a577a44aa9c7220ae83935218d2e9990_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

a577a44aa9c7220ae83935218d2e9990_NEIKI
Size

337KB
MD5

a577a44aa9c7220ae83935218d2e9990
SHA1

1a95fdd3048e753a7ef8752df66574072972ba68
SHA256

45dd3fe1e539deb67d4a566f2c8294720478cc8b72b96d7d35a1d6b87751df89
SHA512

2a01f589ba2948e960d31ca41aed5e59529fe34aef5d17621eb769a7843dede93d3b7e95c7c679b5180184897e1f076f326dcd9456c55b38bd54815bb687c41a
SSDEEP

6144:cB8cYmOfX6q+3aSfq9qpzysnbFxz6S7fK33eFpCUwp5Fx5hTjeziOCK++ZSiiAMg:c/YmI6Namq9qpzyKbFP7KHMCXTeziOa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a577a44aa9c7220ae83935218d2e9990_NEIKI

Files

a577a44aa9c7220ae83935218d2e9990_NEIKI
.dll windows:6 windows x86 arch:x86

7accdbf05b2dd6c3c9786031370a1fb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\japan-geoid\japan-geoid\target\i686-pc-windows-msvc\release\deps\japan_geoid.pdb

Imports

kernel32

DisableThreadLibraryCalls
GetCurrentThreadId
InitializeSListHead
GetEnvironmentVariableW
GetCurrentDirectoryW
GetStdHandle
GetCurrentProcessId
SetLastError
RtlCaptureContext
WaitForSingleObject
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentThread
UnhandledExceptionFilter
AcquireSRWLockShared
GetCurrentProcess
LoadLibraryA
CreateMutexA
AcquireSRWLockExclusive
GetConsoleMode
GetLastError
GetModuleHandleW
FormatMessageW
ReleaseSRWLockShared
MultiByteToWideChar
WriteConsoleW
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
GetSystemTimeAsFileTime
ReleaseMutex
IsDebuggerPresent
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
GetProcAddress
WaitForSingleObjectEx
GetModuleHandleA
CloseHandle
Sleep
TlsSetValue
HeapReAlloc
TlsGetValue
IsProcessorFeaturePresent

advapi32

SystemFunction036

ntdll

RtlNtStatusToDosError
NtWriteFile

bcrypt

BCryptGenRandom

python39

PyImport_Import
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_GetContext
PyCapsule_New
Py_IsInitialized
PyUnicode_FromStringAndSize
PyGILState_Ensure
PyGILState_Release
_Py_Dealloc
PyObject_Repr
PyObject_Str
PyErr_Restore
PyTuple_New
PyException_GetTraceback
PyErr_NormalizeException
PyErr_SetString
PyErr_Fetch
PyErr_SetObject
PyModule_Create2
PyExc_BaseException
PyUnicode_InternInPlace
PyBytes_AsString
PyBytes_Size
PyBytes_FromStringAndSize
PyExc_InterruptedError
PyExc_ConnectionAbortedError
PyExc_BlockingIOError
PyExc_TimeoutError
PyExc_RuntimeError
PyExc_BrokenPipeError
PyExc_FileExistsError
PyExc_ConnectionResetError
PyExc_PermissionError
PyExc_FileNotFoundError
PyExc_ConnectionRefusedError
PyExc_OSError
_Py_NoneStruct
PyException_SetTraceback
PyErr_PrintEx
PyExc_ValueError
PyException_GetCause
PyException_SetCause
PyErr_Print
PyObject_SetAttrString
PyLong_FromSsize_t
PyObject_GetItem
PyObject_SetItem
PyObject_DelItem
PyUnicode_AsEncodedString
PyExc_AttributeError
PyErr_GivenExceptionMatches
PyObject_GetAttr
PyObject_SetAttr
PyErr_Clear
PyObject_Free
PyMem_Malloc
PyExc_ImportError
PyInterpreterState_Get
PyInterpreterState_GetID
PyObject_GenericGetDict
PyObject_GenericSetDict
PyType_FromSpec
PyType_GenericAlloc
PyFloat_FromDouble
PyFloat_Type
PyFloat_AsDouble
PyList_New
PyList_Append
PyCapsule_Type
PyType_IsSubtype
PyBaseObject_Type
PyObject_GC_UnTrack
PyErr_WriteUnraisable
PyExc_TypeError
PyUnicode_AsUTF8AndSize
PyExc_SystemError
PyErr_NewExceptionWithDoc

vcruntime140

memcpy
memcmp
memmove
memset
_CxxThrowException
__std_type_info_destroy_list
_except_handler4_common
__CxxFrameHandler3

api-ms-win-crt-math-l1-1-0

fmod
floor

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm
_execute_onexit_table
_initialize_onexit_table
_cexit

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

PyInit_japan_geoid

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7accdbf05b2dd6c3c9786031370a1fb5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ntdll

bcrypt

python39

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 255KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 1024B - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 256KB - Virtual size: 255KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB