b9bf7c5249a748b7341a3e065d3fcf60_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

b9bf7c5249a748b7341a3e065d3fcf60_NEIKI
Size

790KB
MD5

b9bf7c5249a748b7341a3e065d3fcf60
SHA1

853f6063920bda7651ede5a1b7badc37ed05286a
SHA256

6d0f5b87104c2fabbfc9a54732203cfd379e2055c18d018d36e5ebfb0455c90c
SHA512

9047a97c7316d19cd660baaf41e33068dd0a3f3c9fd877ffd0828444deb82cef3f9f1c1c5641a04122154bd7ad98130c9f1a03290e654f607af487c14c6c7112
SSDEEP

12288:xoUtHurASMjkR1NWlJ29QvCRLwEg4ioDfmRdQlSOwVwUeinhnE4vNdoi:xoWurtP1NWlJxCRLrfkdrOwVwUyEdoi

Score

1^/10

Malware Config

Signatures

Files

b9bf7c5249a748b7341a3e065d3fcf60_NEIKI
.exe windows:5 windows x86 arch:x86

6ab9923edef47d0294e2da7b91a7f51e

Code Sign

54:97:1f:f2:38:d2:b8:66:f2:7f:c3:fe:6c:9a:d5:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/07/2011, 00:00

Not After

19/07/2014, 23:59

Subject

CN=Avira Operations GmbH & Co. KG,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Avira Operations GmbH & Co. KG,L=Tettnang,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Bld\22\93\Binaries\Win32\Release\avconfig.pdb

Imports

ccwkrlib

GetComponentFactory

mfc100u

ord293
ord4151
ord11682
ord7871
ord13214
ord1476
ord1720
ord11544
ord1271
ord870
ord2620
ord7914
ord12413
ord1313
ord13305
ord7006
ord3380
ord3846
ord11030
ord923
ord345
ord11031
ord6036
ord13206
ord4360
ord3996
ord2220
ord1302
ord12186
ord7512
ord10081
ord1212
ord788
ord4355
ord7973
ord3985
ord1861
ord12951
ord2136
ord285
ord2629
ord12347
ord3397
ord3261
ord13388
ord11210
ord8264
ord2418
ord12610
ord5558
ord2746
ord1897
ord4359
ord5264
ord4150
ord7624
ord7548
ord11784
ord13854
ord4744
ord2164
ord11476
ord11477
ord13381
ord7108
ord13387
ord8530
ord3684
ord3625
ord11864
ord7126
ord1739
ord14162
ord10976
ord13267
ord11469
ord7179
ord13570
ord13567
ord13572
ord13569
ord13571
ord13568
ord3416
ord5261
ord11228
ord11236
ord6243
ord1645
ord8362
ord2664
ord8390
ord11207
ord2825
ord2251
ord7876
ord1296
ord897
ord6870
ord11999
ord4356
ord374
ord945
ord2184
ord5799
ord919
ord341
ord337
ord6080
ord7967
ord917
ord7929
ord7529
ord11998
ord11516
ord11997
ord6145
ord3428
ord12871
ord5855
ord4478
ord6711
ord11163
ord948
ord381
ord8509
ord4309
ord7391
ord9498
ord11845
ord5118
ord9328
ord8346
ord6140
ord11123
ord8179
ord10412
ord2981
ord2980
ord5556
ord12606
ord2887
ord2884
ord7385
ord2417
ord14146
ord14148
ord14147
ord14145
ord14149
ord14132
ord14059
ord14060
ord8277
ord6843
ord3402
ord10937
ord13380
ord8112
ord6247
ord10045
ord8393
ord2853
ord12724
ord11246
ord11244
ord1501
ord1508
ord1514
ord1512
ord1519
ord4388
ord4425
ord4396
ord4408
ord4404
ord4400
ord4430
ord4421
ord4392
ord4434
ord4413
ord4379
ord4383
ord4416
ord3999
ord14067
ord3992
ord2665
ord13132
ord383
ord13605
ord322
ord13382
ord7109
ord6156
ord2089
ord13168
ord6603
ord6344
ord2900
ord10725
ord12557
ord5276
ord2339
ord11116
ord3491
ord2952
ord2951
ord2852
ord11159
ord4642
ord4923
ord5115
ord8483
ord4901
ord5143
ord4645
ord4794
ord4623
ord6931
ord6932
ord6922
ord4792
ord7393
ord9333
ord8347
ord5828
ord2614
ord11209
ord1962
ord812
ord1229
ord5713
ord3446
ord5862
ord5801
ord6842
ord9525
ord12948
ord8507
ord2185
ord10936
ord4447
ord5585
ord12125
ord10934
ord10933
ord10352
ord9621
ord11206
ord10043
ord10064
ord8181
ord8118
ord10265
ord10199
ord10935
ord6604
ord824
ord1232
ord6318
ord4086
ord1934
ord3643
ord8508
ord9551
ord908
ord2091
ord2045
ord1945
ord323
ord1301
ord6661
ord2078
ord1950
ord1479
ord3627
ord1895
ord6869
ord9447
ord11021
ord890
ord1292
ord2756
ord3413
ord10058
ord1987
ord11940
ord2407
ord13047
ord4805
ord3978
ord267
ord4290
ord4512
ord7524
ord286
ord7913
ord280
ord1310
ord1312
ord902
ord900
ord296
ord265
ord266
ord1298
ord2062
ord2064
ord2068
ord1300
ord11081
ord13133

msvcr100

fgets
clock
strtok_s
wcstombs
strncat
mbstowcs
isupper
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_snwprintf
wcsncpy
_CxxThrowException
__CxxFrameHandler3
sprintf_s
__RTDynamicCast
fwrite
_itow_s
_wasctime_s
fopen_s
wcstombs_s
strcat_s
strncpy_s
strstr
atoi
_strnicmp
_mktime64
strchr
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
_localtime32_s
_localtime64_s
wcspbrk
toupper
_chdrive
_getdrive
iswalnum
iswspace
_vswprintf
wcsncat_s
rand
srand
realloc
_errno
calloc
strtoul
_wsopen
_lseek
_close
_read
_filelength
malloc
swscanf_s
mbstowcs_s
_time64
_snwprintf_s
feof
_wcsicmp
_wtoi
wcschr
wcsstr
wcsncpy_s
_wcsnicmp
_waccess
wcscat_s
_wcsupr_s
fclose
_wfopen_s
_wcsdup
exit
memset
swprintf_s
_wsplitpath_s
wcsncmp
wcsrchr
wcscpy_s
_wgetcwd
wcsnlen
wcscmp
free
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
memmove
memcpy
_purecall
_vscwprintf
vswprintf_s
wmemcpy_s
memmove_s
memcpy_s
wcslen

kernel32

QueryDosDeviceW
GetLogicalDriveStringsW
Process32NextW
Process32FirstW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
InterlockedIncrement
GetFileAttributesW
CreateEventW
GetComputerNameW
SetEvent
OpenEventW
ReleaseMutex
Sleep
WaitForSingleObject
CreateMutexW
SetEndOfFile
ReadFile
GetFileSize
SetFilePointer
CreateFileW
LocalFree
SetLastError
LoadLibraryExW
SetErrorMode
SetCurrentDirectoryW
GetTickCount
GetProcAddress
CloseHandle
GetCurrentProcessId
LoadLibraryW
GetPrivateProfileIntW
GetModuleHandleW
FreeLibrary
GetModuleFileNameW
GetLastError
FormatMessageW
FindResourceExW
FindResourceW
LoadResource
LockResource
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
SizeofResource
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ExpandEnvironmentStringsA
CreateThread
InitializeCriticalSection
InterlockedDecrement
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedExchange
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
InterlockedExchangeAdd
InterlockedCompareExchange
GetLocalTime
GetEnvironmentVariableW
GetDiskFreeSpaceExW
MultiByteToWideChar
GetFullPathNameW
GetPrivateProfileSectionW
GlobalMemoryStatusEx
WideCharToMultiByte
GetFileAttributesExW
GetLocaleInfoW
GetUserDefaultUILanguage
LocalAlloc
GetCurrentProcess
GetSystemInfo
VerSetConditionMask
VerifyVersionInfoW
CreateProcessW
GetExitCodeProcess
LoadLibraryA
DeviceIoControl
WriteFile
WritePrivateProfileStringW
OutputDebugStringW
CreateDirectoryW
GetDriveTypeW
GetWindowsDirectoryW
GetShortPathNameW
FindClose
FindNextFileW
FindFirstFileW
PulseEvent
CopyFileW
GetPrivateProfileStringW
MulDiv
ResetEvent
WaitForMultipleObjects
GetVersionExW
DeleteFileW
OpenProcess
GetSystemDirectoryW

user32

MessageBoxW
GetLastActivePopup
GetActiveWindow
SetForegroundWindow
BringWindowToTop
SendMessageW
GetSystemMenu
EnableWindow
GetWindowRect
DestroyWindow
IsChild
EqualRect
RegisterWindowMessageW
TranslateAcceleratorW
LoadIconW
DrawIconEx
ScreenToClient
FillRect
InflateRect
CopyRect
DestroyIcon
LoadImageW
ReleaseDC
DrawStateW
GetForegroundWindow
LoadStringW
SendInput
SetWindowLongW
OffsetRect
InvalidateRect
RedrawWindow
PtInRect
GetDlgCtrlID
GetParent
DrawIcon
GetSystemMetrics
IsIconic
GetClientRect
FindWindowW
SystemParametersInfoW
PostMessageW
GetDC
GetKeyState

gdi32

CreateFontIndirectW
CreatePatternBrush
GetTextExtentPoint32W
SetPixel
GetPixel
RoundRect
CreatePen
GetObjectW
StretchBlt
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
CreateSolidBrush
BitBlt
GetDeviceCaps
SelectObject
GetLayout

advapi32

ImpersonateLoggedOnUser
SetThreadToken
GetTokenInformation
LookupAccountSidW
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyW
RegSetValueExW
GetNamedSecurityInfoW
GetAclInformation
GetAce
EqualSid
SetNamedSecurityInfoW
AddAce
DuplicateTokenEx
AllocateAndInitializeSid
InitializeAcl
RevertToSelf
FreeSid
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidLengthRequired
RegCreateKeyExW
GetSidSubAuthority
CopySid
GetLengthSid
IsValidSid
GetUserNameW
RegOpenKeyExW
RegDeleteValueW
InitializeSid
RegQueryValueExW
RegCloseKey

shell32

ord680
ShellExecuteExW
SHGetSpecialFolderPathW
SHAppBarMessage

comctl32

_TrackMouseEvent
ord17

shlwapi

ord176
PathIsDirectoryW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit
SysStringLen

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Wcscoll
_Wcsxfrm
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?_Xmem@tr1@std@@YAXXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@UAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z

gdiplus

GdipCloneImage
GdipCloneBitmapAreaI
GdipDrawImageRectI
GdipDrawImageRect
GdipSetPixelOffsetMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

netapi32

DsEnumerateDomainTrustsW
NetWkstaGetInfo
NetApiBufferFree
NetServerEnum

activeds

ord3

wininet

InternetGetConnectedState
InternetCanonicalizeUrlW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ab9923edef47d0294e2da7b91a7f51e

Code Sign

54:97:1f:f2:38:d2:b8:66:f2:7f:c3:fe:6c:9a:d5:77Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ccwkrlib

mfc100u

msvcr100

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp100

gdiplus

netapi32

activeds

wininet

version

Sections

.text Size: 254KB - Virtual size: 254KB

.rdata Size: 90KB - Virtual size: 90KB

.data Size: 10KB - Virtual size: 17KB

.rsrc Size: 350KB - Virtual size: 349KB

.reloc Size: 40KB - Virtual size: 39KB

54:97:1f:f2:38:d2:b8:66:f2:7f:c3:fe:6c:9a:d5:77
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 254KB - Virtual size: 254KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 350KB - Virtual size: 349KB

.reloc
Size: 40KB - Virtual size: 39KB