bd7998f3c6fb880a421aadad44301400_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

bd7998f3c6fb880a421aadad44301400_NEIKI
Size

639KB
MD5

bd7998f3c6fb880a421aadad44301400
SHA1

28272ce27c922bd19ab92f71d05aef628936e7dd
SHA256

8c06c6435310bf95d4fe682f88c391dd16969d05e61c2819da722d677ee464ae
SHA512

6ec55c2bfc3b341ee62b4656da22e28c58ff6ae13810152fc7e11e20fe6e9e9fc5a5d2fdc105862c9b03e96c7438ee8a7a724f39c5ef2ccd6fdbcdbdb2b4f381
SSDEEP

12288:t2XrJw/upbcicTt7C+QxLYlidAP3xf2mFxtwVY3KH/xsX+d77:t8bcN7PQxSDV2mp3KH/xsX+dn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd7998f3c6fb880a421aadad44301400_NEIKI

Files

bd7998f3c6fb880a421aadad44301400_NEIKI
.dll windows:6 windows x86 arch:x86

5b6e87c8512ffdc864a4a681750c9723

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

in_mod.pdb

Imports

shlwapi

PathFindExtensionW

kernel32

IsValidCodePage
LoadLibraryExA
SetThreadPriority
WaitForSingleObject
MultiByteToWideChar
Sleep
CloseHandle
CreateThread
GetModuleHandleW
WideCharToMultiByte
LeaveCriticalSection
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetProcAddress
lstrcmpiW
EnterCriticalSection

user32

GetDlgItem
PostThreadMessageW
SendDlgItemMessageW
SetDlgItemTextW
CheckDlgButton
CharNextW
MessageBoxIndirectW
PeekMessageW
GetDlgCtrlID
PostMessageW
MessageBoxW
SendMessageW
EndDialog
IsDlgButtonChecked

winamp

SaveNativeIniInt
SaveNativeIniString
GetNativeIniInt

msvcp140

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?uncaught_exception@std@@YA_NXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?classic@locale@std@@SAABV12@XZ
?_Xbad_alloc@std@@YAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?_Xruntime_error@std@@YAXPBD@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?max_length@codecvt_base@std@@QBEHXZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@HPBD@Z
_Query_perf_frequency
?_Random_device@std@@YAIXZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Query_perf_counter
_Xtime_get_ticks
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?_Xlength_error@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z

vcruntime140

memmove
memcpy
memcmp
memchr
__std_exception_destroy
__CxxFrameHandler3
__std_terminate
_purecall
_CxxThrowException
_except_handler4_common
memset
__std_type_info_destroy_list
__std_exception_copy

api-ms-win-crt-stdio-l1-1-0

fclose
fgetpos
fflush
fgetc
setvbuf
ungetc
fwrite
fsetpos
fread
_fseeki64
_get_stream_buffer_pointers
fputc
__stdio_common_vswprintf

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
calloc

api-ms-win-crt-string-l1-1-0

isspace
strncmp
_stricmp
wcsncpy
strncpy_s
strnlen
_wcsicmp

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-runtime-l1-1-0

_initterm
_seh_filter_dll
_initterm_e
terminate
_invalid_parameter_noinfo_noreturn
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-math-l1-1-0

_libm_sse2_log_precise
_libm_sse2_pow_precise
_libm_sse2_exp_precise
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_libm_sse2_atan_precise
_CIsinh
_except1
_libm_sse2_sqrt_precise
roundf
_libm_sse2_tan_precise
ceil
floor
round

api-ms-win-crt-utility-l1-1-0

div

zlib

uncompress
crc32

Exports

Exports

winampAddUnifiedFileInfoPane
winampGetExtendedFileInfoW
winampGetInModule2
winampUninstallPlugin
winampUseUnifiedFileInfoDlg

Sections

.text
Size: 521KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b6e87c8512ffdc864a4a681750c9723

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

winamp

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

zlib

Exports

Exports

Sections

.text Size: 521KB - Virtual size: 521KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 1024B - Virtual size: 326KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 521KB - Virtual size: 521KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 1024B - Virtual size: 326KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 15KB - Virtual size: 14KB