7c73bab3b31a1568d738657a588094a0_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

7c73bab3b31a1568d738657a588094a0_NEIKI
Size

2.9MB
MD5

7c73bab3b31a1568d738657a588094a0
SHA1

f829906438caee84629e204d59af820f26928d25
SHA256

fa31b553c756da2576da7ef0fb93ebdffa041f05d800495b0513837b0e6c0cf9
SHA512

b5d1373b9cff31a5c21ff7a120ccc83dafa1859f12aaf64a6dc0a37dd732e5bafc4f46232b95bc2188ee18b2102ab15f959391a4f278964941526a28961125e8
SSDEEP

24576:JRIb5yD2FTDXhKcEAmVvfzaOAJ9w/F5cpNLj7Hm+hpjMxCuHo4RBu38YJPdDZejC:dAb7JWt5cWi4IdTMimNIf0ad1ngx3W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c73bab3b31a1568d738657a588094a0_NEIKI

Files

7c73bab3b31a1568d738657a588094a0_NEIKI
.exe windows:4 windows x86 arch:x86

c72a6b3c74a920100d8666eb0799e989

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod
timeGetDevCaps

kernel32

GetLastError
CloseHandle
GetProcessHeap
IsProcessorFeaturePresent
CreateMutexA
CreateFileW
CreateFileMappingA
MapViewOfFile
OutputDebugStringA
lstrcmpiA
InterlockedCompareExchange
GetTempPathA
CreateDirectoryA
GetCommandLineA
Sleep
GetLocalTime
FindNextFileA
CreateEventA
WaitForMultipleObjects
ResetEvent
SetEvent
CompareFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
IsBadCodePtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
SetStdHandle
GetTimeZoneInformation
GetFileAttributesA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InitializeCriticalSection
InterlockedExchange
RtlUnwind
IsBadWritePtr
FlushFileBuffers
VirtualQuery
VirtualAlloc
VirtualProtect
LCMapStringW
LCMapStringA
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCurrentDirectoryA
GetFullPathNameA
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
GetACP
HeapSize
HeapReAlloc
DeleteCriticalSection
RaiseException
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
ExitProcess
GetVersionExA
GetStartupInfoA
GetDriveTypeA
FileTimeToLocalFileTime
GetWindowsDirectoryA
GetModuleHandleA
IsBadReadPtr
GlobalAlloc
GlobalLock
GlobalUnlock
SetUnhandledExceptionFilter
SuspendThread
GetThreadContext
ResumeThread
DuplicateHandle
GetCurrentProcess
GetCurrentThread
CreateThread
VirtualQueryEx
GetModuleFileNameA
FileTimeToSystemTime
CreateFileA
GetFileSize
ReadFile
GetFileInformationByHandle
SetFilePointer
WriteFile
UnmapViewOfFile
SetEndOfFile
FindFirstFileA
FindClose
DeleteFileA
PeekNamedPipe
RemoveDirectoryA
MoveFileA
GetSystemInfo
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar

user32

ChangeDisplaySettingsA
OpenClipboard
EmptyClipboard
GetParent
GetFocus
SetClipboardData
SetCursor
DefWindowProcA
ShowWindow
GetSystemMetrics
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
MessageBoxA
PostQuitMessage
CloseClipboard
GetActiveWindow
GetAsyncKeyState
CallWindowProcA
ShowCursor
SetWindowPos
UpdateWindow
GetWindowRect
GetClassInfoExA
GetClassNameA
SetFocus
UnregisterClassA
DestroyWindow
ClipCursor
MessageBoxW
GetKeyboardLayout
PeekMessageA
TranslateMessage
DispatchMessageA

gdi32

GetStockObject
DeleteObject

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegCreateKeyExA

shell32

ShellExecuteExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

binkw32

_BinkClose@4
_BinkPause@8
_BinkSetSoundSystem@8
_BinkSetSoundTrack@8
_BinkGetRealtime@12
_BinkNextFrame@4
_BinkCopyToBuffer@28
_BinkOpenMiles@4
_BinkOpen@8
_BinkGetError@0
_BinkSetVolume@12
_BinkWait@4
_BinkDoFrame@4

mss32

_AIL_set_sample_volume_pan@12
_AIL_resume_sample@4
_AIL_stop_sample@4
_AIL_shutdown@0
_AIL_set_redist_directory@4
_AIL_startup@0
_AIL_set_preference@8
_AIL_open_digital_driver@16
_AIL_set_file_callbacks@16
_AIL_sample_user_data@8
_AIL_pause_stream@8
_AIL_allocate_sample_handle@4
_AIL_init_sample@4
_AIL_set_named_sample_file@20
_AIL_sample_playback_rate@4
_AIL_set_sample_user_data@12
_AIL_register_EOS_callback@8
_AIL_stream_user_data@8
_AIL_set_sample_loop_count@8
_AIL_start_sample@4
_AIL_open_stream@12
_AIL_stream_playback_rate@4
_AIL_set_stream_user_data@12
_AIL_register_stream_callback@8
_AIL_set_stream_volume_pan@12
_AIL_set_stream_loop_count@8
_AIL_start_stream@4
_AIL_close_stream@4
_AIL_release_sample_handle@4
_AIL_set_stream_playback_rate@8
_AIL_set_sample_playback_rate@8

wsock32

listen
accept
connect
WSAGetLastError
bind
htons
inet_ntoa
htonl
ntohl
getsockopt
socket
send
getsockname
gethostname
select
__WSAFDIsSet
closesocket
recv
shutdown
inet_addr
ioctlsocket
WSAStartup
WSACleanup
gethostbyname
setsockopt
sendto
recvfrom
ntohs

ole32

CoInitialize
CoUninitialize
IIDFromString
CoCreateInstance

oleaut32

SysAllocString
VariantChangeType
SysStringLen
SysAllocStringLen
VariantCopy
VariantClear
VariantInit

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 380KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c72a6b3c74a920100d8666eb0799e989

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

advapi32

shell32

version

binkw32

mss32

wsock32

ole32

oleaut32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 380KB - Virtual size: 377KB

.data Size: 84KB - Virtual size: 168KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 380KB - Virtual size: 377KB

.data
Size: 84KB - Virtual size: 168KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 24KB - Virtual size: 21KB