58838628134a11d76f8bd74f3aa63d80_NEIKI | Triage

Sharing

General

Target

58838628134a11d76f8bd74f3aa63d80_NEIKI
Size

119KB
MD5

58838628134a11d76f8bd74f3aa63d80
SHA1

f6c3669f3c677499777625e7a69ed6e39f7d532b
SHA256

3d834287f9239241ad86c73e0eff2fb7392021e9742017c6d818469a7919e62c
SHA512

f6c2aab0992d6c5d40508b7322d65f853ed059a898a55e47826c3a4e7caa13cfea9b9cc7d912c831da1d7a4bba8f6024442984a507d573369ab507712bbcabd1
SSDEEP

3072:mmLqY0vYLQ5c3toFUphU4HJpIZU6avN0TU6ZvAhcXc:ra8Q5YtcUp77IZEl0XJAF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58838628134a11d76f8bd74f3aa63d80_NEIKI

Files

58838628134a11d76f8bd74f3aa63d80_NEIKI
.exe windows:4 windows x86 arch:x86

ffaa1012356778477852e0d1f8c33b01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessAsUserA
CommConfigDialogA
IsBadHugeReadPtr
LocalFileTimeToFileTime
CancelIo
MoveFileWithProgressW
Module32FirstW
GetThreadErrorMode
GetPackageApplicationIds
FlsSetValue
GetTempPathW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE