ac8a91668eaf9d4989bf95b2e404ab00_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

ac8a91668eaf9d4989bf95b2e404ab00_NEIKI
Size

276KB
MD5

ac8a91668eaf9d4989bf95b2e404ab00
SHA1

486a6f9f3f4457a155f22d226f9c68d9ecfa2683
SHA256

a058e418f659a18939c0a881101cac34b044387f01d02e666ae11ef3e2b16166
SHA512

1c49d65eaf7af40054fc9633975a881435b0d5d58c47b60f932a4ae22100a021eef4ab6c120ae45f92acb327f306bab704ad5d101520141774faa3e0d3a33cb5
SSDEEP

6144:bSbdC4/M6ej+8fX6RowL5A3PaWwMysL7l0J:+bdDM5kL5Atjbx0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac8a91668eaf9d4989bf95b2e404ab00_NEIKI

Files

ac8a91668eaf9d4989bf95b2e404ab00_NEIKI
.exe windows:4 windows x86 arch:x86

a3a3b299ea9dde16992424296db25524

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord15
ord156
ord141
ord87
ord67

activeds

ord3

shlwapi

SHDeleteEmptyKeyA
SHDeleteKeyA

kernel32

CompareFileTime
WritePrivateProfileStringA
GetPrivateProfileStringA
WinExec
CloseHandle
WaitForSingleObject
CreateProcessA
FindNextFileA
FindFirstFileA
GetTickCount
CopyFileA
CreateThread
InterlockedIncrement
ReadFile
CreateFileA
GetFileTime
GetFileSize
SetFilePointer
WriteFile
SetCurrentDirectoryA
DeleteFileA
SetFileAttributesA
GetModuleFileNameA
GetCurrentProcess
SetFileTime
GetFileAttributesA
GetTempFileNameA
GetExitCodeProcess
SetErrorMode
GlobalFree
GlobalAlloc
GetNumberFormatA
GetShortPathNameA
InterlockedDecrement
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
MoveFileExA
FindClose
GetLocalTime
MoveFileA
GetVersionExA
RemoveDirectoryA
CreateDirectoryA
GetDiskFreeSpaceA
SetLastError
GetComputerNameA
lstrlenA
LoadLibraryA
GetOEMCP
GetACP
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TerminateProcess
SetEndOfFile
SetStdHandle
RaiseException
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
HeapFree
HeapAlloc
GetFileType
RtlUnwind
FreeLibrary
GetModuleHandleA
FormatMessageA
LocalAlloc
lstrcatA
lstrcpyA
LocalFree
GetLastError
SystemTimeToFileTime
LocalFileTimeToFileTime
MultiByteToWideChar
HeapSize
SetUnhandledExceptionFilter
IsBadCodePtr

user32

GetMessageA
LoadStringA
DialogBoxParamA
DispatchMessageA
SendMessageA
MessageBoxA
wsprintfA
GetDesktopWindow
InvalidateRect
UpdateWindow
EnableWindow
IsDlgButtonChecked
SendDlgItemMessageA
ShowWindow
FindWindowA
SendMessageTimeoutA
ExitWindowsEx
SetForegroundWindow
IsWindowVisible
DefWindowProcA
PostMessageA
BeginPaint
GetDlgItem
FillRect
DrawTextA
EndPaint
PostQuitMessage
GetClientRect
LoadCursorA
RegisterClassExA
GetWindowRect
CreateWindowExA
GetDlgItemTextA
SetWindowTextA
LoadIconA
SetClassLongA
CheckDlgButton
GetWindowLongA
SetWindowLongA
SetWindowPos
FindWindowExA
DestroyWindow
LoadBitmapA
GetSysColorBrush
SetFocus
EndDialog
SetDlgItemTextA
GetSysColor

ole32

CLSIDFromProgID
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantCopy
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
SafeArrayUnaccessData
SysFreeString
SafeArrayAccessData
SysAllocString

advapi32

RegOpenKeyA
GetUserNameA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegSetValueExA
RegDeleteValueA
RegEnumValueA

urlmon

URLDownloadToCacheFileA

gdi32

SetBkMode
SelectObject
SetBkColor
DeleteObject
CreateFontA
TextOutA
SetTextColor

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shell32

SHBrowseForFolderA
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
ShellExecuteA
SHGetMalloc

wininet

DeleteUrlCacheEntry
InternetGetLastResponseInfoA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetSetOptionA
InternetErrorDlg
HttpSendRequestA
HttpQueryInfoA

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3a3b299ea9dde16992424296db25524

Headers

File Characteristics

Imports

msi

activeds

shlwapi

kernel32

user32

ole32

oleaut32

advapi32

urlmon

gdi32

version

shell32

wininet

Sections

.text Size: 152KB - Virtual size: 148KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 28KB - Virtual size: 63KB

.rsrc Size: 76KB - Virtual size: 74KB

.text
Size: 152KB - Virtual size: 148KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 28KB - Virtual size: 63KB

.rsrc
Size: 76KB - Virtual size: 74KB