cdb6087615d983e9641a374593a565f0_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

cdb6087615d983e9641a374593a565f0_NEIKI
Size

184KB
MD5

cdb6087615d983e9641a374593a565f0
SHA1

7da5855a634c0b7362bdee9652b60190799d388b
SHA256

f4296eddafe362fceb5518028ed913db102f803c8aefd6898841f964c0250c71
SHA512

19036af402fd66f6cb67b6f496b6d638b8fd598909e5955a4165e7619160c9052b1e143a1a4b80edfa570963710bb024bcce8d67b0454eed966517fe145d3de0
SSDEEP

3072:cWzW0yLogX2F7FRB80Uuji2+4KNxN8nqSI2Kl0iIgkKU:g9LogXQrbUujZK7N8nqtU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdb6087615d983e9641a374593a565f0_NEIKI

Files

cdb6087615d983e9641a374593a565f0_NEIKI
.dll windows:4 windows x86 arch:x86

1828363c4f18a3d6d0a77ba3cf41852a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

bnclient

?Name@BNGatewayAccess@@QAGPADH@Z
?SetCurGateway@BNGatewayAccess@@QAGXH@Z
?Realm@BNGatewayAccess@@QAGPADH@Z

d2gfx

ord10034

d2lang

?strcat@Unicode@@SIPAU1@PAU1@PBU1@@Z
ord10004
?strncpy@Unicode@@SIPAU1@PAU1@PBU1@H@Z
?win2Unicode@Unicode@@SIPAU1@PAU1@PBDH@Z
??_FUnicode@@QAEXXZ
?toUtf@Unicode@@SIPADPADPBU1@H@Z
?toUnicode@Unicode@@SIPAU1@PAU1@PBDH@Z
?strcpy@Unicode@@SIPAU1@PAU1@PBU1@@Z
?unicode2Win@Unicode@@SIPADPADPBU1@H@Z
?strcmp@Unicode@@SIHPBU1@0@Z
?sprintf@Unicode@@SAXHPAU1@PBU1@ZZ
?isLineBreak@Unicode@@SIHPBU1@I@Z
?strlen@Unicode@@SIHPBU1@@Z
ord10006
ord10001
ord10000
ord10007
?_toUpperTable@Unicode@@0PAGA

d2mcpclient

ord10028
ord10008
ord10001
ord10046
ord10056
ord10058
ord10057
ord10003
ord10002
ord10029
ord10030
ord10031
ord10032
ord10033
ord10060
ord10061
ord10021
ord10062
ord10009
ord10055
ord10000

d2net

ord10000
ord10008
ord10025
ord10001

d2sound

ord10029
ord10034
ord10069
ord10042
ord10039
ord10037
ord10040
ord10038
ord10036
ord10027
ord10031

d2win

ord10055
ord10121
ord10009
ord10002
ord10008
ord10051
ord10030
ord10033
ord10045
ord10047
ord10025
ord10142
ord10046
ord10027
ord10048
ord10050
ord10062
ord10044
ord10087
ord10161
ord10156
ord10153
ord10152
ord10143
ord10151
ord10149
ord10158
ord10144
ord10192
ord10193
ord10188
ord10182
ord10180
ord10191
ord10195
ord10194
ord10189
ord10112
ord10007
ord10028
ord10017
ord10018
ord10029
ord10088
ord10090
ord10089
ord10185
ord10080
ord10012
ord10076
ord10072
ord10073
ord10081
ord10031
ord10053
ord10127
ord10105
ord10054
ord10035
ord10024
ord10077
ord10110
ord10104
ord10106
ord10016
ord10010
ord10004
ord10003
ord10005
ord10011
ord10038
ord10015
ord10039
ord10041
ord10171
ord10186
ord10172
ord10173
ord10049
ord10082
ord10125

fog

ord10023
ord10029
ord10227
ord10043
gdwBitMasks
gdwInvBitMasks
ord10115
ord10085
ord10042
ord10013
ord10108
ord10109
ord10110
ord10107
ord10191
ord10103
ord10104
ord10105
ord10102
ord10015
ord10086
ord10111
ord10229
ord10114
ord10112

storm

ord403
ord268
ord253
ord423
ord503
ord578
ord422
ord491
ord509
ord501
ord425
ord502
ord401
ord426

kernel32

GetCurrentThreadId
HeapFree
LCMapStringW
LCMapStringA
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
CreateFileA
FlushFileBuffers
SetStdHandle
GetProcAddress
GetLastError
LoadLibraryA
TerminateProcess
GetCurrentProcess
OutputDebugStringA
WaitForSingleObject
GetTickCount
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
GetDiskFreeSpaceA
Sleep
DeleteFileA
GetFileAttributesA
SetEnvironmentVariableA
CompareStringW
CompareStringA
ExitProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetEnvironmentStrings
CloseHandle
ReadFile
GetModuleHandleA
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
SetFilePointer
GetEnvironmentStringsW
InterlockedDecrement
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
GetStringTypeA
InterlockedIncrement
HeapAlloc
MultiByteToWideChar
HeapReAlloc
GetStringTypeW
VirtualAlloc

user32

GetCursorPos
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA

Exports

Exports

QueryInterface

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1828363c4f18a3d6d0a77ba3cf41852a

Headers

File Characteristics

Imports

bnclient

d2gfx

d2lang

d2mcpclient

d2net

d2sound

d2win

fog

storm

kernel32

user32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 32KB - Virtual size: 219KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 32KB - Virtual size: 219KB

.reloc
Size: 20KB - Virtual size: 16KB