e94807ae438bdeefc31cf88fdf29a880_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

e94807ae438bdeefc31cf88fdf29a880_NEIKI
Size

212KB
MD5

e94807ae438bdeefc31cf88fdf29a880
SHA1

c3242aaa77728e07eecce378e7675077822e28ae
SHA256

c0aaabac5a17261d9d728c981e5289c8736628849a06e10968987376e52b6ddc
SHA512

ac97ec2a458d80ec026bcafb9b06b433a2002a237246bc1c44085839703c07324b20d600910337440c70e7601dd9f5af264e365ab86df5cd45184177b1d9fe58
SSDEEP

3072:LXi+1IfIwFs7ZbxrAerbWu7s3BLbOyYkW8/1HSG9VRfqXlzcM8tKog8vCa30+Z:LXMwwW7Z1rAeXT8bOcdHd9yrpoBv8+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e94807ae438bdeefc31cf88fdf29a880_NEIKI

Files

e94807ae438bdeefc31cf88fdf29a880_NEIKI
.exe windows:4 windows x86 arch:x86

398b036aefb0145ed1ec7104382f5198

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationA
CreateNamedPipeA
GetModuleHandleA
QueryPerformanceCounter
CreateThread
EnumTimeFormatsA
SetCurrentDirectoryW
FindAtomW
GetFullPathNameA
CreateEventA
ExpandEnvironmentStringsA
EnumDateFormatsA
GetProcAddress
SetEvent
FindResourceW
GetStringTypeW
IsBadWritePtr
GlobalDeleteAtom
MultiByteToWideChar
ConnectNamedPipe
GetMailslotInfo
GetPriorityClass
FindAtomA
GetShortPathNameW
WinExec
lstrcmpA
IsBadStringPtrW
lstrcatA
GetVersionExA
GetLogicalDrives
GetExitCodeThread
WaitForMultipleObjects
lstrcmpW
lstrcmpiA
CreateMailslotA
GetFileTime
GetExitCodeProcess

user32

wvsprintfW
SetForegroundWindow
CascadeWindows
EnumWindows
SetDlgItemTextA
SetWindowLongA
SendMessageW
EnumDesktopsW
CharLowerW
UpdateLayeredWindow
wsprintfW
DialogBoxIndirectParamW
OpenClipboard
SetWindowPos
GetClassNameA
GetClassInfoExW
CheckMenuRadioItem
DestroyMenu
LoadImageA
GetMenuInfo
CheckRadioButton
GetMenuItemRect
LoadMenuA
EnumChildWindows
GetMenuItemInfoW
AppendMenuA
CreateAcceleratorTableA
LoadImageW
GetDCEx
DestroyCursor
IsIconic
UpdateWindow
GetTopWindow

gdi32

SelectClipRgn
CreateRoundRectRgn
SetMapMode
StretchDIBits
SetWindowExtEx
GetNearestPaletteIndex
SetTextJustification
GetPixel
GetEnhMetaFilePaletteEntries
SetArcDirection
OffsetWindowOrgEx
GetLogColorSpaceW
RestoreDC
InvertRgn
PlayEnhMetaFile

advapi32

RegCreateKeyExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteValueW

shlwapi

UrlCanonicalizeW
StrPBrkA
SHRegDeleteEmptyUSKeyA
ColorHLSToRGB
UrlIsW
StrSpnA
SHRegWriteUSValueW

setupapi

SetupDiSetClassInstallParamsA
CMP_GetServerSideDeviceInstallFlags
CM_Set_HW_Prof_FlagsW
SetupDiInstallDriverFiles
SetupDiCreateDeviceInterfaceW

oledlg

OleUIChangeIconA
OleUIObjectPropertiesA
OleUIBusyW
OleUIPasteSpecialA
OleUIPromptUserW
OleUIPromptUserA
OleUIPasteSpecialW
OleUIChangeSourceA
OleUIUpdateLinksA

crypt32

CryptCreateKeyIdentifierFromCSP
CertFindCertificateInStore
CryptMemFree
CertCompareCertificateName
CertGetValidUsages
CertFreeCRLContext
CryptDecryptAndVerifyMessageSignature
CryptFindOIDInfo
CertEnumCRLsInStore
CertVerifyCertificateChainPolicy
CryptMsgCountersignEncoded
CryptEncodeObject
I_CertSrvProtectFunction
I_CryptFlushLruCache
CertDuplicateCertificateContext

Sections

.PHTPjq
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.M
Size: 512B - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XeM
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pL
Size: 2KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ire
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DtwwV
Size: 2KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K
Size: 4KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rZUbM
Size: 3KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NT
Size: 1024B - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

398b036aefb0145ed1ec7104382f5198

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

setupapi

oledlg

crypt32

Sections

.PHTPjq Size: 3KB - Virtual size: 3KB

.M Size: 512B - Virtual size: 237KB

.XeM Size: 8KB - Virtual size: 8KB

.pL Size: 2KB - Virtual size: 486KB

.Ire Size: 4KB - Virtual size: 5KB

.DtwwV Size: 2KB - Virtual size: 242KB

.K Size: 4KB - Virtual size: 116KB

.rZUbM Size: 3KB - Virtual size: 276KB

.data Size: 105KB - Virtual size: 169KB

.NT Size: 1024B - Virtual size: 403KB

.rsrc Size: 74KB - Virtual size: 74KB

.reloc Size: 1024B - Virtual size: 616B

.PHTPjq
Size: 3KB - Virtual size: 3KB

.M
Size: 512B - Virtual size: 237KB

.XeM
Size: 8KB - Virtual size: 8KB

.pL
Size: 2KB - Virtual size: 486KB

.Ire
Size: 4KB - Virtual size: 5KB

.DtwwV
Size: 2KB - Virtual size: 242KB

.K
Size: 4KB - Virtual size: 116KB

.rZUbM
Size: 3KB - Virtual size: 276KB

.data
Size: 105KB - Virtual size: 169KB

.NT
Size: 1024B - Virtual size: 403KB

.rsrc
Size: 74KB - Virtual size: 74KB

.reloc
Size: 1024B - Virtual size: 616B