8a253b9dfa8842412a14846aa25903e0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

8a253b9dfa8842412a14846aa25903e0_NEIKI
Size

68KB
MD5

8a253b9dfa8842412a14846aa25903e0
SHA1

6ec7d4628b573a963145f9de002c6da941c4f4ff
SHA256

02d8ad9d25ed8eb22775fe22f507d6ee32d90821d9ada62230d705ad1a678902
SHA512

47a85dd7d1416ff470a1fd67e32f224e261f25fa63da905a377d262bcc89e411b0e5a39214319571395819a17631a3b40e9fb3fd8dd4ef1732f596fe1b24db0d
SSDEEP

1536:AuPhvs/N1/QCRFlQicAgfnS6Vz+x1ViAa14zpJOjt:/Ns/T3micxnS6VzqQA3zpJOjt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a253b9dfa8842412a14846aa25903e0_NEIKI

Files

8a253b9dfa8842412a14846aa25903e0_NEIKI
.dll regsvr32 windows:4 windows x86 arch:x86

a23d66f4be02292ab7153778720f1ccf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\bld_area\shared\trunk\Norton_Rescue\Bin\Release\RscFmt.pdb

Imports

s32krnll

_DiskIsDoubleSpace@4
_DiskGetPhysicalType@8
_DiskGetType@12
_DiskIsPhantom@4
_SystemGetWindowsType@0
_DiskGetBlockDeviceError@0
_CanSupportExtendedIO@0
_DiskGetSerialNumber@0
_ConvertSizeToCluster@8
_FileSetAttr@8
_FileCreate@8
_NameReturnFile@8
_DosTimeToFileTime@12
_FileSetTime@12
_VolumeLabelSet@12
_WIN_FileWrite@12
_DiskGetBootDrive@0
_FileGetTime@12
_FileTimeToDosTime@12
_WIN_FileRead@12
_WIN_FileClose@4
_WIN_FileSeek@12
_DiskBlockDevice@8
_DiskGetAllocInfo@20
_DiskGetInfo@8
_DiskRecToFloppyAbsDiskRec@8
_DiskBPBToDiskRec@12
_DiskLockPhysicalVolume@12
_MemFree@4
_DiskDiskRecToBPB@8
_ConvertSectorToCluster@8
_DOSGetVersion@0
_DiskBPBFromIndex@8
_DiskGenericIOCTLError@0
_DiskAbsOperation@8
_DiskBPBToAbsDiskRec@8
_DiskLockLogicalVolume@12
_DiskResetDOS@4
_DiskUnlockPhysicalVolume@4
_DiskUnlockLogicalVolume@4
_DiskGenericIOCTL@12
_HWIsNEC@0
_DiskMapLogToPhyParams@12
_MemAlloc@8

s32fatl

_FATMarkEntireFATDirty@4
_FATWrite@4
_DiskGetDefaultVolume@4
_DiskGetFATStr@8
_FATAlloc@8
_FATRead@12
_FATGet@8
_FATFree@4
_ImageSave@8
_FATPut@12

msvcrt

malloc
??2@YAPAXI@Z
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__dllonexit
??3@YAXPAX@Z
strncpy
isdigit
memmove
__CxxFrameHandler
free
_purecall
realloc
_onexit

kernel32

CreateFileA
CloseHandle
GetFileSize
ReadFile
Sleep
GlobalUnlock
InitializeCriticalSection
GetEnvironmentVariableA
_lclose
GetDiskFreeSpaceA
SetErrorMode
DisableThreadLibraryCalls
lstrcmpiA
GetModuleHandleA
GetShortPathNameA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
lstrcatA
lstrcpyA
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
SearchPathA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
FreeResource
lstrlenA
lstrcmpA
OpenFile
GlobalFree

user32

LoadStringA
wsprintfA
MessageBoxA
CharUpperBuffA
MessageBeep
CharNextA
CharUpperA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA
RegQueryValueExA
RegDeleteKeyA

ole32

CoTaskMemFree
CoCreateInstance
StringFromCLSID

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NMsgGet
_NMsgSubst@16

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a23d66f4be02292ab7153778720f1ccf

Headers

File Characteristics

PDB Paths

Imports

s32krnll

s32fatl

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 2KB