a42da9ef867434ed7e8114342293772a9a263c392689484ae46c25f088692df0b3b72dcd7bb11bf53f64857fb894179ec18b3fc17bda5e5dbefd8df
SSDEEP

12288:jcK25mXjY1vNpwxlS0aZeQfbvNT2AOgZko:jw5mXjY1vNpwPS0atfRT2q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0a71880e2437809b9104a1efd7c8dd0_NEIKI

Files

a0a71880e2437809b9104a1efd7c8dd0_NEIKI
.exe windows:6 windows x86 arch:x86

8be4dbeddbfced343a94506de64a3e51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\platypus\working\depot1\ProDG\Release\ProDG_Orbis_SDK2500\Debugger\bin\Win32\Release\orbis-dsm.pdb

Imports

kernel32

GetModuleFileNameW
ConnectNamedPipe
LeaveCriticalSection
EnterCriticalSection
GetTempFileNameW
GetCurrentThreadId
WaitForSingleObject
CreateProcessW
ReadFile
SystemTimeToFileTime
GetSystemTime
SetFileTime
CopyFileW
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventA
VerifyVersionInfoW
FormatMessageW
LocalFree
LocalLock
GetProcAddress
GetModuleHandleW
GetVersionExW
GetSystemInfo
CreateEventW
CreateFileW
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
GetOverlappedResult
GetFileSizeEx
ResetEvent
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetACP
CreateThreadpool
SetThreadpoolThreadMaximum
SetEvent
InitializeSRWLock
FlushFileBuffers
WriteFile
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
ReleaseSemaphore
Sleep
CreateThread
TerminateThread
WaitForMultipleObjects
CreateSemaphoreW
LoadResource
LockResource
SizeofResource
FindResourceW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
SetFileAttributesW
CompareStringOrdinal
CreateDirectoryW
GetLongPathNameW
GetTempPathW
GetCommandLineW
InitializeCriticalSection
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemTimeAsFileTime
OutputDebugStringW
DisconnectNamedPipe
CreateNamedPipeW
WaitNamedPipeW
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
CloseThreadpool
DecodePointer
DeleteFileW
MoveFileW
InitOnceExecuteOnce

user32

GetSystemMetrics

ole32

CoTaskMemFree
CoCreateGuid
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysAllocStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
VarBstrCmp
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
LoadTypeLi
LoadRegTypeLi
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SafeArrayCopy
SafeArrayGetVartype
VariantInit
VariantClear
SysStringByteLen

msvcp120

?_Xinvalid_argument@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Xbad_function_call@std@@YAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ
??0_Container_base12@std@@QAE@XZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?uncaught_exception@std@@YA_NXZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
??0id@locale@std@@QAE@I@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

msvcr120

_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_vsnprintf_s
_except_handler4_common
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_except1
??1type_info@@UAE@XZ
_onexit
_calloc_crt
_unlock
_lock
?terminate@@YAXXZ
towupper
iswalpha
_ismbblead
isspace
_vscprintf
memchr
_vscwprintf
_vsnwprintf_s
_vsnprintf
wcschr
_vsnwprintf
malloc
sprintf_s
strncpy_s
wcscpy_s
strtol
_errno
_aligned_malloc
_aligned_free
memcpy_s
_time64
_localtime64_s
_wasctime_s
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
??_V@YAXPAX@Z
memmove
free
_beginthreadex
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
srand
tolower
realloc
__dllonexit
rand

shlwapi

PathFileExistsW
PathIsDirectoryW
ChrCmpIW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

advapi32

GetUserNameW
AllocateLocallyUniqueId
EventRegister
EventUnregister
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventWrite

shell32

CommandLineToArgvW
SHGetKnownFolderPath

winhttp

WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpSetOption
WinHttpOpenRequest

Sections

.text
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8be4dbeddbfced343a94506de64a3e51

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

msvcp120

msvcr120

shlwapi

version

advapi32

shell32

winhttp

Sections

.text Size: 338KB - Virtual size: 338KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 338KB - Virtual size: 338KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 16KB - Virtual size: 16KB