e78c988a1ad3ff234be062a9af2e7800_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e78c988a1ad3ff234be062a9af2e7800_NEIKI
Size

72KB
MD5

e78c988a1ad3ff234be062a9af2e7800
SHA1

426d4a1aca3259092d3f45cc97cd879d5d69fbb2
SHA256

b623e11ef410bdb72bdb7d50be4c7a85d0cf30e41c78210b6190f49e65054f73
SHA512

5bc08faa672b3cb738fdb6cfe7f861a64a72461c3fe278556f44f36b7182035077f587eb746cdb6f32282a636cb37b8fc994b60a1511a4f642da9f8f3d20dffd
SSDEEP

1536:14R9KzUD5X66zFOa2INL0U/zDDiGPsMI7MPeDhx6:2KzAXXzFt2INJ/4MPua

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e78c988a1ad3ff234be062a9af2e7800_NEIKI

Files

e78c988a1ad3ff234be062a9af2e7800_NEIKI
.exe windows:4 windows x86 arch:x86

e95e3c19c1b1846eddfe9b97188d572c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateFileA
CreateMutexA
CreateProcessA
CreateProcessW
DeleteFileA
ExitProcess
GetCommandLineW
GetModuleFileNameA
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
HeapAlloc
ReadFile
SetFileAttributesA
SetFilePointer
WriteFile

ntdll

NtFlushInstructionCache
NtOpenKey
NtProtectVirtualMemory

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE