52a309f801255fb9004fcc55e4d119f0_NEIKI | Triage

Sharing

General

Target

52a309f801255fb9004fcc55e4d119f0_NEIKI
Size

28KB
MD5

52a309f801255fb9004fcc55e4d119f0
SHA1

e3ea5c1de69279bdcdb19fdd6114252b22b6a8a0
SHA256

91f381c03c0cf8d10a4381d91731f0585b2a4f135ab50f2d111b8334eef5d1a9
SHA512

27bd2d229028e6318549ea772db378e8250ff6af93a7c34c3e4f8db9d4269761ff9ef89339793af73d211ce710d0654f6c3fcbeca67ff7e6b0c7b86ede632e17
SSDEEP

192:zUrLpoYq+HB9mEo3IyowGavBWQmexSV1lvGzkzVvhFH+M1SQs5vA3im:4HGYPHUZxvBXmeUTlvfvhFH+MDsBWP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52a309f801255fb9004fcc55e4d119f0_NEIKI

Files

52a309f801255fb9004fcc55e4d119f0_NEIKI
.dll windows:4 windows x86 arch:x86

fc69491a3dbc887f35cbc0e4ac968821

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2764
ord6648
ord6663
ord535
ord858
ord924
ord926
ord537
ord922
ord6779
ord2763
ord540
ord4278
ord1253
ord342
ord823
ord1182
ord3663
ord2841
ord825
ord2107
ord5450
ord5440
ord6383
ord6394
ord6877
ord800
ord2915
ord941
ord1168

msvcrt

_initterm
malloc
_adjust_fdiv
free
_onexit
__dllonexit
_except_handler3
__CxxFrameHandler
_stricmp

kernel32

OutputDebugStringA
GetCurrentProcess
LoadLibraryA
WriteProcessMemory

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ