ceb74a916ff2b20c99d5d36e0ba5c9e0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

ceb74a916ff2b20c99d5d36e0ba5c9e0_NEIKI
Size

892KB
MD5

ceb74a916ff2b20c99d5d36e0ba5c9e0
SHA1

f90d438a6177c75e5469837c0727e34f9b127961
SHA256

3c1c9157a14544ba44fa0e7d568da014ac84c8704213221ac7f068925160263b
SHA512

c81bbcd3b3aa7c7dddd34ab47bd8144e70afb234c16def696ff2090765aa868fe2e4224152d4a79e6a9d81dafa1711212a61a5a8f29273b587e5b3d03571b722
SSDEEP

12288:KiRTuOtXEjUZ1E3lisBlg7m9oxttsFPub1TwQGVqASHN6x2GI8ndgRJ:FVuvDiag+oxttsFPOQV88pndgRJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ceb74a916ff2b20c99d5d36e0ba5c9e0_NEIKI

Files

ceb74a916ff2b20c99d5d36e0ba5c9e0_NEIKI
.exe windows:4 windows x86 arch:x86

d0c9711dab39f1316131f082e4f2529d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Release66\NeroSnap\Viewer\Release\Viewer.pdb

Imports

mfc71

ord2367
ord1731
ord3105
ord508
ord578
ord876
ord3761
ord310
ord4580
ord3641
ord3441
ord4212
ord4735
ord2020
ord1395
ord6065
ord2372
ord354
ord297
ord1489
ord2902
ord299
ord2933
ord577
ord280
ord1488
ord282
ord2932
ord4125
ord2086
ord1545
ord4232
ord3164
ord587
ord1931
ord1483
ord4098
ord2089
ord1547
ord4234
ord3171
ord591
ord1654
ord1598
ord2987
ord3328
ord754
ord3883
ord5868
ord1892
ord1790
ord5613
ord2867
ord304
ord907
ord781
ord5563
ord5529
ord300
ord3934
ord900
ord287
ord293
ord283
ord2130
ord5528
ord903
ord3848
ord4035
ord2164
ord2657
ord783
ord6118
ord1482
ord762
ord1397
ord6266
ord1933
ord1484
ord657
ord4508
ord4096
ord2087
ord1546
ord4233
ord922
ord2389
ord2412
ord2407
ord2941
ord3167
ord4085
ord5744
ord298
ord784
ord1486
ord1122
ord2494
ord6067
ord2322
ord1793
ord2019
ord333
ord6283
ord3677
ord2875
ord1651
ord1595
ord6014
ord4198
ord3929
ord5355
ord3987
ord1912
ord2081
ord2077
ord2039
ord1352
ord4991
ord1345
ord1351
ord5145
ord6269
ord5202
ord2402
ord4966
ord5161
ord1962
ord3325
ord651
ord751
ord416
ord562
ord5739
ord3161
ord4041
ord2370
ord1564
ord1063
ord6009
ord5740
ord4115
ord3401
ord593
ord5119
ord334
ord2272
ord3997
ord2271
ord3648
ord595
ord2246
ord1913
ord2615
ord5009
ord5012
ord4309
ord4135
ord2939
ord4904
ord943
ord5356
ord2992
ord2425
ord2424
ord4019
ord1557
ord3945
ord5148
ord5205
ord2173
ord1306
ord4277
ord4265
ord742
ord606
ord5165
ord2371
ord357
ord532
ord553
ord5859
ord2477
ord1191
ord1187
ord6090
ord911
ord1425
ord1091
ord1123
ord266
ord4473
ord4467
ord3683
ord3182
ord3109
ord6305
ord1308
ord2176
ord630
ord3088
ord2021
ord385
ord908
ord347
ord6178
ord959
ord547
ord4031
ord5975
ord1054
ord1126
ord3830
ord4038
ord4014
ord6278
ord3801
ord4326
ord2063
ord5583
ord3806
ord1010
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord2838
ord4481
ord3645
ord3450
ord4705
ord4566
ord2614
ord2621
ord6238
ord2016
ord2051
ord5156
ord5592
ord1379
ord5412
ord2742
ord5495
ord4257
ord4852
ord4739
ord1922
ord4222
ord3040
ord2768
ord5934
ord6043
ord4482
ord4264
ord616
ord3952
ord368
ord5929
ord6231
ord4472
ord4471
ord3672
ord3567
ord3740
ord4444
ord4790
ord4980
ord4172
ord4181
ord4776
ord4386
ord4401
ord4399
ord4381
ord4384
ord4379
ord4863
ord4860
ord3974
ord5151
ord3344
ord1360
ord4273
ord732
ord5174
ord5620
ord3163
ord4100
ord2094
ord3244
ord1955
ord1283
ord544
ord4352
ord2044
ord3351
ord6144
ord5988
ord6091
ord4935
ord4665
ord4591
ord5702
ord2427
ord3070
ord5403
ord2468
ord3132
ord3071
ord3553
ord3552
ord760
ord2654
ord4118
ord2328
ord3466
ord2955
ord395
ord635
ord4299
ord265
ord3592
ord1053
ord2018
ord2248
ord5419
ord4109
ord4108
ord3110
ord5102
ord2990
ord757
ord566
ord3204
ord355
ord4320
ord5731
ord1929
ord865
ord6037
ord2938
ord3337
ord1917
ord1161
ord1916
ord5642
ord6180
ord5833
ord3667
ord3668
ord1327
ord2036
ord1582
ord5212
ord4280
ord1521
ord4272
ord528
ord721
ord4583
ord1185
ord5071
ord5072
ord5070
ord4797
ord4617
ord4867
ord4844
ord4190
ord4213
ord4736
ord5211
ord4720
ord519
ord718
ord3849
ord6276
ord2324
ord1729
ord5986
ord753
ord2131
ord563
ord1009
ord6255
ord6005
ord5714
ord6006
ord5715
ord745
ord722
ord557
ord530
ord4353
ord5727
ord782
ord3850
ord356
ord1096
ord5491
ord1199
ord758
ord567
ord5888
ord2263
ord5634
ord6017
ord602
ord1873
ord1880
ord1781
ord1794
ord4262
ord5203
ord1401
ord5912
ord1551
ord1670
ord1671
ord2034
ord4890
ord5182
ord1298
ord605
ord620
ord3195
ord4244
ord1554
ord1903
ord5637
ord1279
ord1280
ord3302
ord2368
ord1934
ord3210
ord1084
ord4211
ord6236
ord4734
ord3549
ord3665
ord501
ord2264
ord709
ord764
ord572
ord3317
ord2991
ord741
ord4261
ord4486
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2862
ord2714
ord4307
ord2835
ord2731
ord2537
ord5200
ord1599
ord1655
ord1656
ord1964
ord5175
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400

msvcr71

_strdup
_makepath
_stat
_findfirsti64
_findclose
sprintf
atoi
memset
_mbsicmp
_mbscmp
_splitpath
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
_except_handler3
malloc
_purecall
__RTDynamicCast
free
_mbstok
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_mbsnbcpy
memcpy
fclose
strncpy
fopen
??1exception@@UAE@XZ
_CxxThrowException
wcslen
strncmp
strtok
fgets
memmove
_wcslwr
_mbsinc
_mbsnextc
_mbsninc
_mbslen
_stricmp
_close
_read
_filelength
_open
_strcmpi
_strnicmp
_setmbcp
sscanf
__CxxFrameHandler
_ismbblead
toupper
_mbsrchr
localtime
strcpy
time
mktime
_mbsstr
strcat
printf
rand
memcmp
asctime
srand
strtoul
_mbschr
isdigit
_strupr
_vsnprintf
strcmp
??1type_info@@UAE@XZ
__security_error_handler
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
strlen
_controlfp

kernel32

lstrcatA
GetModuleHandleA
LocalAlloc
GetTickCount
CloseHandle
ReadFile
WinExec
CreateFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
WaitForSingleObject
CreateEventA
DeviceIoControl
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetWindowsDirectoryA
lstrcpyA
SizeofResource
FindResourceA
LoadResource
LockResource
GetSystemDefaultLangID
FindFirstFileA
FindNextFileA
FindClose
GetModuleFileNameA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GlobalUnlock
GlobalAlloc
GlobalLock
Beep
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
LocalFree
FormatMessageA
WideCharToMultiByte
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetVersion
lstrcmpiA
lstrlenW
lstrlenA
GetFileSize

user32

SendMessageA
PostMessageA
GetWindowRect
EnableWindow
GetClientRect
WinHelpA
CloseClipboard
ShowWindow
MapDialogRect
MessageBeep
RedrawWindow
CopyIcon
SetCursor
DestroyCursor
InflateRect
PtInRect
GetCapture
SetWindowTextA
IsWindowVisible
GetClassNameA
GetSysColor
AdjustWindowRect
ReleaseCapture
GetSysColorBrush
LoadCursorA
SetCapture
OffsetRect
SetRect
ModifyMenuA
GetMenuItemID
GetMenuItemCount
LoadBitmapA
EnumChildWindows
GetKeyState
ScreenToClient
SetWindowPos
ReleaseDC
GetDC
EqualRect
SetClipboardData
IsChild
GetFocus
IsMenu
GetCursorPos
IsWindow
KillTimer
SetTimer
LoadMenuA
FillRect
UpdateWindow
MessageBoxA
GetWindowPlacement
SystemParametersInfoA
CopyRect
GetMenu
GetSubMenu
GetMenuState
CheckMenuItem
GetDesktopWindow
GetWindow
GetWindowTextA
BringWindowToTop
SendMessageTimeoutA
LoadImageA
GetSystemMetrics
GetWindowLongA
SetWindowLongA
SetParent
EmptyClipboard
OpenClipboard
InvalidateRect
GetParent

gdi32

TextOutA
SetDIBitsToDevice
SetPixelV
GetPixel
GetTextFaceA
CreateFontA
ExtTextOutA
SelectObject
CreateCompatibleBitmap
CreateFontIndirectA
GetStockObject
GetTextExtentPoint32A
CreateSolidBrush
BitBlt
CreateDIBSection
GetObjectA
DeleteDC
DeleteObject
StretchBlt
GetDeviceCaps
CreateCompatibleDC
CreateRectRgn
SetTextJustification

advapi32

FreeSid
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegEnumValueA
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA

shell32

DragFinish
DragQueryFileA
ShellExecuteA
DragAcceptFiles

comctl32

ImageList_AddMasked
ord17

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

oleaut32

SysAllocStringLen
SysFreeString

msvcp71

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0_Lockit@std@@QAE@H@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@V312@G@Z
??0locale@std@@QAE@XZ
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IABV12@@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIPBG@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIABV12@@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?_Xran@_String_base@std@@QBEXXZ
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IPBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?is@?$ctype@G@std@@QBE_NFG@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?_Id_cnt@id@locale@std@@0HA
??1locale@std@@QAE@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 552KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0c9711dab39f1316131f082e4f2529d

Headers

File Characteristics

PDB Paths

Imports

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp71

version

Sections

.text Size: 212KB - Virtual size: 211KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 52KB - Virtual size: 52KB

.rsrc Size: 552KB - Virtual size: 548KB

.text
Size: 212KB - Virtual size: 211KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 52KB - Virtual size: 52KB

.rsrc
Size: 552KB - Virtual size: 548KB