a33ca1733ec03bd49b53afc7cd34e340_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

a33ca1733ec03bd49b53afc7cd34e340_NEIKI
Size

124KB
MD5

a33ca1733ec03bd49b53afc7cd34e340
SHA1

1aec3dd6c9201cdd30fc6bd5c16925772e48139f
SHA256

2c2627e9f7ec42104ce7393c69016562ca3b6ac843c168da7ec79d985b738d9c
SHA512

718ed04982fcf78152bf8f03df2e84364fc11617d18f2c3e1e1f838062c44c7ed37eb69948d51581b5ecce9f275efb7359639451be038b239bbd8a8f2dfa280d
SSDEEP

1536:WLRP0MJWWjjQSOE0bv0u60Z0nmNZ2monhr75Go2NbZO0cyNDDVKvtmgMbFulxSNX:IaMc8jO4u6T8oh5EPUAg0FuloNyloZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a33ca1733ec03bd49b53afc7cd34e340_NEIKI

Files

a33ca1733ec03bd49b53afc7cd34e340_NEIKI
.dll windows:4 windows x86 arch:x86

2b48abf1c45bf9e593a140e5c16c4a17

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\KKSoft\trunk\Bin\Release\PlugIn_Everything.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
CloseHandle
WaitForSingleObject
CreateThread
GetModuleFileNameW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
CreateProcessW
WriteFile
CreateFileW
DeleteFileW
TerminateThread
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
InterlockedIncrement
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcatW
lstrcpyW
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetFilePointer
GetOEMCP
GetACP
GetStringTypeW
InitializeCriticalSection
CreateFileMappingA
Sleep
GetStringTypeA
GetSystemInfo
ExitProcess
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
LCMapStringA
GetLastError
LCMapStringW
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
GetCurrentProcess
HeapSize
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
LoadLibraryA
InterlockedExchange
VirtualQuery
GetLocaleInfoA
GetCPInfo
VirtualProtect

user32

wsprintfW
IsWindow
IsWindowVisible
ShowWindow
FindWindowExW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
SendMessageW
PeekMessageW
GetMessageW
TranslateMessage
WaitMessage
DispatchMessageW
DestroyWindow
PostQuitMessage
DefWindowProcW
FindWindowW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shlwapi

PathAppendW

Exports

Exports

PlugIn_Init
PlugIn_UnInit

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b48abf1c45bf9e593a140e5c16c4a17

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 7KB