e98812e8fef5df4888b7793ccbbdff90_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

e98812e8fef5df4888b7793ccbbdff90_NEIKI
Size

119KB
MD5

e98812e8fef5df4888b7793ccbbdff90
SHA1

256676d3adcd56c86a4e451312a3bf458d9648eb
SHA256

3c152058e1971d5f38a3e14a9078faa1883c3d99860872afbf8f27a72b3b9784
SHA512

bf586ca24aeeeb28eae9809bbe96c5a18aa4f7b5e75a18d7354f52cf860066ef1b7ef45eadd747e0992aaf0386427ae7a64e94b2b5d53731a6f4b01a58143489
SSDEEP

3072:YIZqcaYuTkjrBH72rictHJ4wO9caMFHt1BWg9RkkBz:jAtJictJRZUmR/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e98812e8fef5df4888b7793ccbbdff90_NEIKI

Files

e98812e8fef5df4888b7793ccbbdff90_NEIKI
.dll windows:6 windows x64 arch:x64

1c4bcbe49b9fdcc156614c006abaa522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

UnrealServer-PlayTimeLimit.pdb

Imports

unrealserver-onlinesubsystem

?Get@IOnlineSubsystem@@SAPEAV1@AEBVFName@@@Z

unrealserver-core

?FromValidEName@FNameEntryId@@CA?AU1@W4EName@@@Z
??0FName@@QEAA@PEB_WW4EFindName@@@Z
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
?Command@FParse@@SA_NPEAPEB_WPEB_W_N@Z
?Value@FParse@@SA_NPEB_W0AEAVFString@@_N@Z
?Token@FParse@@SA?AVFString@@AEAPEB_W_N@Z
??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
??1FLogCategoryBase@@QEAA@XZ
?BasicLog@Private@Logging@UE@@YAXAEBUFLogCategoryBase@@PEBUFStaticBasicLogRecord@123@ZZ
?GenerateNewID@FDelegateHandle@@CA_KXZ
?PrettyTime@FGenericPlatformTime@@SA?AVFString@@N@Z
?GetSecondsPerCycle@FGenericPlatformTime@@SANXZ
??0FMemScope@@QEAA@W4ELLMTag@@_N@Z
??1FMemScope@@QEAA@XZ
??0FLLMScope@@QEAA@W4ELLMTag@@_NW4ELLMTagSet@@W4ELLMTracker@@1@Z
?Destruct@FLLMScope@@IEAAXXZ
?Get@FThreadStatsPool@@SAAEAU1@XZ
?GetFromPool@FThreadStatsPool@@QEAAPEAVFThreadStats@@XZ
?Flush@FThreadStats@@QEAAX_N0@Z
?Empty@FString@@QEAAXXZ
?DoSetup@FThreadSafeStaticStatBase@@IEBAPEBUTStatIdData@@PEBDPEB_W001_N2W4Type@EStatDataType@@22W4EMemoryCounterRegion@FWindowsPlatformMemory@@@Z
?GetCoreTicker@FTSTicker@@SAAEAV1@XZ
?AddTicker@FTSTicker@@QEAA?AV?$TWeakPtr@UFElement@FTSTicker@@$00@@AEBV?$TDelegate@$$A6A_NM@ZUFDefaultDelegateUserPolicy@@@@M@Z
?RemoveTicker@FTSTicker@@SAXV?$TWeakPtr@UFElement@FTSTicker@@$00@@@Z
??0FSelfRegisteringExec@@QEAA@XZ
??1FSelfRegisteringExec@@UEAA@XZ
?GetBool@FConfigCacheIni@@QEAA_NPEB_W0AEA_NAEBVFString@@@Z
?Get@IModularFeatures@@SAAEAV1@XZ
?Exec_Editor@FExec@@MEAA_NPEAVUWorld@@PEB_WAEAVFOutputDevice@@@Z
?Exec_Dev@FExec@@MEAA_NPEAVUWorld@@PEB_WAEAVFOutputDevice@@@Z
?CpuChannel@@3AEAVFChannel@Trace@UE@@EA
?GIgnoreDebugger@@3_NA
?GConfig@@3PEAVFConfigCacheIni@@EA
?GEngineIni@@3VFString@@A
?GCycleStatsShouldEmitNamedEvents@@3HA
?GShouldEmitVerboseNamedEvents@@3_NA
?TlsSlot@FThreadStats@@0IA
?bPrimaryEnable@FThreadStats@@0_NA
?bPrimaryDisableForever@FThreadStats@@0_NA
?bIsRawStatsActive@FThreadStats@@0_NA
??4FString@@QEAAAEAV0@PEB_W@Z
??0FString@@QEAA@PEB_W@Z
??4FString@@QEAAAEAV0@AEBV0@@Z
??1FString@@QEAA@XZ
??4FString@@QEAAAEAV0@$$QEAV0@@Z
??0FString@@QEAA@AEBV0@@Z
??0FString@@QEAA@XZ
?OnInvalidArrayNum@UE4Array_Private@@YAXPEB_W_K@Z
?FromCStringWide@FToBoolHelper@@SA_NPEB_W@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
?Free@FMemory@@SAXPEAX@Z
?Realloc@FMemory@@SAPEAXPEAX_KI@Z
?Malloc@FMemory@@SAPEAX_KI@Z
?OptionallyLogFormattedEnsureMessageReturningFalseImpl@FDebug@@CA_N_NPEBD1HPEAXPEB_WZZ
?CheckVerifyFailedImpl@FDebug@@SAXPEBD0HPEAXPEB_WZZ
?OutputEndEvent@FCpuProfilerTrace@@SAXXZ
?OutputBeginDynamicEvent@FCpuProfilerTrace@@SAXPEBD0I@Z
?PromptForRemoteDebugging@FWindowsPlatformMisc@@SAX_N@Z
?EndNamedEvent@FWindowsPlatformMisc@@SAXXZ
?BeginNamedEvent@FWindowsPlatformMisc@@SAXAEBUFColor@@PEBD@Z
?IsDebuggerPresent@FWindowsPlatformMisc@@SA_NXZ
?IsEnsureAllowed@FGenericPlatformMisc@@SA_NXZ
?HandleAtomicsFailure@FWindowsPlatformAtomics@@KAXPEB_WZZ
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPath@Private@CoreUObject@UE@@EA
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?FlushRawStats@FThreadStats@@QEAAX_N0@Z

kernel32

InitializeSListHead
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue
QueryPerformanceCounter
GetSystemTimeAsFileTime
CloseHandle

vcruntime140

__std_type_info_destroy_list
_purecall
memcpy
memset
__current_exception_context
__C_specific_handler
__current_exception

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-convert-l1-1-0

_wtof
_wtoi

api-ms-win-crt-math-l1-1-0

logf

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_initterm
terminate
_seh_filter_dll
_initterm_e

Exports

Exports

??0?$TSharedFromThis@VFPlayTimeLimitUser@@$00@@IEAA@AEBV0@@Z
??0?$TSharedFromThis@VFPlayTimeLimitUser@@$00@@IEAA@XZ
??0FPlayTimeLimitImpl@@QEAA@XZ
??0FPlayTimeLimitUser@@QEAA@AEBV0@@Z
??0FPlayTimeLimitUser@@QEAA@AEBV?$TSharedRef@$$CBVFUniqueNetId@@$00@@@Z
??1?$TSharedFromThis@VFPlayTimeLimitUser@@$00@@IEAA@XZ
??1FPlayTimeLimitImpl@@UEAA@XZ
??1FPlayTimeLimitUser@@UEAA@XZ
??4?$TSharedFromThis@VFPlayTimeLimitUser@@$00@@IEAAAEAV0@AEBV0@@Z
??4FPlayTimeLimitUser@@QEAAAEAV0@AEBV0@@Z
??_7FPlayTimeLimitImpl@@6B@
??_7FPlayTimeLimitUser@@6B@
?AsShared@?$TSharedFromThis@VFPlayTimeLimitUser@@$00@@QEAA?AV?$TSharedRef@VFPlayTimeLimitUser@@$00@@XZ
?AsShared@?$TSharedFromThis@VFPlayTimeLimitUser@@$00@@QEBA?AV?$TSharedRef@$$CBVFPlayTimeLimitUser@@$00@@XZ
?AsWeak@?$TSharedFromThis@VFPlayTimeLimitUser@@$00@@QEAA?AV?$TWeakPtr@VFPlayTimeLimitUser@@$00@@XZ
?AsWeak@?$TSharedFromThis@VFPlayTimeLimitUser@@$00@@QEBA?AV?$TWeakPtr@$$CBVFPlayTimeLimitUser@@$00@@XZ
?ClearDialogOverrideText@FPlayTimeLimitUser@@UEAAXXZ
?DoesSharedInstanceExist@?$TSharedFromThis@VFPlayTimeLimitUser@@$00@@QEBA_NXZ
?DumpState@FPlayTimeLimitImpl@@QEAAXXZ
?GameExitByRequest@FPlayTimeLimitImpl@@QEAAXXZ
?Get@FPlayTimeLimitImpl@@SAAEAV1@XZ
?GetConfigEntry@FPlayTimeLimitImpl@@QEBAPEBUFOnlinePlayLimitConfigEntry@@H@Z
?GetLastKnownRewardRate@FPlayTimeLimitUser@@QEBAMXZ
?GetNextNotificationTime@FPlayTimeLimitUser@@QEBA?AU?$TOptional@N@@XZ
?GetPlayTimeMinutes@FPlayTimeLimitImpl@@UEAAHAEBVFUniqueNetId@@@Z
?GetRewardRate@FPlayTimeLimitImpl@@UEAAMAEBVFUniqueNetId@@@Z
?GetUserId@FPlayTimeLimitUser@@QEBA?AV?$TSharedRef@$$CBVFUniqueNetId@@$00@@XZ
?GetWarnUserPlayTimeDelegate@FPlayTimeLimitImpl@@UEAAAEAV?$TMulticastDelegate@$$A6AXAEBVFUniqueNetId@@HMAEBVFString@@11@ZUFDefaultDelegateUserPolicy@@@@XZ
?HasTimeLimit@FPlayTimeLimitImpl@@UEAA_NAEBVFUniqueNetId@@@Z
?Init@FPlayTimeLimitUser@@UEAAXXZ
?Initialize@FPlayTimeLimitImpl@@QEAAXXZ
?LogPlayTimeLimit@@3UFLogCategoryLogPlayTimeLimit@@A
?MockUser@FPlayTimeLimitImpl@@QEAAXAEBVFUniqueNetId@@_NN@Z
?NotifyNow@FPlayTimeLimitImpl@@QEAAXXZ
?RegisterUser@FPlayTimeLimitImpl@@QEAAXAEBVFUniqueNetId@@@Z
?SetLastKnownRewardRate@FPlayTimeLimitUser@@QEAAXM@Z
?SetNextNotificationTime@FPlayTimeLimitUser@@UEAAXAEBU?$TOptional@N@@@Z
?Shutdown@FPlayTimeLimitImpl@@QEAAXXZ
?Tick@FPlayTimeLimitImpl@@QEAA_NM@Z
?Tick@FPlayTimeLimitUser@@UEAAXXZ
?UnregisterUser@FPlayTimeLimitImpl@@QEAAXAEBVFUniqueNetId@@@Z
?UpdateNextNotificationTime@FPlayTimeLimitImpl@@IEBAXAEAVFPlayTimeLimitUser@@H@Z
InitializeModule

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c4bcbe49b9fdcc156614c006abaa522

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

unrealserver-onlinesubsystem

unrealserver-core

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.uedbg Size: 2KB - Virtual size: 1KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 512B - Virtual size: 432B

.text
Size: 29KB - Virtual size: 29KB

.uedbg
Size: 2KB - Virtual size: 1KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 512B - Virtual size: 432B