ab35aa0d4e77f585e5f8bfc9d2207390_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

ab35aa0d4e77f585e5f8bfc9d2207390_NEIKI
Size

636KB
MD5

ab35aa0d4e77f585e5f8bfc9d2207390
SHA1

f53ffadff8842f42c7f88170ae1dc5d2afa9d201
SHA256

c3a6ed73456e37b6939d2abdfd2a91021ee5943bffe2e9c7148c4712f1b0e292
SHA512

5af16ae705e1ad90a6715350bd9106ab9df786662fecdee13cd7ef7dc236723c79b06dda718000bcad5968a18128c406d0272fbff5adee1692ca7d227218492b
SSDEEP

12288:XQ38Q9fFJBLZEkYp11lfsqllZjkD605YmxV:Xu8g5YpkBYq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab35aa0d4e77f585e5f8bfc9d2207390_NEIKI

Files

ab35aa0d4e77f585e5f8bfc9d2207390_NEIKI
.exe windows:4 windows x86 arch:x86

aeccfe233cc28178857d1511241f7112

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_llseek
GetLocalTime
GetProcAddress
GetModuleHandleA
CreateThread
DuplicateHandle
GetCurrentThread
GetCurrentProcess
GetVersion
GlobalFree
VirtualProtect
lstrcmpiA
LoadLibraryA
GlobalAlloc
IsBadWritePtr
ExitProcess
InitializeCriticalSection
GetCurrentProcessId
GetTickCount
ResumeThread
SuspendThread
Sleep
CloseHandle
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
CreateFileA
CreateFileW
GetFileInformationByHandle
GetFileSize
LockFile
LockFileEx
OpenFile
ReadFile
ReadFileEx
SetEndOfFile
SetFilePointer
UnlockFile
UnlockFileEx
WriteFile
WriteFileEx
_hread
_hwrite
_lclose
_lcreat
GetEnvironmentVariableA
_lopen
_lread
_lwrite
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
FreeLibrary
CreateFileMappingA
CreateFileMappingW
OpenFileMappingA
OpenFileMappingW
GetLastError
SetLastError
IsBadReadPtr
CreateEventA
WaitForSingleObject
SetEvent
GetOverlappedResult
VirtualAlloc
VirtualFree
WideCharToMultiByte
GetFileType
DeleteFileA
DeleteFileW
GetFullPathNameA
DeviceIoControl
GetTempPathA
GetWindowsDirectoryA
GetCommandLineA
GetPriorityClass
SetPriorityClass
GetThreadPriority
SetThreadPriority
lstrcpyA
GetPrivateProfileStringA
GetPrivateProfileIntA

user32

MessageBoxA
GetActiveWindow
wsprintfA

Sections

0000001
Size: 536KB - Virtual size: 535KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000002
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

0000004
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000005
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000006
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

0000007
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aeccfe233cc28178857d1511241f7112

Headers

File Characteristics

Imports

kernel32

user32

Sections

0000001 Size: 536KB - Virtual size: 535KB

0000002 Size: 4KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 1KB

0000004 Size: 42KB - Virtual size: 42KB

0000005 Size: 2KB - Virtual size: 2KB

0000006 Size: 34KB - Virtual size: 34KB

0000007 Size: 4KB - Virtual size: 2KB

0000001
Size: 536KB - Virtual size: 535KB

0000002
Size: 4KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 1KB

0000004
Size: 42KB - Virtual size: 42KB

0000005
Size: 2KB - Virtual size: 2KB

0000006
Size: 34KB - Virtual size: 34KB

0000007
Size: 4KB - Virtual size: 2KB