1bc3d9af13b8490b67904dd14b42e090_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

1bc3d9af13b8490b67904dd14b42e090_NEIKI
Size

786KB
MD5

1bc3d9af13b8490b67904dd14b42e090
SHA1

96487ad843ec71df6f5863c90e225beed7f8c39d
SHA256

5399ed784db968c7059d1c63eab2f58925d83a070c287b05b6e84a191252350c
SHA512

e53c7a314c49b130cac39d134e3e6158755ed36975cfbb9935b4764a7ce945375deda91aeb92df5c8a7ac61adf8efbbdf8289e3df41bc6e0d82a95fed8f92bf7
SSDEEP

24576:aQvxLOYYOoJh5MKF2kuplZUFdgnJmmMCsUETJP:gYYNhFnupHUFdusnTh

Score

1^/10

Malware Config

Signatures

Files

1bc3d9af13b8490b67904dd14b42e090_NEIKI
.exe windows:4 windows x86 arch:x86

fb582884d983f4ea5a8b87418af9ecc3

Code Sign

33:00:00:00:3b:6a:c0:1e:2b:21:e6:15:dc:00:00:00:00:00:3b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:47

Not After

04/06/2025, 17:47

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:bb:ed:14:9e:39:8d:e8:c2:99:a5:3a
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/05/2021, 09:01

Not After

19/07/2023, 16:26

Subject

SERIALNUMBER=02557590,CN=ARM LIMITED,O=ARM LIMITED,STREET=110 Fulbourn Road,L=Cambridge,ST=Cambridgeshire,C=GB,1.2.840.113549.1.9.1=#0c0e7473672d73734061726d2e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

92:0c:d2:63:bb:3c:76:e6:f0:3a:4c:a3:79:a7:8f:dc:a6:05:fa:46:16:dd:d1:13:9e:21:b0:fe:92:8a:ab:4f
Signer

Actual PE Digest

92:0c:d2:63:bb:3c:76:e6:f0:3a:4c:a3:79:a7:8f:dc:a6:05:fa:46:16:dd:d1:13:9e:21:b0:fe:92:8a:ab:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFullPathNameA
GetLastError
GetModuleFileNameW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_access
_acmdln
_amsg_exit
_cexit
_errno
_exit
_filelengthi64
_fileno
_findclose
_findfirst
_fmode
_fstati64
_fullpath
_initterm
_iob
_lock
_lseeki64
_onexit
_snwprintf
_sopen
time
ctime
_stricmp
_strnicmp
_unlock
bsearch
calloc
exit
fclose
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwprintf
fwrite
getenv
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putchar
puts
qsort
raise
rand
realloc
setlocale
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtol
strtoul
_vsnprintf
_write
abort
vfprintf
vprintf
wcscpy
atoi
_stati64
_findnext
_unlink
_umask
_strdup
_open
_mktemp
_mkdir
_getpid
_getcwd
_fileno
_fdopen
_close
_chmod

user32

CharLowerBuffA
MessageBoxW

Sections

.text
Size: 590KB - Virtual size: 590KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb582884d983f4ea5a8b87418af9ecc3

Code Sign

33:00:00:00:3b:6a:c0:1e:2b:21:e6:15:dc:00:00:00:00:00:3bCertificate

Extended Key Usages

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

34:bb:ed:14:9e:39:8d:e8:c2:99:a5:3aCertificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

92:0c:d2:63:bb:3c:76:e6:f0:3a:4c:a3:79:a7:8f:dc:a6:05:fa:46:16:dd:d1:13:9e:21:b0:fe:92:8a:ab:4fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 590KB - Virtual size: 590KB

.data Size: 3KB - Virtual size: 2KB

.rdata Size: 174KB - Virtual size: 174KB

.bss Size: - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

33:00:00:00:3b:6a:c0:1e:2b:21:e6:15:dc:00:00:00:00:00:3b
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

34:bb:ed:14:9e:39:8d:e8:c2:99:a5:3a
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

92:0c:d2:63:bb:3c:76:e6:f0:3a:4c:a3:79:a7:8f:dc:a6:05:fa:46:16:dd:d1:13:9e:21:b0:fe:92:8a:ab:4f
Signer

.text
Size: 590KB - Virtual size: 590KB

.data
Size: 3KB - Virtual size: 2KB

.rdata
Size: 174KB - Virtual size: 174KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B