cfb16a0f8e509a69011c402a70743260_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

cfb16a0f8e509a69011c402a70743260_NEIKI
Size

564KB
MD5

cfb16a0f8e509a69011c402a70743260
SHA1

84b48f7d40f0c5b6f964a58beaff6c0c4f243ff3
SHA256

b85b08f9bb72b7a8be100dd2a60f66ca0cf456d8d52886bcaa7dfd607de16108
SHA512

5ce05e1f7803904b5cd4c608c7a0a5af69feade51bffb8e3f670e89fc35f01d7d2b1785d9cd3430076e45fe7e5fe97929ca7f5dce1f64b68051aa125c7ff9146
SSDEEP

12288:rgE3NqKuT3+jvLy09OMttvRLPJD1KrPwBc+Ao:r33NFwOzLyoJPJXBZA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfb16a0f8e509a69011c402a70743260_NEIKI

Files

cfb16a0f8e509a69011c402a70743260_NEIKI
.exe windows:6 windows x86 arch:x86

d39bea1524d582848eab62e7a68fb93d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sst\proj\motherlode\mc3\develop\Src\BuildScript\vs2012\Release\DADispatcherService.pdb

Imports

ws2_32

gethostname
listen
accept
WSASend
getnameinfo
gethostbyname
inet_addr
gethostbyaddr
getservbyname
shutdown
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup

wldap32

ord60
ord50
ord41
ord22
ord27
ord211
ord33
ord35
ord79
ord30
ord200
ord301
ord46
ord32
ord26
ord143

normaliz

IdnToAscii

advapi32

CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegisterEventSourceA
RegSetValueExA
DeregisterEventSource
RegCreateKeyA
ReportEventA
RegCloseKey
CryptDestroyHash

kernel32

FindNextFileW
GetFileAttributesW
GetFileTime
FindFirstFileW
RemoveDirectoryW
EncodePointer
DecodePointer
FindClose
DeleteFileW
IsDebuggerPresent
IsProcessorFeaturePresent
GetComputerNameA
WideCharToMultiByte
Sleep
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetTickCount
GetLastError
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SleepEx
FormatMessageA
CloseHandle
WaitForSingleObject
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
MultiByteToWideChar
GetACP
TryEnterCriticalSection
TlsGetValue
GetCurrentProcess
SetEvent
GetCurrentThread
TlsSetValue
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
CreateMutexA
ReleaseMutex
TlsAlloc
GetCurrentProcessId
TlsFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentThreadId
LocalFree
CreateFileW
GlobalAlloc
GlobalFree
GetModuleFileNameA

msvcp110

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Syserror_map@std@@YAPBDH@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?classic@locale@std@@SAABV12@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_BADOFF@std@@3_JB
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Winerror_map@std@@YAPBDH@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?id@?$codecvt@_WDH@std@@2V0locale@2@A
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?do_length@?$codecvt@_WDH@std@@MBEHAAHPBD1I@Z
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7?$codecvt@_WDH@std@@6B@
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

msvcr110

_strtoi64
strtol
_errno
tolower
isxdigit
strncpy
strstr
fwrite
strtoul
isdigit
fputc
sprintf
isspace
memchr
fseek
fflush
isalpha
isalnum
_gmtime64
strerror
__sys_nerr
_beginthreadex
_lseeki64
_fstat64
wprintf
_strdup
isupper
islower
isprint
isgraph
vprintf
vsprintf
_vsnprintf
vfprintf
_close
strncat
strerror_s
abort
_stricmp
_exit
_localtime64_s
_CxxThrowException
__CxxFrameHandler3
ispunct
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__winitenv
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
qsort
sscanf
fputs
fgets
strncmp
_stat64
fread
fopen
fclose
__iob_func
strrchr
strchr
memset
memcpy
free
calloc
malloc
realloc
??8type_info@@QBE_NABV0@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
atoi
getenv
_time64
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_purecall
memmove
??2@YAPAXI@Z
??3@YAXPAX@Z
_ftime64_s
_strnicmp
_open
_read
_write
??1bad_cast@std@@UAE@XZ

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d39bea1524d582848eab62e7a68fb93d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

normaliz

advapi32

kernel32

msvcp110

msvcr110

Sections

.text Size: 376KB - Virtual size: 375KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 11KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 94KB - Virtual size: 94KB

.text
Size: 376KB - Virtual size: 375KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 11KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 94KB - Virtual size: 94KB