d2f4c2ebe240da4cec1f9d29a7af6830_NEIKI

General

Target

d2f4c2ebe240da4cec1f9d29a7af6830_NEIKI
Size

80KB
MD5

d2f4c2ebe240da4cec1f9d29a7af6830
SHA1

d946c955bdcdec1653ffb987a730cfa43435f9eb
SHA256

0bc1ed167b8625a1497f50e886a8ecb214dae4b8b71e2eeb02d77a8cb23cdd1b
SHA512

7f38c4e4f3595efc950fc18f7b60a98ffd8b3cb40f9de291b2a9b2b6fb17baddfbd81bd033b87a0cfeb57ffd62c58ac92427601bc193b5f03d293583def1fff0
SSDEEP

1536:SOGFtYlZfGk57wSlBuBave5qabBtW8UwQvgILb:6Ft25Gke2sM253tKXL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2f4c2ebe240da4cec1f9d29a7af6830_NEIKI

Files

d2f4c2ebe240da4cec1f9d29a7af6830_NEIKI
.exe windows:4 windows x64 arch:x64

838b07afb347fb5483da56aa9f17c605

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapSetInformation
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
FindFirstFileA
GetTempFileNameA
GetTempPathA
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EnterCriticalSection
LeaveCriticalSection
MoveFileA
DeleteFileA
HeapFree
HeapAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
DuplicateHandle
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
WriteFile
RtlUnwindEx
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
Sleep
CloseHandle
FlushFileBuffers
GetFullPathNameA
HeapCreate
ReadFile
SetStdHandle
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
GetACP
GetOEMCP
GetCPInfo
CreateFileA
InitializeCriticalSection
HeapReAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LoadLibraryA
SetEndOfFile
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

838b07afb347fb5483da56aa9f17c605

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 1.0MB

.pdata Size: 4KB - Virtual size: 3KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 1.0MB

.pdata
Size: 4KB - Virtual size: 3KB