e95a1c0a18df69a34247aa62049e6010_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

e95a1c0a18df69a34247aa62049e6010_NEIKI
Size

1.2MB
MD5

e95a1c0a18df69a34247aa62049e6010
SHA1

b06d891ab330b06fbfecedbf1106b799c5ae9dea
SHA256

1f0bf0821b550de657c9101599c4f22358069ebcbe031fbbbb8b6d3f0df63593
SHA512

d5eea1331ef268787280cafb6f810eb70e1602f7c9aa1da3d1c0a1e6e230185fb901e34f1140ada48ee2db96b1a428681c70302576df22a6fd7ff8992f443121
SSDEEP

12288:Cp7iNRaU3A2pyFFoEfGRtbn+wH/oVTj3gVfUfsH:CmQs+AoVTbgVfH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e95a1c0a18df69a34247aa62049e6010_NEIKI

Files

e95a1c0a18df69a34247aa62049e6010_NEIKI
.dll windows:5 windows x86 arch:x86

8f72aafa44d077d829acaacc6310de55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Developer\Desktop\Source S4 FTeam\MHP\HackClient\Debug\MHPClient.pdb

Imports

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
WaitForMultipleObjects
SetThreadPriority
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileInformationByHandle
CreateFileW
SetFilePointer
GetLocalTime
CreateDirectoryA
CreateMutexA
GetCurrentProcessId
GetFullPathNameA
OpenMutexA
WaitForSingleObject
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
VirtualQuery
GetCurrentThreadId
HeapFree
GetProcessHeap
HeapAlloc
GetModuleFileNameA
LoadLibraryA
GlobalMemoryStatusEx
GetVersionExA
DeviceIoControl
GetLastError
GetCurrentProcess
OpenFileMappingA
TerminateProcess
VirtualProtect
GetModuleHandleA
QueryDosDeviceA
GetLogicalDriveStringsA
QueryDosDeviceW
GetLogicalDriveStringsW
SetEvent
CreateEventA
FreeLibrary
GetModuleFileNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
LoadLibraryW
lstrlenA
RaiseException
MultiByteToWideChar
IsDebuggerPresent
WideCharToMultiByte
DecodePointer
EncodePointer
SetLastError
VirtualFree
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
InterlockedCompareExchange
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TerminateThread
CloseHandle
GetProcAddress
OpenProcess
GetTickCount
DeleteFileA
WriteFile
FindFirstFileA
FindNextFileA
CreateFileA
GetFileSize
ReadFile
Sleep
GetCurrentThread
TryEnterCriticalSection
CreateThread

user32

SendMessageA
wsprintfA
wsprintfW
GetForegroundWindow
UnhookWindowsHookEx
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowsHookExA
CallNextHookEx
DefWindowProcA
PostQuitMessage
EndPaint
GetClientRect
BeginPaint
LoadImageA
UpdateWindow
ShowWindow
CreateWindowExA
GetSystemMetrics
SetWindowLongA
GetWindowLongA
MessageBoxA
GetWindowThreadProcessId
FindWindowExA
UnregisterClassA
LoadCursorA
RegisterClassExA

gdi32

GetObjectA
GetStockObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateFontA
SetBkMode
SetTextColor
TextOutA
DeleteObject

advapi32

RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyA
RegCloseKey

msvcp100d

?_Debug_message@std@@YAXPB_W0I@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ

ws2_32

WSACreateEvent
socket
WSAStartup
WSAEventSelect
WSAGetLastError
connect
gethostbyname
inet_addr
htons
WSACloseEvent
closesocket
recv
send
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
ntohs
getpeername

psapi

EnumProcesses
GetModuleFileNameExA
EnumProcessModules
GetModuleInformation
GetProcessImageFileNameW

shlwapi

SHDeleteKeyA
PathRemoveFileSpecW

dbghelp

ImageRvaToSection

msvcr100d

?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_CrtSetCheckCount
_encoded_null
_free_dbg
_malloc_dbg
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
_CRT_RTC_INITW
memchr
wcslen
wcscpy_s
_stricmp
vsprintf_s
strcpy_s
wcsstr
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_CxxThrowException
strlen
rand
memcmp
free
fread
fclose
malloc
fopen_s
_wfopen_s
??3@YAXPAX@Z
__CxxFrameHandler3
memset
memcpy
memmove
_invalid_parameter
_CrtDbgReportW
??_V@YAXPAX@Z
strcmp

Exports

Exports

EntryProc

Sections

.textbss
Size: - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 828KB - Virtual size: 828KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f72aafa44d077d829acaacc6310de55

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

msvcp100d

ws2_32

psapi

shlwapi

dbghelp

msvcr100d

Exports

Exports

Sections

.textbss Size: - Virtual size: 134KB

.text Size: 298KB - Virtual size: 297KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 1KB - Virtual size: 72KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 828KB - Virtual size: 828KB

.reloc Size: 14KB - Virtual size: 14KB

.textbss
Size: - Virtual size: 134KB

.text
Size: 298KB - Virtual size: 297KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 1KB - Virtual size: 72KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 828KB - Virtual size: 828KB

.reloc
Size: 14KB - Virtual size: 14KB