ff12dbe8c40c01021f51fa950560cd40_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

ff12dbe8c40c01021f51fa950560cd40_NEIKI
Size

167KB
MD5

ff12dbe8c40c01021f51fa950560cd40
SHA1

a34cf9ad75ce7f21d6147956f771f5136c03a955
SHA256

2f707ff66a14382d4e050cab3d25450a7d8b0753d16a1c9e7cc56058720f448e
SHA512

87ff4878dffe57db8a090f897b0b992bef73118dd1617d9d5b37ee484ec110d6bb50e8040d70567d2a0013238dd4dd324a0bf88e2f4dfea5ef0879d0f3aeb6c8
SSDEEP

1536:ppP9XbLg9noEAZauwwcdz8iLXbgOHin3ULKS4sbTpoESyt:jP1MJoExuwrl8abgOHqkNDprSy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff12dbe8c40c01021f51fa950560cd40_NEIKI

Files

ff12dbe8c40c01021f51fa950560cd40_NEIKI
.exe windows:5 windows x86 arch:x86

2db8e096d080c2f5d45d97215251f735

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\builds\moz2_slave\tb-try-c-cen-w32-d-00000000000\build\objdir-tb\dom\base\test\TestCSPParser.pdb

Imports

nss3

PR_AssertCurrentThreadOwnsLock
PR_Unlock
PR_Lock
PR_DestroyLock
PR_NewLock
PR_GetThreadPrivate
PR_SetThreadPrivate
PR_NewThreadPrivateIndex
PR_CallOnce
PR_Now
PR_sscanf
PR_Free
PR_dtoa
PR_Assert
PR_SetCurrentThreadName
PR_snprintf
PR_WaitCondVar
PR_IntervalNow
PR_GetEnv
PR_GetCurrentThread
PR_smprintf_free
PR_FileDesc2NativeHandle
PR_Seek64
PR_AssertCurrentThreadInMonitor
PR_Wait
PR_ExitMonitor
PR_EnterMonitor
PR_smprintf

xul

?outOfLineKind@GCCellPtr@JS@@ABE?AW4JSGCTraceKind@@XZ
?toScript@GCCellPtr@JS@@QBEPAVJSScript@@XZ
?toObject@GCCellPtr@JS@@QBEPAVJSObject@@XZ
?isScript@GCCellPtr@JS@@QBE_NXZ
?isObject@GCCellPtr@JS@@QBE_NXZ
??0GCCellPtr@JS@@QAE@ABVValue@1@@Z
??0GCCellPtr@JS@@QAE@PAVJSScript@@@Z
??0GCCellPtr@JS@@QAE@PAVJSString@@@Z
??0GCCellPtr@JS@@QAE@PAVJSFunction@@@Z
??0GCCellPtr@JS@@QAE@PAVJSObject@@@Z
??0GCCellPtr@JS@@QAE@PAXW4JSGCTraceKind@@@Z
?_external_GetObserverService@services@mozilla@@YG?AU?$already_AddRefed@VnsIObserverService@@@@XZ
NS_Free
NS_GetComponentManager
NS_GetServiceManager
NS_CStringCloneData
NS_CStringGetMutableData
NS_CStringGetData
NS_StringCopy
NS_StringGetMutableData
NS_StringGetData
NS_CStringCopy
NS_CStringSetDataRange
NS_CStringSetData
NS_StringSetDataRange
NS_LogRelease
NS_LogAddRef
NS_LogDtor
NS_LogCtor
NS_Alloc
NS_GetMemoryManager
?GetInnerWindowID@LoadInfo@mozilla@@UAG?AW4nsresult@@PAI@Z
?BaseURI@LoadInfo@mozilla@@UAEPAVnsIURI@@XZ
?GetBaseURI@LoadInfo@mozilla@@UAG?AW4nsresult@@PAPAVnsIURI@@@Z
?GetContentPolicyType@LoadInfo@mozilla@@UAG?AW4nsresult@@PAI@Z
?GetLoadingSandboxed@LoadInfo@mozilla@@UAG?AW4nsresult@@PA_N@Z
?GetForceInheritPrincipal@LoadInfo@mozilla@@UAG?AW4nsresult@@PA_N@Z
?GetSecurityFlags@LoadInfo@mozilla@@UAG?AW4nsresult@@PAI@Z
?LoadingNode@LoadInfo@mozilla@@UAEPAVnsINode@@XZ
?GetLoadingDocument@LoadInfo@mozilla@@UAG?AW4nsresult@@PAPAVnsIDOMDocument@@@Z
?TriggeringPrincipal@LoadInfo@mozilla@@UAEPAVnsIPrincipal@@XZ
?GetTriggeringPrincipal@LoadInfo@mozilla@@UAG?AW4nsresult@@PAPAVnsIPrincipal@@@Z
?LoadingPrincipal@LoadInfo@mozilla@@UAEPAVnsIPrincipal@@XZ
?GetLoadingPrincipal@LoadInfo@mozilla@@UAG?AW4nsresult@@PAPAVnsIPrincipal@@@Z
?Release@LoadInfo@mozilla@@UAGKXZ
?AddRef@LoadInfo@mozilla@@UAGKXZ
?QueryInterface@LoadInfo@mozilla@@UAG?AW4nsresult@@ABUnsID@@PAPAX@Z
NS_UTF16ToCString
NS_CStringToUTF16
NS_CStringContainerFinish
NS_CStringContainerInit2
NS_CStringContainerInit
NS_StringContainerFinish
NS_StringContainerInit2
NS_StringContainerInit
NS_LogCOMPtrRelease
NS_LogCOMPtrAddRef
NS_DebugBreak
NS_NewLocalFile
NS_ShutdownXPCOM
NS_InitXPCOM2

kernel32

GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
EncodePointer
CloseHandle
OutputDebugStringA
IsDebuggerPresent
SetFilePointerEx
SetEndOfFile
ReadFile
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
VerifyVersionInfoA
SetThreadPriority
GetCurrentThread
VerSetConditionMask
DecodePointer
TerminateProcess

msvcr120

_wfopen
memcpy
memcmp
_hypot
vprintf
putchar
printf
fprintf
fflush
__iob_func
exit
_purecall
_except_handler4_common
_controlfp_s
_invoke_watson
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
memmove
_vsnprintf
_commode
_fmode
__initenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_dup
_vscprintf
vfprintf
fputs
_fdopen
srand
_snprintf
strchr
memset
ftell
fseek
fread
fclose
wcstol
strncpy
strpbrk
strtol
rand
wcschr
wcspbrk
wcsncmp

mozglue

wcsdup
strdup
malloc
realloc
moz_xrealloc
free
moz_xmalloc

Exports

Exports

??0LoadInfo@mozilla@@QAE@ABV01@@Z
??4LoadInfo@mozilla@@QAEAAV01@ABV01@@Z
??_7LoadInfo@mozilla@@6B@

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2db8e096d080c2f5d45d97215251f735

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nss3

xul

kernel32

msvcr120

mozglue

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 78KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB