8fe8f4ab0617aacd6be3ff55af468a60_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

8fe8f4ab0617aacd6be3ff55af468a60_NEIKI
Size

2.9MB
MD5

8fe8f4ab0617aacd6be3ff55af468a60
SHA1

adadcc77fcfb7eebd6892d7b5472b0adfa400965
SHA256

7e5c6ac4b423bb4aa0d46e2594b624d231444ee433e16e20d2748ab56db869bc
SHA512

3a3f3a62f1f889c06fd43b65ae1264bd029fa8509b17d9a3abf38f98bab4e6e147dae349e2a2c3d82802eb6126aa2f693297f426b2a2a6a8c63ca19a1f68dce6
SSDEEP

24576:ql7JecRMCtk5F9liAgHlD5hk09TCt2roL9oM56FJgu0WMQytSbXh2CjuYQ30JKU5:ql7Jewz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8fe8f4ab0617aacd6be3ff55af468a60_NEIKI

Files

8fe8f4ab0617aacd6be3ff55af468a60_NEIKI
.dll windows:6 windows x64 arch:x64

b6480723a8e6dc5238d3574423beacb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Build\workspace\netwitness-endpoint-agent\windows\VS2019\windows-agent-msi\windows\ECAT\WixInstaller\CustomActionDll\bin\Release\CustomActionDll64.pdb

Imports

msi

ord145
ord32
ord103
ord73
ord124
ord17
ord159
ord49
ord160
ord8
ord158
ord118
ord74

ole32

CoCreateGuid

shlwapi

PathFileExistsW
PathAppendW
PathFindFileNameW
PathRemoveArgsW

crypt32

CertFindCertificateInStore
CertCloseStore
CertOpenStore
CertDeleteCertificateFromStore
CertFreeCertificateContext
CertDuplicateCertificateContext

kernel32

TlsSetValue
TlsFree
LoadLibraryExW
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
GetLastError
CloseHandle
Sleep
GetSystemTime
VirtualAlloc
GetProcAddress
GetModuleHandleW
GetModuleHandleA
ReadProcessMemory
GetSystemTimeAsFileTime
QueryPerformanceCounter
GlobalFree
FindFirstFileW
SetLastError
FindNextFileW
RemoveDirectoryW
FindClose
SetFileAttributesW
GetModuleHandleExW
MoveFileExW
CopyFileW
GetSystemWindowsDirectoryW
GetCurrentProcess
CompareStringW
WaitForSingleObject
SetEvent
RaiseException
GlobalAlloc
LoadLibraryW
WideCharToMultiByte
WriteProcessMemory
TerminateProcess
K32GetModuleFileNameExW
OpenEventW
OpenProcess
VirtualAllocEx
ExitProcess
FreeLibrary
lstrlenW
LCMapStringW
GetCurrentProcessId
WriteFile
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
GetModuleFileNameW
InterlockedFlushSList
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
GetStdHandle
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
TlsGetValue
MultiByteToWideChar
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
CreateFileW
WriteConsoleW
DeleteFileW
HeapSize
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

advapi32

RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
DeleteService
ControlService
QueryServiceConfigW
QueryServiceStatusEx
QueryServiceStatus
RegCreateKeyExW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
OpenServiceW
RegCloseKey
RegSetValueExA
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

ContainmentDisable
InitializeProperties
OnCancelExit
OnErrorExit
OnSuccessExit
ServiceCleanup
ServiceConfigure
ServiceDelete
ServiceExecute
ServiceInstall
ServiceRemoveDifferent
ServiceRollback
ServiceStop

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6480723a8e6dc5238d3574423beacb0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

ole32

shlwapi

crypt32

kernel32

advapi32

version

Exports

Exports

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 3KB - Virtual size: 11KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 3KB - Virtual size: 11KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB