a36b86bf1580956e7ad27a718d3437c0_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a36b86bf1580956e7ad27a718d3437c0_NEIKI
Size

5.7MB
MD5

a36b86bf1580956e7ad27a718d3437c0
SHA1

05b230520e659baa54dcd33e20af78c11e9113e6
SHA256

dda6230fd9d29fcfb975942b186add31109a18ddb033ee92ba4a1ceaff2aff4a
SHA512

f85617900b6c8d7d0a5f4c0132450db7fc70ea472a60c168a2753be2edf9bd16bf57a78676ee7a4bf14cdafbc8e11eef6f17d2ed2bf357739e919a7e337f15ad
SSDEEP

98304:9FSPl6Pahze6icze6ij7hze6icze4FSPl6Pahze6icze6inhze6icze6i:LSPl6Pahze6icze6ij7hze6iczeiSPlT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a36b86bf1580956e7ad27a718d3437c0_NEIKI

Files

a36b86bf1580956e7ad27a718d3437c0_NEIKI
.exe windows:4 windows x86 arch:x86

717b2626293cd57cdcfe059b5fd6afa7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

SaveDC

ole32

OleDraw

comctl32

ImageList_Add

shell32

ShellExecuteA

comdlg32

GetSaveFileNameA

netapi32

Netbios

winmm

sndPlaySoundA

Sections

.MPRESS1
Size: 378KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE