bdf2f0aecdf8c95ef32ebc68cb293080_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

bdf2f0aecdf8c95ef32ebc68cb293080_NEIKI
Size

1.7MB
MD5

bdf2f0aecdf8c95ef32ebc68cb293080
SHA1

3cb551570e84248732f81b6ae80761b337d998dd
SHA256

8c87ee757c936b1347b4e4494425272b83dc322c22dbc15bb3c0ac9976f73138
SHA512

941c60a447fc75fb3aea9bcff2987e7d5cd1dfe6c929937badd9dd6a2927c09e1e7534f35da8ae229f124bc531344731ea2163afa57d09ac5392ec6533158d5b
SSDEEP

49152:WbfSexItWBK+KWkjklYQBnESyr5UKd4ptDjg:1SQ+KWjE1hdgxE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdf2f0aecdf8c95ef32ebc68cb293080_NEIKI

Files

bdf2f0aecdf8c95ef32ebc68cb293080_NEIKI
.dll windows:6 windows x64 arch:x64

c3a6e0fe14a478dab31b601b19326f9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Work\cryptlib\binaries64_vs10\cl64.pdb

Imports

kernel32

CreateFileA
GetCurrentThread
DeleteFileA
CloseHandle
GetWindowsDirectoryA
SetFileAttributesA
GetFileSize
VerSetConditionMask
VerifyVersionInfoW
GetFileType
CreateDirectoryA
FlushFileBuffers
GlobalFree
Sleep
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
VirtualUnlock
VirtualLock
WaitForSingleObject
DisableThreadLibraryCalls
GetSystemDirectoryA
LoadLibraryA
GetSystemInfo
GetFileAttributesA
DeviceIoControl
UnmapViewOfFile
GetModuleHandleA
GetStartupInfoA
GetCurrentProcessId
GetProcessHeap
GlobalMemoryStatusEx
OpenFileMappingA
GetThreadTimes
MapViewOfFile
GetTickCount
GetProcessTimes
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLastError
SetEndOfFile
GetFullPathNameA
SetFilePointer
SetErrorMode
SetFileTime
GetDriveTypeA
WriteFile
GetCurrentProcess
ReadFile
FormatMessageA
FreeLibrary
GetProcAddress
IsBadReadPtr
GetProcessWorkingSetSize
IsBadWritePtr

user32

GetMessagePos
GetFocus
GetClipboardViewer
GetGUIThreadInfo
GetCursorPos
GetProcessWindowStation
GetDesktopWindow
GetMessageTime
GetInputState
GetCapture
GetActiveWindow
GetOpenClipboardWindow
GetClipboardOwner
GetCaretPos

advapi32

SetSecurityDescriptorOwner
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
EqualSid
GetSidSubAuthority
InitializeSid
LookupAccountSidA
OpenProcessToken
OpenThreadToken
GetTokenInformation
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetSecurityDescriptorDacl

netapi32

NetApiBufferFree
NetStatisticsGet
NetApiBufferSize

ws2_32

select
__WSAFDIsSet
send
recv
recvfrom
sendto
accept
closesocket
shutdown
getnameinfo
freeaddrinfo
listen
getaddrinfo
ioctlsocket
socket
WSAStartup
WSACleanup
WSAGetLastError
setsockopt
bind
getsockopt
connect

vcruntime140

memcmp
memcpy
memset
__std_type_info_destroy_list
__C_specific_handler
memmove

api-ms-win-crt-heap-l1-1-0

malloc
free
realloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

toupper
isprint
isxdigit
tolower
_stricmp
isalpha
strncat_s
isalnum
strncpy_s
_strnicmp
isdigit

api-ms-win-crt-convert-l1-1-0

mbstowcs_s
wcstombs_s
mbtowc

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s
_mktime64

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_endthreadex
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_beginthreadex
_configure_narrow_argv

Exports

Exports

cryptAddCertExtension
cryptAddPrivateKey
cryptAddPublicKey
cryptAddRandom
cryptCAAddItem
cryptCACertManagement
cryptCADeleteItem
cryptCAGetItem
cryptCheckCert
cryptCheckSignature
cryptCheckSignatureEx
cryptCreateCert
cryptCreateContext
cryptCreateEnvelope
cryptCreateSession
cryptCreateSignature
cryptCreateSignatureEx
cryptDecrypt
cryptDeleteAttribute
cryptDeleteCertExtension
cryptDeleteKey
cryptDestroyCert
cryptDestroyContext
cryptDestroyEnvelope
cryptDestroyObject
cryptDestroySession
cryptDeviceClose
cryptDeviceCreateContext
cryptDeviceOpen
cryptDeviceQueryCapability
cryptEncrypt
cryptEnd
cryptExportCert
cryptExportKey
cryptExportKeyEx
cryptFlushData
cryptGenerateKey
cryptGetAttribute
cryptGetAttributeString
cryptGetCertExtension
cryptGetKey
cryptGetPrivateKey
cryptGetPublicKey
cryptImportCert
cryptImportKey
cryptImportKeyEx
cryptInit
cryptKeysetClose
cryptKeysetOpen
cryptLogin
cryptLogout
cryptPopData
cryptPushData
cryptQueryCapability
cryptQueryObject
cryptSetAttribute
cryptSetAttributeString
cryptSignCert

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3a6e0fe14a478dab31b601b19326f9f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

netapi32

ws2_32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 354KB - Virtual size: 353KB

.data Size: 10KB - Virtual size: 142KB

.pdata Size: 75KB - Virtual size: 74KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 354KB - Virtual size: 353KB

.data
Size: 10KB - Virtual size: 142KB

.pdata
Size: 75KB - Virtual size: 74KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB