f16fd9ea66d38aadacecca0c6bd6e5d0_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

f16fd9ea66d38aadacecca0c6bd6e5d0_NEIKI
Size

5.0MB
MD5

f16fd9ea66d38aadacecca0c6bd6e5d0
SHA1

7a4583c78d42e259f25cbfab56a36a67d7d846fb
SHA256

2c3c8f57084b070cffce6d97026764a0a906078aa6b014455e36a3c5dc6ec32d
SHA512

9c778463b93f62630ecb659333334394e5b30932b307f389fcac8fd89eea3263742a6a97e650120c9dbc846c9ebd0e437659e0e28b257f7ff76957d62e375423
SSDEEP

49152:+l10tR8UsILILIcoo0ZaBdHEBtas3f3aygIy/wjQ4O8b8ITDnld5Lak9HezgXKn1:+l10tRMz3oo0ZaByEyB9n5vxUTGfd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f16fd9ea66d38aadacecca0c6bd6e5d0_NEIKI

Files

f16fd9ea66d38aadacecca0c6bd6e5d0_NEIKI
.exe windows:6 windows x86 arch:x86

fabcd4e44aefb825e863b2f7f854c120

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\T\BuildResults\bin\Release\AcrobatExe.pdb

Imports

kernel32

SetFilePointer
GetSystemInfo
VirtualQueryEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadLibraryExA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
WideCharToMultiByte
SetErrorMode
QueryPerformanceCounter
HeapSetInformation
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
CreateProcessW
GetSystemTime
GetSystemTimeAsFileTime
AddAtomW
SystemTimeToFileTime
IsProcessorFeaturePresent
GetVersionExW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
FindFirstFileA
CreateFileA
GetSystemPowerStatus
GetModuleFileNameA
TerminateThread
SetThreadPriority
GetCurrentThread
CreateEventA
lstrcmpW
lstrcmpA
GetSystemDirectoryW
OutputDebugStringW
QueryDosDeviceW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
GetCurrentDirectoryW
MultiByteToWideChar
SetDllDirectoryW
LoadLibraryA
LoadLibraryExW
FreeLibrary
GetExitCodeProcess
GetLongPathNameW
SetCurrentDirectoryW
GetCommandLineW
GetTickCount
OpenMutexW
GetVolumeInformationW
CreateThread
CreateEventW
CreateMutexW
WaitForSingleObject
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitNamedPipeW
CreateNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
WriteFile
ReadFile
GetFileType
CreateFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WriteConsoleW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFinalPathNameByHandleW
ExitProcess
SetStdHandle
GetConsoleMode
GetConsoleOutputCP
FreeLibraryAndExitThread
RtlUnwind
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetLocaleInfoEx
GetCPInfo
CompareStringEx
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FindResourceExW
OpenProcess
TerminateProcess
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
RaiseException
DecodePointer
OutputDebugStringA
GetStartupInfoW
lstrlenW
GetCurrentProcessId
GetCurrentProcess
GetTempPathW
CreateDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
VerifyVersionInfoW
lstrcmpiW
LocalFree
LocalAlloc
GetCurrentThreadId
GetLastError
CloseHandle
VerSetConditionMask
GetProcAddress
GetFileAttributesA
LCMapStringEx
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
GetStdHandle
FindNextFileA
InitializeSRWLock
GetStringTypeW
WaitForSingleObjectEx
QueryFullProcessImageNameW
GlobalHandle
CreatePipe
MulDiv
GlobalUnlock
GlobalSize
GlobalLock
OpenFileMappingW
GetComputerNameExW
OpenEventW
CreateDirectoryExW
CompareFileTime
GetFileTime
VirtualProtect
VirtualQuery
ExpandEnvironmentStringsW
ProcessIdToSessionId
GetProcessId
DuplicateHandle
GetProcessTimes
IsWow64Process
GetProductInfo
GetNativeSystemInfo
DeleteFileW
GetFileSizeEx
GetLocalTime
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
UnregisterWaitEx
RegisterWaitForSingleObject
QueryPerformanceFrequency
QueryThreadCycleTime
GetThreadPriority
GetUserDefaultLangID
IsDebuggerPresent
GetThreadId
TlsGetValue
AcquireSRWLockExclusive
MoveFileExW
GetFileAttributesExW
CopyFileW
TlsAlloc
TlsFree
TlsSetValue
SetFilePointerEx
SetEndOfFile
GetFileInformationByHandle
FlushFileBuffers
FindFirstFileExW
GetWindowsDirectoryW
lstrcmpiA
SetEnvironmentVariableW
GetEnvironmentVariableW
GetLocaleInfoW
GetDriveTypeW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
GetFileSize
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
GetVolumeInformationByHandleW
GetProfileStringW
ReadProcessMemory
CreateIoCompletionPort
TerminateJobObject
GetQueuedCompletionStatus
UnregisterWait
PostQueuedCompletionStatus
SetInformationJobObject
IsProcessInJob
QueryInformationJobObject
ResumeThread
DebugBreak
GetUserDefaultLCID
GetUserDefaultLocaleName
SetHandleInformation
SetProcessDEPPolicy
AssignProcessToJobObject
SignalObjectAndWait
CreateRemoteThread
CreateJobObjectW
VirtualFree
SearchPathW
ExitThread
GetModuleHandleExA
GlobalAlloc
GlobalFree
GetTempFileNameW
GetExitCodeThread
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetFullPathNameW
GetModuleHandleExW

user32

GetMessageW
GetUserObjectInformationW
GetProcessWindowStation
SetProcessWindowStation
CreateWindowStationW
CreateDesktopW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
TranslateMessage
GetParent
MessageBoxW
RemovePropW
GetPropW
SetPropW
GetActiveWindow
GetDlgItem
SendMessageW
GetPropA
GetClassNameW
DispatchMessageW
DdeDisconnect
DdeConnect
DdeAddData
DdeCreateDataHandle
DdeQueryStringA
DdeGetData
EnumThreadWindows
IsWindowVisible
DdeFreeStringHandle
DdeCreateStringHandleW
DdeNameService
DdeUninitialize
DdeInitializeW
SetWindowLongW
SendNotifyMessageW
RegisterWindowMessageA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
CreateWindowExW
RegisterClassExW
DefWindowProcW
RegisterWindowMessageW
LoadIconA
LoadCursorA
FindWindowA
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
PostQuitMessage
GetThreadDesktop
PostThreadMessageW
IsWindowEnabled
MsgWaitForMultipleObjects
PeekMessageW
CloseWindowStation
GetFocus
MonitorFromWindow
GetMonitorInfoW
GetAsyncKeyState
EnumChildWindows
FindWindowExW
EnableWindow
WindowFromPoint
GetAncestor
GetShellWindow
GetRawInputDeviceInfoW
SetActiveWindow
CreateIconFromResourceEx
GetDC
GetWindowTextLengthW
ReleaseDC
RegisterClassW
GetWindowInfo
SetDlgItemTextW
GetRawInputDeviceList
DdeClientTransaction
LoadIconW
SendDlgItemMessageW
RegisterClipboardFormatW
GetClipboardData
IsClipboardFormatAvailable
EnumClipboardFormats
CountClipboardFormats
SetClipboardData
GetClipboardFormatNameW
GetClipboardFormatNameA
GetClipboardSequenceNumber
GetClipboardOwner
GetPriorityClipboardFormat
GetOpenClipboardWindow
GetClipboardViewer
CloseWindow
LoadCursorW
GetWindowDC
SystemParametersInfoW
BeginPaint
EndPaint
GetClientRect
MoveWindow
UpdateWindow
AdjustWindowRectEx
IsChild
SetFocus
SetRect
MonitorFromRect
IsRectEmpty
GetClassInfoExW
GetSysColor
CallWindowProcW
RedrawWindow
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
SetCapture
ReleaseCapture
FillRect
InvalidateRect
InvalidateRgn
DestroyAcceleratorTable
MapWindowPoints
SetCursor
IsDialogMessageW
LoadBitmapW
MapDialogRect
SetWindowContextHelpId
CreateDialogIndirectParamW
DefWindowProcA
DispatchMessageA
GetMessageA
UserHandleGrantAccess
GetWindow
EnumWindows
SetParent
GetWindowLongW
GetWindowTextW
IsWindow
GetDesktopWindow
GetWindowRect
SetForegroundWindow
GetSystemMetrics
BringWindowToTop
SendMessageTimeoutW
EnumDesktopWindows
SetWindowTextW
GetForegroundWindow
CharNextW
EndDialog
DialogBoxParamW
GetGUIThreadInfo
GetWindowThreadProcessId
FindWindowW
AllowSetForegroundWindow
SwitchToThisWindow
KillTimer
SetTimer
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowPos
ShowWindow
UnregisterClassW
PostMessageW

advapi32

CryptGenKey
RegGetValueW
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
RegOpenKeyA
EqualSid
AllocateAndInitializeSid
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
ReportEventW
RegisterEventSourceW
CloseEventLog
ConvertSidToStringSidW
MakeAbsoluteSD
InitiateSystemShutdownW
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
SetTokenInformation
GetSecurityDescriptorSacl
GetLengthSid
FreeSid
DuplicateTokenEx
CreateWellKnownSid
CopySid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteKeyExW
SystemFunction036
GetNamedSecurityInfoW
MapGenericMask
AccessCheck
OpenThreadToken
InitializeSecurityDescriptor
InitializeAcl
SetSecurityDescriptorDacl
GetAce
SetKernelObjectSecurity
GetKernelObjectSecurity
InitializeSid
GetAclInformation
AddAce
RevertToSelf
RegDisablePredefinedCache
CreateRestrictedToken
DuplicateToken
CreateProcessAsUserW
SetThreadToken
CheckTokenMembership
RegDeleteTreeW
SaferiIsExecutableFileType
GetUserNameW
ImpersonateAnonymousToken
CryptAcquireContextA
CryptAcquireContextW
CryptReleaseContext
CryptImportKey
CryptDestroyKey
CryptGetProvParam
CryptSetProvParam
CryptGenRandom
CryptGetUserKey
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptSignHashA
CryptSignHashW
CryptGetHashParam
CryptSetHashParam
CredReadW
CredFree
CredWriteW
CredDeleteW
CryptSetKeyParam
CryptContextAddRef

shlwapi

UrlIsW
PathCanonicalizeW
PathFileExistsW
PathRemoveBackslashW
PathAppendW
PathRemoveFileSpecW
PathFindExtensionA
PathCombineW
PathIsRelativeW
PathFindExtensionW
AssocQueryStringW
UrlGetPartW
PathIsDirectoryW
PathIsUNCW
PathFindFileNameW
PathAddBackslashW
PathCreateFromUrlW
UrlCanonicalizeW
UrlUnescapeW
PathIsUNCServerShareW
ord219
PathIsURLW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winhttp

WinHttpSetCredentials
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpAddRequestHeaders

Exports

Exports

AcroRd32IsBrokerProcess
GetHandleVerifier
GetWinstaDesktopInfo
IsSandboxedProcess

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 649KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 725KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 741KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fabcd4e44aefb825e863b2f7f854c120

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

version

winhttp

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 649KB - Virtual size: 648KB

.data Size: 54KB - Virtual size: 78KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 725KB - Virtual size: 724KB

.reloc Size: 741KB - Virtual size: 744KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 649KB - Virtual size: 648KB

.data
Size: 54KB - Virtual size: 78KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 725KB - Virtual size: 724KB

.reloc
Size: 741KB - Virtual size: 744KB