ea9539b151da82775a26f35e9d069670_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

ea9539b151da82775a26f35e9d069670_NEIKI
Size

340KB
MD5

ea9539b151da82775a26f35e9d069670
SHA1

8b14b73f3db844454ac430bb7ac9d315999231ad
SHA256

fef7d8b2519ff202e5e2647ce8ae3df9cbadb7c76c68c65ff1260d0f9816f4c2
SHA512

cfb8dae1da89eacc02f6de306955d591aa1a5dd01503456e3b677ca27147b920c751a3d2971f46c04a16dc117f4209c906567c350175ae6183e7514473205e85
SSDEEP

6144:POFgAU+1IuPNDw90N9R8dpVqX6BeJLdQ5VkusFFbFbgDPZ0W+36bMapQEUQEhq:P4gAquxw90NH8d/qXGeJLdQ5VkuCFbF2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea9539b151da82775a26f35e9d069670_NEIKI

Files

ea9539b151da82775a26f35e9d069670_NEIKI
.dll windows:5 windows x86 arch:x86

75175ab0e1155e69b699d687e694d682

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\CCNET\1.7.0.0\TIRD_Client\NPAPI\Chrome\Expert\Release\npTiExpert.pdb

Imports

winmm

PlaySoundA

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

CreateFileA
FlushFileBuffers
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
WideCharToMultiByte
lstrlenW
CloseHandle
MultiByteToWideChar
WriteFile
GetTickCount
GetCurrentThreadId
SetFilePointer
GetFileSize
CreateFileW
GetProcAddress
LoadLibraryA
SetLastError
FreeLibrary
FindClose
FindNextFileW
FindFirstFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetModuleHandleW
FormatMessageA
lstrlenA
GetModuleFileNameW
WaitForSingleObject
WriteConsoleW
CreateEventA
GetWindowsDirectoryW
ExpandEnvironmentStringsW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
DeleteCriticalSection
GetVersionExA
GetCurrentProcess
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InterlockedExchange
GetStringTypeW
LoadLibraryW
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
FatalAppExitA
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
SetEndOfFile
ReadFile
GetProcessHeap
SetEvent
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
RaiseException
HeapFree
RtlUnwind
DecodePointer
EncodePointer
ExitThread
CreateThread
GetCommandLineA
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
IsProcessorFeaturePresent
GetStdHandle
GetLocaleInfoW
ExitProcess
Sleep
GetCPInfo

user32

GetUserObjectInformationW
GetSystemMetrics
OpenDesktopA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
FlashWindowEx
GetForegroundWindow
GetParent
GetWindowLongA
DefWindowProcA
SetWindowLongA
EnableWindow
SendMessageA
FindWindowA
IsWindow
ShowWindow
PostMessageA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetKernelObjectSecurity

shell32

ShellExecuteW

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75175ab0e1155e69b699d687e694d682

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

version

kernel32

user32

advapi32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 187KB - Virtual size: 186KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 671KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 187KB - Virtual size: 186KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 671KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 12KB - Virtual size: 12KB