b91c7a7e285f33cb069212e47c3dfe80_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

b91c7a7e285f33cb069212e47c3dfe80_NEIKI
Size

908KB
MD5

b91c7a7e285f33cb069212e47c3dfe80
SHA1

409d87386337d1b9110e344d08c5873a4bac1727
SHA256

55aafc6f16c1ac36ceff44204cf87fa3f301fd37ff75a33f45978341cd3de2c6
SHA512

b656e396a43af5747a13e5abc669ef38409c3ac81a49cacf0800ce6bcd75760c97308366f018e2629700a06c3056e2b8fd0b3c47be8a1574571523d39a4d41f1
SSDEEP

24576:MTCMWk0z8EEuqCcxT5KwWVtXa4bsJBgFyAsSlNGbOh:MxvWpwWK4bsJB222NN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b91c7a7e285f33cb069212e47c3dfe80_NEIKI

Files

b91c7a7e285f33cb069212e47c3dfe80_NEIKI
.dll windows:6 windows x64 arch:x64

a69a6894e2f7931a7791198dda14f7bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

pidgenx.pdb

Imports

msvcrt

_vsnwprintf
_wcsicmp
memmove
memset
memcpy
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
srand
time
rand
wcsncmp
_wtoi
_wcsnicmp
_itow
_ui64tow
_XcptFilter
_purecall
wcschr
wcsstr
memcmp
wcscmp

kernel32

GetProcessAffinityMask
WaitForMultipleObjects
SetEvent
ReleaseSemaphore
RaiseException
WaitForSingleObject
GetThreadPriority
MapViewOfFile
CreateFileMappingW
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateThread
LoadLibraryExW
GetModuleFileNameW
VirtualQuery
FreeLibraryAndExitThread
GetCurrentThread
SetThreadPriority
FreeLibrary
FileTimeToSystemTime
GetSystemDefaultLangID
GetVersionExW
GetLocalTime
SystemTimeToFileTime
InitializeCriticalSection
UnmapViewOfFile
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlVirtualUnwind
RtlLookupFunctionEntry
Sleep
RtlDeleteFunctionTable
RtlAddFunctionTable
HeapAlloc
HeapFree
GetProcessHeap
SetLastError
LocalAlloc
GetVersionExA
GetLastError
LocalFree
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
CreateFileW
GetFileSize
ReadFile
SetFilePointer
RtlCaptureContext
SetUnhandledExceptionFilter
GetCurrentProcess
VirtualFree
UnhandledExceptionFilter
VirtualAlloc
TerminateProcess

advapi32

TraceMessage
CryptGetHashParam
CryptExportKey
CryptVerifySignatureA
CryptSignHashA
CryptDecrypt
CryptEncrypt
CryptGenKey
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom

rpcrt4

UuidFromStringW
I_RpcMapWin32Status
UuidToStringW
RpcStringFreeW

Exports

Exports

PidGenX
PidGenX2

Sections

.text
Size: 869KB - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a69a6894e2f7931a7791198dda14f7bf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 869KB - Virtual size: 869KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 19KB - Virtual size: 18KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 869KB - Virtual size: 869KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 19KB - Virtual size: 18KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 11KB - Virtual size: 11KB