8579a549adc506c40581fb7c2030df50_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

8579a549adc506c40581fb7c2030df50_NEIKI
Size

129KB
MD5

8579a549adc506c40581fb7c2030df50
SHA1

03532514f550f251d45a70895e819dfbf6e8fc6e
SHA256

3e971103f1aaedd058c49eb049db6efd188ffa351f80e6c57688bf52708be11c
SHA512

efb72bc551493770125b35e8697a09a0a85dee833b9148840279af3eb26272ea1827121680e2d220b32b95042eaa764152ceddc3d6f599634b47c9148f930799
SSDEEP

3072:EUpzZoRwmJCHuWT0Q9xJ23PxfnaNFNid+TjQ2+som:EUpzGsRTjvJ4Jfubid2W7

Score

1^/10

Malware Config

Signatures

Files

8579a549adc506c40581fb7c2030df50_NEIKI
.exe windows:5 windows x64 arch:x64

0906a2577da7f2e9f9b988cad09c776e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:92:5b:b0:82:88:f9:93:46:2c:cd:d0:71:4c:cb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07-07-2012 00:00

Not After

07-07-2013 23:59

Subject

CN=Bitsum LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=HQ,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:6b:a7:89:af:97:fd:bd:f3:ea:ec:9f:06:e1:40:14:31:c2:ea:24
Signer

Actual PE Digest

8b:6b:a7:89:af:97:fd:bd:f3:ea:ec:9f:06:e1:40:14:31:c2:ea:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pl\output\plActivate.pdb

Imports

wininet

InternetOpenW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
IsBadWritePtr
GetLastError
OutputDebugStringW
LoadLibraryExW
FlushFileBuffers
GetSystemInfo
LoadLibraryW
WriteConsoleW
CreateFileW
WideCharToMultiByte
GetOEMCP
SetStdHandle
SetFilePointerEx
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetProcAddress
LCMapStringW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineW
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
IsValidCodePage
GetACP
GetCPInfo
SetLastError
GetCurrentThreadId
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetConsoleMode
CloseHandle
ExitProcess
GetModuleHandleExW
Sleep
GetStdHandle
WriteFile
GetModuleFileNameW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetConsoleCP

user32

MessageBoxW

advapi32

RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0906a2577da7f2e9f9b988cad09c776e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

67:1d:92:5b:b0:82:88:f9:93:46:2c:cd:d0:71:4c:cbCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

8b:6b:a7:89:af:97:fd:bd:f3:ea:ec:9f:06:e1:40:14:31:c2:ea:24Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

67:1d:92:5b:b0:82:88:f9:93:46:2c:cd:d0:71:4c:cb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

8b:6b:a7:89:af:97:fd:bd:f3:ea:ec:9f:06:e1:40:14:31:c2:ea:24
Signer

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB