c1fccd0ecba2e366e0ee944417ad0150_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

c1fccd0ecba2e366e0ee944417ad0150_NEIKI
Size

644KB
MD5

c1fccd0ecba2e366e0ee944417ad0150
SHA1

9dd0872dad8b9d82edfa14ceca174ad41abff773
SHA256

d9d05b352c8a498498a3ff32cc799643c5a10d77c31496271ff15c3723df16d7
SHA512

1fb6f652e802e63b09fc64a1f2892cd8a23dbdfbcf4208fcf948bef9a638b815e4c9966bcc07f306b8a9257738139cb5fa807df9bbd1119db0cc89ec12cbd58d
SSDEEP

12288:7CK1n7B1Nfqogoyt+AtPJJXYuRrhvVBoi7gpSHeheb:7Cs91NfMoyt+OJjRoispSMG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1fccd0ecba2e366e0ee944417ad0150_NEIKI

Files

c1fccd0ecba2e366e0ee944417ad0150_NEIKI
.exe windows:4 windows x86 arch:x86

3d2285dfcc2fc2e3efef02aed5993102

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\cs_work2\release\etc\showlic.pdb

Imports

msvcr71

_ltoa
_splitpath
_findnext
_findfirst
strcspn
_errno
memcmp
fscanf
rename
_access
strspn
fputc
fputs
_makepath
strncmp
realloc
fseek
rewind
ftell
fwrite
fread
_mkdir
putc
getc
_close
_chsize
difftime
_stricmp
rand
_utime
printf
_fullpath
remove
_searchenv
_c_exit
_exit
_XcptFilter
_cexit
exit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
_sys_errlist
_controlfp
?terminate@@YAXXZ
_stat
_unlink
labs
abs
mblen
wcsftime
wcstok
wcslen
wcsstr
wcsspn
wcscspn
wcscpy
wcsncpy
wcscmp
wcsncmp
wcschr
wcsrchr
wcscat
wcsncat
wcstoul
wcstol
fgetws
fgetwc
towupper
iswctype
_mbsinc
wcstombs
wctomb
mbstowcs
mbtowc
strstr
memmove
calloc
atol
getenv
memset
sscanf
memcpy
_getcwd
toupper
vsprintf
setbuf
ctime
strchr
strrchr
vfprintf
__mb_cur_max
_isctype
_pctype
_getpid
atoi
strncat
_ftol
strcmp
strcat
strlen
strcpy
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_CIfmod
floor
??2@YAPAXI@Z
setlocale
malloc
_setmbcp
mktime
free
_putenv
_strupr
??3@YAXPAX@Z
gmtime
asctime
strncpy
localtime
time
srand
__CxxFrameHandler
sprintf
fopen
fgets
strtok
strtol
fclose
_iob
fprintf
fflush
gets
_itoa

kernel32

SetLastError
CreateProcessA
SetFileAttributesA
FormatMessageA
FindNextFileA
FindClose
GetLogicalDriveStringsA
GetDriveTypeA
GetVolumeInformationA
GetVersionExA
GetFullPathNameA
DeleteFileA
GetSystemDirectoryA
GetEnvironmentVariableA
WideCharToMultiByte
MultiByteToWideChar
QueryDosDeviceA
DefineDosDeviceA
LoadLibraryA
FreeLibrary
DeviceIoControl
WriteFile
ReadFile
CreateFileA
GetLastError
GetTickCount
GetPrivateProfileIntA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSection
GetCurrentProcess
GetProcessAffinityMask
SetThreadAffinityMask
Sleep
SetEvent
ResetEvent
CreateEventA
lstrcmpA
lstrlenA
GetModuleHandleA
GetProcAddress
ReleaseMutex
CreateMutexA
LocalAlloc
LocalFree
GetVersion
OpenFile
CreateFileMappingA
CloseHandle
MapViewOfFile
GetFileSize
UnmapViewOfFile
TerminateThread
WaitForSingleObject
WaitForMultipleObjects
ResumeThread
SuspendThread
CreateThread
GetCurrentThread
GetModuleFileNameA
FindFirstFileA
GetPrivateProfileStringA
GetCurrentDirectoryA
WinExec

user32

CharNextA
KillTimer
GetSystemMetrics
MessageBoxA
SetTimer

advapi32

RegEnumValueA
RegSetKeySecurity
RegQueryValueA
RegCreateKeyExA
RegSetValueA
RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
SetFileSecurityA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryInfoKeyA
GetUserNameA
RegCreateKeyA
RegSetValueExA

netapi32

Netbios

ws2_32

WSAStartup
WSAGetLastError
getpeername
recv
send
connect
socket
bind
getsockname
closesocket
inet_addr

rpcrt4

UuidCreate

Sections

.text
Size: 468KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d2285dfcc2fc2e3efef02aed5993102

Headers

File Characteristics

PDB Paths

Imports

msvcr71

kernel32

user32

advapi32

netapi32

ws2_32

rpcrt4

Sections

.text Size: 468KB - Virtual size: 465KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 156KB - Virtual size: 281KB

.rsrc Size: 4KB - Virtual size: 672B

.text
Size: 468KB - Virtual size: 465KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 156KB - Virtual size: 281KB

.rsrc
Size: 4KB - Virtual size: 672B