e74229f66b58a07527a521c052d16360_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

e74229f66b58a07527a521c052d16360_NEIKI
Size

112KB
MD5

e74229f66b58a07527a521c052d16360
SHA1

05f76233abd6c1fdfa3f2f333fa112e40c03d1c7
SHA256

2042c39403f0bfc6ba2bbcedd7af2fdfb66b76f2ff619c7f11789d5eb3dfe1c6
SHA512

dbdec7dc732359fade17e2f65981c0f1e8be888f2beeb0d3db5ab01441220778ece82f4589b42a7fbadf7b1c9b947cd99aea98f8070ed6c806c93eabfc1ae228
SSDEEP

3072:bjXuNuM6GGkedYVUpayxWTDV0TzUulJxa:bkEkeeOXxUYzUaQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e74229f66b58a07527a521c052d16360_NEIKI

Files

e74229f66b58a07527a521c052d16360_NEIKI
.dll windows:4 windows x86 arch:x86

c0e9404fa4da062e80ee979e34772f03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsW
PathRemoveFileSpecW

kernel32

GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
RaiseException
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileW
InterlockedExchange
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryW
DeviceIoControl
DeleteFileW
GetModuleFileNameW
GetDriveTypeW
Sleep
lstrlenW
GetPrivateProfileStringA
CreateFileA
LoadLibraryA
SetEndOfFile
SetFileAttributesW
GetLocaleInfoW
GetOEMCP
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
RtlUnwind
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
ExitProcess
HeapReAlloc
LCMapStringA
GetLastError
LCMapStringW
GetCPInfo
IsBadCodePtr
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
SetUnhandledExceptionFilter
FlushFileBuffers
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetFileAttributesW
SetStdHandle
IsBadReadPtr

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteExW

Exports

Exports

ChangeBootIni
CreatePartition
Format
GetDMITable
GetDMITableCount
GetDTFlag
GetQPFlag
GetUUID
SetMBR
UnMount

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0e9404fa4da062e80ee979e34772f03

Headers

File Characteristics

Imports

shlwapi

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 6KB