deee153f7f9c56d7c9fd366854ec5210_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

deee153f7f9c56d7c9fd366854ec5210_NEIKI
Size

620KB
MD5

deee153f7f9c56d7c9fd366854ec5210
SHA1

f197b76e4700f0e0e90d3ffe2cb39472db4e2f70
SHA256

be186d9d0eeb2d5c8fdf80f349da05c03839ae2754bdd3e20fcd97f66f329fa1
SHA512

d87f814144e9dc76ffc8c6705b467c848d8b29a3f6616636d4afa0b38bf554e4d5530fbcbdffc3cb3295c3d9f76a2a0a9fec6d8858c846eabc79a20a5cb31322
SSDEEP

6144:s71TCq8qrEvaQDlU9x95Kys+Kr/xmJDJZvuDlvVntABlr7CtKycsNjd3ScD3f9Y:sJKqrEva2C9/GKycsNjd3Nf9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
deee153f7f9c56d7c9fd366854ec5210_NEIKI

Files

deee153f7f9c56d7c9fd366854ec5210_NEIKI
.exe windows:4 windows x86 arch:x86

1838baf549abc662b4eaf0de00f0306b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringBindingComposeA
RpcBindingFree
RpcStringFreeA
NdrFreeBuffer
NdrConvert
NdrSendReceive
NdrGetBuffer
NdrClientInitializeNew
NdrSimpleStructUnmarshall
NdrSimpleStructMarshall
NdrSimpleStructBufferSize
RpcRaiseException
NdrPointerUnmarshall
NdrFixedArrayMarshall
NdrFixedArrayUnmarshall
RpcBindingFromStringBindingA

rsguilib

?RemoveCtrl@CGScrollBarMgr@@SAXPAUHWND__@@@Z
?RebuiltMemDC@CGDialog@@QAEHPAVCDC@@@Z
?OnInitDialog@CGDialog@@MAEHXZ
?OnSize@CGDialog@@IAEXIHH@Z
?OnMouseMove@CGDialog@@QAEXIVCPoint@@@Z
?SubclassControl@CRsGuiLibMgr@@SAHPAVCWnd@@@Z
?ChangeControlLayout@CRsGuiLibMgr@@SAHPAUHWND__@@@Z
?AdjustDialogSize@CGDialog@@QAEHH@Z
?messageMap@CGDialog@@1UAFX_MSGMAP@@B
?DoDataExchange@CGDialog@@MAEXPAVCDataExchange@@@Z
??0CGDialog@@QAE@IPAVCWnd@@@Z
?DrawMenuItem@CGMenu@@SAXPAUtagDRAWITEMSTRUCT@@@Z
?MeasureMenuItem@CGMenu@@SAXPAVCDC@@PAUtagMEASUREITEMSTRUCT@@@Z
?InitMenu@CGMenu@@QAEXXZ
?SetIconIndex@CGMenu@@QAEXIHH@Z
?SetMenuString@CGMenu@@QAEXIVCString@@H@Z
??0CGMenu@@QAE@XZ
?CleanMenu@CGMenu@@QAEXXZ
?UnsubclassControl@CRsGuiLibMgr@@SAHPAVCWnd@@@Z
??1CGMenu@@UAE@XZ
?ChangeCustomDraw@CRsGuiLibMgr@@SAHPBDH@Z
?ChangeCustomDraw@CRsGuiLibMgr@@SAHHH@Z
?OnChanged@CGDialog@@UAEJHI@Z
?DrawSizingBorder@CGDialog@@MAEHH@Z
?_GetDraw@CGDialog@@UAEPAUIGControlDraw@@H@Z
?WindowProc@CGDialog@@MAEJIIJ@Z
??1CGDialog@@UAE@XZ
?ChangeControlSize@CRsGuiLibMgr@@SAHPAUHWND__@@@Z
?ChangeControlCustomDraw@CRsGuiLibMgr@@SAHPAUHWND__@@PBD@Z
??1CGStatic@@UAE@XZ
??0CGListCtrl@@QAE@XZ
??0CGStatic@@QAE@XZ
??1CGListCtrl@@UAE@XZ
?AddCtrl@CGScrollBarMgr@@SAXPAUHWND__@@@Z
?OnDestroy@CGDialog@@IAEXXZ

bwlist

??0bwlist_window@@QAE@XZ
?sense_case@text_field_desc@@QAEX_N@Z
??0bwlist_desc@@QAE@PBDABW4LIST_TYPE@@IIII@Z
??0file_field_desc@@QAE@XZ
?set_title_id@basic_field_desc@@QAEXI@Z
?integrant@basic_field_desc@@QAEX_N@Z
?append_field_desc@bwlist_desc@@QAEXABVbasic_field_desc@@@Z
?add_window@bwlist_window@@QAEIPBDPBVbwlist_desc@@PAPAVrecord_iterator@@PAVvalid_check@@IP6A_NABVbasic_field_desc@@AAI@Z@Z
??0dir_field_desc@@QAE@XZ
??0text_field_desc@@QAE@XZ
??0boolean_field_desc@@QAE@XZ
?default_value@boolean_field_desc@@QAEX_N@Z
?show_windows@bwlist_window@@QAEXPBD@Z
??1boolean_field_desc@@UAE@XZ
??1text_field_desc@@UAE@XZ
??1dir_field_desc@@UAE@XZ
??1bwlist_desc@@UAE@XZ
??1file_field_desc@@UAE@XZ
??1bwlist_window@@QAE@XZ
?get_field@bwlist_record@@QBEABVbasic_field_type@@I@Z
??0bwlist_record@@QAE@_N@Z
??8@YA_NABVbwlist_record@@0@Z
?get_title_id@basic_field_desc@@QBEIXZ
??1bwlist_record@@QAE@XZ

mfc42

ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord6743
ord6515
ord567
ord4853
ord2302
ord4224
ord3097
ord5953
ord3092
ord6907
ord3998
ord3996
ord2124
ord3302
ord2645
ord2370
ord6334
ord6197
ord6379
ord1168
ord2642
ord4129
ord6199
ord5683
ord537
ord2301
ord3663
ord6380
ord2379
ord6377
ord5440
ord6383
ord5450
ord6394
ord2582
ord4402
ord3370
ord3640
ord693
ord384
ord686
ord3571
ord3626
ord2414
ord2862
ord2096
ord1641
ord1146
ord6905
ord6007
ord3286
ord6311
ord4171
ord941
ord5572
ord2915
ord1768
ord6283
ord6282
ord6930
ord6928
ord2763
ord4243
ord6762
ord4133
ord4297
ord2754
ord5788
ord472
ord2859
ord3293
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord641
ord2621
ord1134
ord2764
ord4202
ord2725
ord924
ord539
ord1576
ord4234
ord2086
ord4710
ord755
ord470
ord6453
ord2455
ord1644
ord6270
ord2438
ord2863
ord926
ord4538
ord536
ord940
ord939
ord6663
ord2864
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord4376
ord5265
ord5710
ord1175
ord823
ord858
ord860
ord2818
ord825
ord540
ord800
ord6215
ord324

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbschr
realloc
_ftol
_vsnprintf
fwrite
_beginthread
_stricmp
atoi
strstr
fopen
fclose
time
_beginthreadex
strrchr
memmove
_itoa
malloc
free
_snprintf
strncpy
_except_handler3
_mbscmp
_mbsrchr
sprintf
_mbsinc
_mbsnbcpy
_mbsupr
_mbsstr
_mbsnbcat
__CxxFrameHandler
_setmbcp
_strupr

kernel32

GetCurrentDirectoryA
GetCurrentThreadId
SetEndOfFile
lstrcpyA
GetFileSize
VirtualQuery
GetStartupInfoA
GetTickCount
GetLocalTime
CopyFileA
WriteFile
SetFilePointer
lstrcmpiA
CreateThread
ResumeThread
ReadFile
SetProcessWorkingSetSize
WideCharToMultiByte
LoadLibraryA
GetProcAddress
FreeLibrary
WinExec
CloseHandle
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ResetEvent
CreateFileA
GetVersion
FindClose
CreateDirectoryA
DeleteFileA
FindFirstFileA
GetLastError
CreateProcessA
InterlockedExchange
GetCurrentProcessId
lstrlenA
GetPrivateProfileStringA
SetEvent
CreateEventA
GetCommandLineA
GetCurrentProcess
GetModuleHandleA
Sleep
GetTempPathA
GetVersionExA
GetPrivateProfileIntA
TerminateThread
WaitForSingleObject
WaitForMultipleObjects
IsBadWritePtr
OpenEventA
LocalFree
FormatMessageA
GetWindowsDirectoryA
OpenMutexA
WritePrivateProfileSectionA
GetFileAttributesA
WritePrivateProfileStringA
GetModuleFileNameA

user32

LoadStringA
WaitForInputIdle
OpenDesktopA
GetDC
wsprintfA
MessageBoxA
ReleaseDC
GetCursorPos
LoadMenuA
GetSubMenu
EnableMenuItem
SendDlgItemMessageA
GetMenuItemInfoA
SetMenuItemInfoA
DeleteMenu
LoadImageA
IsWindow
IsIconic
DrawIcon
FindWindowA
RegisterWindowMessageA
TranslateMessage
DispatchMessageA
LoadIconA
GetSysColorBrush
GetSysColor
InvalidateRect
LoadBitmapA
GetClientRect
GetSystemMetrics
IsWindowVisible
RedrawWindow
GetDesktopWindow
OpenInputDesktop
SetForegroundWindow
CloseDesktop
KillTimer
SetTimer
SystemParametersInfoA
GetWindowRect
DestroyIcon
PostMessageA
EnableWindow
SendMessageA
GetMessageA

gdi32

CreateRectRgn
CombineRgn
DeleteObject
FillRgn
Rectangle

advapi32

RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
ChangeServiceConfigA

shell32

SHFileOperationA
ExtractIconExA
ShellExecuteA
Shell_NotifyIconA

comctl32

ImageList_AddMasked
ImageList_SetBkColor

wsock32

ioctlsocket
ntohl
gethostbyname
gethostbyaddr
inet_addr

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 472KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1838baf549abc662b4eaf0de00f0306b

Headers

File Characteristics

Imports

rpcrt4

rsguilib

bwlist

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

wsock32

version

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 472KB - Virtual size: 472KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 472KB - Virtual size: 472KB