b94755a72bb7ace95bf2b75875ff6600_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

b94755a72bb7ace95bf2b75875ff6600_NEIKI
Size

2.0MB
MD5

b94755a72bb7ace95bf2b75875ff6600
SHA1

c1d4764948e3a199a6adbf516dc6504f4abd8ae8
SHA256

8208e72f940b15c6c781da1763e0b0cf048a660aa18c252ef16fac28e27b4987
SHA512

996312b59c463355fb5d629dcfbc051fc57842a22b5894cee6cbfd8b2d916b736760347e998c13fe03d8e05107de39118af63679cf684acee9f1ebb596e2c8ce
SSDEEP

49152:4LbYI4I0bVKBUhx8CRSrzQ8vbeKgSRpXxmDYeQeaUx7qEaY6aB0zj0yjoB2:IYZkBU6ZvCK/phm8eQN8lB2Yyjl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b94755a72bb7ace95bf2b75875ff6600_NEIKI

Files

b94755a72bb7ace95bf2b75875ff6600_NEIKI
.exe windows:6 windows x64 arch:x64

5cc802a4132e88da3bec2162a9e54adb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wbengine.pdb

Imports

advapi32

RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
TraceMessage
DuplicateTokenEx
RegQueryValueExW
GetUserNameW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetLengthSid
IsValidSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
IsValidSecurityDescriptor
RegEnumValueW
LookupAccountNameW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
CreateServiceW
ControlService
DeleteService
InitiateShutdownW
RegGetValueW
TraceEvent
RegUnLoadKeyW
RegLoadKeyW
CheckTokenMembership
SetSecurityInfo
GetSecurityDescriptorLength
GetSecurityInfo
EventRegister
EventEnabled
EventUnregister
EventWrite
SetThreadToken
OpenThreadToken
ControlTraceW
LsaFreeMemory
GetWindowsAccountDomainSid
ConvertSidToStringSidW
AdjustTokenPrivileges
LsaNtStatusToWinError
RevertToSelf
ConvertStringSecurityDescriptorToSecurityDescriptorW
ImpersonateLoggedOnUser
LsaClose
LookupPrivilegeValueW
SetNamedSecurityInfoW
EqualSid
LsaOpenPolicy
LogonUserW
LsaQueryInformationPolicy
OpenProcessToken
QueryServiceStatus
EnumDependentServicesW

kernel32

CreateThread
GetTickCount
LocalAlloc
HeapSetInformation
CreateWaitableTimerW
WaitForSingleObjectEx
GetCommandLineW
GetCurrentThreadId
CopyFileW
DeviceIoControl
GetDriveTypeW
GetFullPathNameW
GetSystemWindowsDirectoryW
GetVolumePathNameW
TlsGetValue
OutputDebugStringW
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
SetErrorMode
GetFileAttributesExW
QueryDosDeviceW
DeleteVolumeMountPointW
CancelIoEx
GetLogicalDrives
SetVolumeMountPointW
SetWaitableTimer
GetLocalTime
SetLastError
GetFileSize
GetLongPathNameW
SetFileValidData
SetFilePointerEx
SetEndOfFile
GetVolumeInformationW
CancelIo
RtlCompareMemory
GetOverlappedResult
GetCurrentThread
SleepEx
SetFilePointer
CopyFileExW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetTickCount64
GetWindowsDirectoryW
GetSystemInfo
GetProductInfo
GetComputerNameExW
GetTempPathW
GetVersionExW
SetFileAttributesW
GetFileInformationByHandle
GetVolumeNameForVolumeMountPointW
FindNextFileW
RemoveDirectoryW
SetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetVolumePathNamesForVolumeNameW
GetDiskFreeSpaceExW
GetFileAttributesW
OutputDebugStringA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
GetEnvironmentVariableW
CompareStringW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetTimeZoneInformation
Sleep
SetThreadExecutionState
FileTimeToLocalFileTime
SetVolumeLabelW
FileTimeToSystemTime
CompareFileTime
FindClose
MoveFileW
ReadFile
MoveFileExW
FlushFileBuffers
WriteFile
DeleteFileW
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetSystemTime
LocalFree
GetFileSizeEx
CreateFileW
ResetEvent
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
GetProcAddress
GetLastError
RaiseException
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
SizeofResource
LoadLibraryW
InitializeCriticalSection
GetModuleHandleW
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap

user32

UnregisterClassA
CharNextW
LoadStringW
PostThreadMessageW
MessageBoxW
GetMessageW
TranslateMessage
DispatchMessageW
CharUpperW

msvcrt

wcscat_s
wcscpy_s
realloc
swscanf_s
wcsncmp
_vsnwprintf
_wcsnicmp
calloc
memmove_s
_errno
_unlock
__dllonexit
_lock
swprintf_s
memmove
_onexit
__wgetmainargs
_ultow_s
strncmp
wcsnlen
_wcsupr
_scwprintf
_snwscanf_s
_vsnprintf
wcscspn
towlower
_wgetenv
_wtol
wcstok_s
_wcstoi64
__CxxFrameHandler3
_wcsicmp
_XcptFilter
_exit
_cexit
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
_commode
wcschr
wcstoul
?terminate@@YAXXZ
_CxxThrowException
__C_specific_handler
_resetstkoflw
_wcslwr
_fmode
wcsstr
__set_app_type
??1type_info@@UEAA@XZ
??2@YAPEAX_K@Z
memcpy_s
_purecall
malloc
memcpy
memcmp
free
wcsncpy_s
??3@YAXPEAX@Z
wcsrchr
memset

ntdll

NtQueryInformationFile
LdrGetDllHandle
NtWaitForSingleObject
NtQueryVolumeInformationFile
NtDeleteFile
NtCreateEvent
NtResetEvent
RtlStringFromGUID
RtlFreeUnicodeString
RtlGUIDFromString
NtAllocateUuids
RtlNtStatusToDosError
NtSetInformationKey
RtlSetAllBits
RtlSetBits
RtlInitializeBitMap
RtlNumberOfSetBits
RtlAreBitsSet
RtlClearAllBits
RtlNumberOfClearBits
RtlFindNextForwardRunClear
RtlClearBits
RtlDosPathNameToNtPathName_U
RtlAreBitsClear
WinSqmAddToStreamEx
RtlCreateSystemVolumeInformationFolder
RtlGetSetBootStatusData
RtlUnlockBootStatusData
NtQuerySymbolicLinkObject
LdrGetProcedureAddress
NtOpenSymbolicLinkObject
RtlInitAnsiString
NtDeviceIoControlFile
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlLengthSid
RtlAllocateAndInitializeSid
NtDeleteKey
NtAdjustPrivilegesToken
NtSetValueKey
NtQueryValueKey
NtSetSecurityObject
NtOpenProcessToken
RtlAddAccessAllowedAceEx
RtlLengthSecurityDescriptor
NtCreateFile
NtCreateKey
NtOpenThreadToken
NtLoadKey
NtDeleteValueKey
RtlFreeSid
NtUnloadKey
NtSaveKey
RtlCreateAcl
NtOpenKey
NtQueryAttributesFile
NtEnumerateKey
NtQueryKey
NtQuerySystemInformation
NtOpenFile
RtlAllocateHeap
NtClose
RtlFreeHeap
RtlGetLastNtStatus
WinSqmAddToStream
RtlInitUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlSetDaclSecurityDescriptor

ole32

CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoSuspendClassObjects
CoResumeClassObjects
CoRevokeClassObject
CoTaskMemRealloc
CreateStreamOnHGlobal
CoImpersonateClient
CoRevertToSelf
CoCreateGuid
CoRegisterClassObject
CoTaskMemFree

oleaut32

VariantInit
VariantCopy
VariantClear
VarUI4FromStr
SysFreeString
SysAllocString
VarBstrCat
SysAllocStringLen
UnRegisterTypeLi
LoadTypeLi
SysStringLen
RegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
SystemTimeToVariantTime
VarBstrCmp

rpcrt4

UuidFromStringW
RpcStringFreeW
UuidToStringW
UuidCreate

vssapi

VssFreeSnapshotPropertiesInternal
CreateVssExamineWriterMetadataInternal
CreateVssBackupComponentsInternal

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupGetInfDriverStoreLocationW
SetupDiGetDeviceRegistryPropertyW
SetupEnumPublishedInfW

netapi32

NetShareAdd
NetApiBufferFree
NetShareDel
NetShareGetInfo

xmllite

CreateXmlReaderInputWithEncodingName
CreateXmlReader

bcrypt

BCryptOpenAlgorithmProvider
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptGetProperty
BCryptDestroyHash

virtdisk

GetVirtualDiskInformation
GetVirtualDiskOperationProgress
GetStorageDependencyInformation
DetachVirtualDisk
CompactVirtualDisk
OpenVirtualDisk
GetVirtualDiskPhysicalPath
AttachVirtualDisk

clusapi

GetNodeClusterState

Exports

Exports

??0CTraceProvider@@QEAA@W4COMPONENT_CODE@@@Z
??1CTraceProvider@@QEAA@XZ
??4CTraceProvider@@QEAAAEAV0@AEBV0@@Z
?EtwTrace@CTraceProvider@@QEAAXAEBUDLS_TRACE_EVENT@@@Z
?OdsTrace@CTraceProvider@@QEAAXAEBUDLS_TRACE_EVENT@@@Z
?QueryTaskId@CTraceProvider@@SA?AU_GUID@@XZ
?SetTraceControlInfo@CTraceProvider@@QEAAX_N_KK@Z
?Trace@CTraceProvider@@QEAAXW4TRACE_FLAG@@PEBGKPEBX1PEAD@Z
?TraceMessage@CTraceFailureHelper@@QEAAXPEBGZZ
?m_dwTraceCurrSize@CTraceProvider@@0KA
?m_dwTraceLevel@CTraceProvider@@0KA
?m_dwTraceMaxNum@CTraceProvider@@0KA
?m_dwTraceMaxSize@CTraceProvider@@0KA
?m_dwTraceNextNum@CTraceProvider@@0KA
?m_errLogCriticalSection@CTraceProvider@@0U_RTL_CRITICAL_SECTION@@A
?m_errorFile@CTraceProvider@@0PEAU_iobuf@@EA
?m_errorTracingInBadState@CTraceProvider@@0_NA
?m_isCriticalSectionIntialized@CTraceProvider@@0_NA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5cc802a4132e88da3bec2162a9e54adb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

oleaut32

rpcrt4

vssapi

setupapi

netapi32

xmllite

bcrypt

virtdisk

clusapi

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.data Size: 3KB - Virtual size: 11KB

.pdata Size: 32KB - Virtual size: 32KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 3KB - Virtual size: 11KB

.pdata
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 572KB - Virtual size: 576KB