8015910d303fbb171c6b9fa965cc1570_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

8015910d303fbb171c6b9fa965cc1570_NEIKI
Size

857KB
MD5

8015910d303fbb171c6b9fa965cc1570
SHA1

05138376a264f89ad4481b49ec78cf1044f71f9c
SHA256

439aed0d0f8eccb389de47fb5433bc99461497e8e07c507748a8c269bbd983f6
SHA512

80d1b16af6cc5d3f56308f36579b0448c0a8ab6907ddaa7a0ea9e970d7f2ddf41a98d4fa549881ae146829c0f478da3b9becfce95116d97ea095f6991576046a
SSDEEP

12288:YGKDaYKlY0nsYgsto48qdVqf3fl0GsjPI2MzfKlvGvq7pa0H6T0uy:YGKDaBtoLqdVqfflY02vGvq7IKu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8015910d303fbb171c6b9fa965cc1570_NEIKI

Files

8015910d303fbb171c6b9fa965cc1570_NEIKI
.dll windows:6 windows x86 arch:x86

3a455391317ac9f381bebe470cfd0354

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualLock
VirtualAlloc
VirtualFree
DebugBreak
GetLastError
GetSystemInfo
IsBadCodePtr
VirtualQueryEx
GetCurrentProcessId
CreateMutexA
GetCurrentThreadId
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
CreateEventA
VirtualQuery
Sleep
GetVersion
UnmapViewOfFile
OpenProcess
GetCurrentProcess
OpenMutexA
MapViewOfFileEx
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
OutputDebugStringA
IsDebuggerPresent
HeapFree
GetProcessHeap
HeapAlloc
WaitForSingleObject
ReleaseMutex
EnterCriticalSection
SetEvent
LeaveCriticalSection
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindFirstFileExA
GetOEMCP
IsValidCodePage
SetStdHandle
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetStdHandle
GetModuleHandleExW
ExitProcess
GlobalMemoryStatusEx
CreateFileA
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
CreateThread
TlsAlloc
TlsGetValue
TlsSetValue
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryW
CreateFileW
FlushFileBuffers
GetDiskFreeSpaceExA
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
SetLastError
GetModuleHandleA
GetProcAddress
FindClose
GetModuleFileNameA
GetACP
FindNextFileA
FreeLibrary
GetUserDefaultLCID
SetEnvironmentVariableA
EncodePointer
DecodePointer
CreateEventW
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RaiseException
RtlUnwind
LoadLibraryExW
InterlockedFlushSList
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
CreateDirectoryW
RemoveDirectoryW
FindFirstFileExW
FindNextFileW
DeleteFileW
MoveFileExW
GetTimeZoneInformation

zlib_fme

inflateReset
crc32
inflateEnd
inflate
deflateEnd
deflate
deflateInit2_
inflateInit2_
inflateCopy

stk

??1?$PimplBase@VObsoleteRegexpImpl@@@detail@ex@stk@@IAE@XZ
??0ObsoleteRegexp@@QAE@PBD@Z

libcurl_fme

curl_easy_perform
curl_version
curl_slist_append
curl_easy_setopt
curl_easy_init
curl_easy_getinfo
curl_easy_cleanup
curl_slist_free_all

Exports

Exports

FME_apiVersion
FME_createReader
FME_destroyReader

Sections

.text
Size: 630KB - Virtual size: 630KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a455391317ac9f381bebe470cfd0354

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

zlib_fme

stk

libcurl_fme

Exports

Exports

Sections

.text Size: 630KB - Virtual size: 630KB

.rdata Size: 146KB - Virtual size: 145KB

.data Size: 24KB - Virtual size: 188KB

.gfids Size: 512B - Virtual size: 404B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 630KB - Virtual size: 630KB

.rdata
Size: 146KB - Virtual size: 145KB

.data
Size: 24KB - Virtual size: 188KB

.gfids
Size: 512B - Virtual size: 404B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 37KB - Virtual size: 37KB