009c39b8a3e17cab68f7fc6c42b86150_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

009c39b8a3e17cab68f7fc6c42b86150_NEIKI
Size

6.6MB
MD5

009c39b8a3e17cab68f7fc6c42b86150
SHA1

a3d7e25a23e78f3d99a84984041c45547085090c
SHA256

78aa198bd54e76ff0ecdd193b144488208e46d3d7225da864a83fe707132c333
SHA512

d7f53a47e9c9c9f283fa682bbf703051177f323308264b7d51f29ceb5c95c9fed02bb094a82954b500365bcd1e8fe8ac58658dfc914a869bceb9d9b9c2405d63
SSDEEP

98304:ZeuAM4fjioUDiRlkYdLEItgMeHFdi4VEk0V:ARMg2oUDTpMeLiJk0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
009c39b8a3e17cab68f7fc6c42b86150_NEIKI

Files

009c39b8a3e17cab68f7fc6c42b86150_NEIKI
.exe windows:6 windows x64 arch:x64

a46498bee73b2605490d6620881e065f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\jenkins\workspace\y_DDA-Core_release_PDFY23OCT_1.0@2\target\Windows\x64\symbols\Release\AdskUninstallHelper.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msi

ord217
ord173
ord8
ord169
ord118
ord92
ord150
ord78
ord160
ord159
ord32
ord205
ord246
ord44
ord244
ord238
ord70

shlwapi

PathIsUNCW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathFileExistsW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSOpenServerW
WTSCloseServer

secur32

LsaFreeReturnBuffer
LsaEnumerateLogonSessions
LsaGetLogonSessionData

kernel32

LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
DecodePointer
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleFileNameW
LocalFree
FormatMessageA
FormatMessageW
WideCharToMultiByte
TlsAlloc
TlsFree
MoveFileExW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateFileW
GetFileAttributesExW
GetFileSize
ReadFile
CloseHandle
MultiByteToWideChar
AreFileApisANSI
WriteFile
GetSystemDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetHandleInformation
CreatePipe
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
CreateProcessA
FreeLibrary
LoadLibraryExW
GetCurrentProcess
CreateProcessW
OpenProcess
GetModuleHandleW
GetProcAddress
AddDllDirectory
LoadLibraryW
GlobalAlloc
GlobalFree
GetLocaleInfoW
QueryFullProcessImageNameW
SetDllDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32EnumProcessModules
K32GetModuleFileNameExW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
GetVolumeInformationW
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
GetTempPathW
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FlushFileBuffers
GetFileAttributesW
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SetFileTime
DeviceIoControl
GetWindowsDirectoryW
CreateDirectoryExW
CopyFileExW
IsDebuggerPresent
GetLocaleInfoEx
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
GetCurrentThread
GetCommandLineW
GetCommandLineA
GetStdHandle
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
ReadConsoleW
GetTimeZoneInformation
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableW
GetModuleHandleExW
ExitProcess
TlsSetValue
TlsGetValue
SetLastError
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
InterlockedPushEntrySList
SetStdHandle
WriteConsoleW
IsProcessorFeaturePresent
GetStartupInfoW
lstrcpyW
RtlUnwind
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetCurrentProcessId

user32

UnregisterClassW
GetWindowThreadProcessId
EnumWindows
GetShellWindow
ExitWindowsEx

shell32

SHGetFileInfoW
ord51
ShellExecuteExW
SHGetKnownFolderPath

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize

oleaut32

SysFreeString

advapi32

RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
DuplicateTokenEx
EqualSid
RegSetValueExW
RegDeleteTreeW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegCreateKeyExW
CreateProcessAsUserW
ConvertSidToStringSidW
CreateProcessWithTokenW
LookupPrivilegeValueW
LookupAccountSidW
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
FreeSid

ws2_32

WSACleanup
WSAStartup

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom

wintrust

WinVerifyTrust

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptQueryObject
CryptMsgClose

Exports

Exports

??0?$codecvt_null@_W@archive@boost@@QEAA@_K@Z
??0?$singleton@V?$extended_type_info_typeid@V?$vector@VPackageData@Serialization@Autodesk@@V?$allocator@VPackageData@Serialization@Autodesk@@@std@@@std@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??0?$singleton@V?$extended_type_info_typeid@VBundleData@Serialization@Autodesk@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??0?$singleton@V?$extended_type_info_typeid@VPackageData@Serialization@Autodesk@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??1?$codecvt_null@_W@archive@boost@@UEAA@XZ
??_F?$codecvt_null@_W@archive@boost@@QEAAXXZ
?do_always_noconv@?$codecvt_null@_W@archive@boost@@EEBA_NXZ
?do_encoding@?$codecvt_null@_W@archive@boost@@EEBAHXZ
?do_in@?$codecvt_null@_W@archive@boost@@EEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?do_max_length@?$codecvt_null@_W@archive@boost@@EEBAHXZ
?do_out@?$codecvt_null@_W@archive@boost@@EEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@VPackageData@Serialization@Autodesk@@V?$allocator@VPackageData@Serialization@Autodesk@@@std@@@std@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@V?$vector@VPackageData@Serialization@Autodesk@@V?$allocator@VPackageData@Serialization@Autodesk@@@std@@@std@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@VBundleData@Serialization@Autodesk@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VBundleData@Serialization@Autodesk@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@VPackageData@Serialization@Autodesk@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@VPackageData@Serialization@Autodesk@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_iarchive@archive@boost@@V?$vector@VPackageData@Serialization@Autodesk@@V?$allocator@VPackageData@Serialization@Autodesk@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vxml_iarchive@archive@boost@@V?$vector@VPackageData@Serialization@Autodesk@@V?$allocator@VPackageData@Serialization@Autodesk@@@std@@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_iarchive@archive@boost@@VBundleData@Serialization@Autodesk@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vxml_iarchive@archive@boost@@VBundleData@Serialization@Autodesk@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_iarchive@archive@boost@@VPackageData@Serialization@Autodesk@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vxml_iarchive@archive@boost@@VPackageData@Serialization@Autodesk@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vxml_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEBV?$map@Vxml_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEBV?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEBV?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_lock@singleton_module@serialization@boost@@AEAAAEA_NXZ
?get_mutable_instance@?$singleton@V?$map@Vxml_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEAV?$map@Vxml_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEAV?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEAV?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?is_destroyed@?$singleton@V?$map@Vxml_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_locked@singleton_module@serialization@boost@@QEAA_NXZ
?load_object_data@?$iserializer@Vxml_iarchive@archive@boost@@V?$vector@VPackageData@Serialization@Autodesk@@V?$allocator@VPackageData@Serialization@Autodesk@@@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?load_object_data@?$iserializer@Vxml_iarchive@archive@boost@@VBundleData@Serialization@Autodesk@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?load_object_data@?$iserializer@Vxml_iarchive@archive@boost@@VPackageData@Serialization@Autodesk@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?lock@?1??get_lock@singleton_module@serialization@boost@@AEAAAEA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@QEAAXXZ
?unlock@singleton_module@serialization@boost@@QEAAXXZ

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 702KB - Virtual size: 702KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 387KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 596KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a46498bee73b2605490d6620881e065f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

msi

shlwapi

userenv

wtsapi32

secur32

kernel32

user32

shell32

ole32

oleaut32

advapi32

ws2_32

bcrypt

wintrust

crypt32

Exports

Exports

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 702KB - Virtual size: 702KB

.data Size: 387KB - Virtual size: 418KB

.pdata Size: 260KB - Virtual size: 260KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 81KB - Virtual size: 81KB

.reloc Size: 596KB - Virtual size: 600KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 702KB - Virtual size: 702KB

.data
Size: 387KB - Virtual size: 418KB

.pdata
Size: 260KB - Virtual size: 260KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 81KB - Virtual size: 81KB

.reloc
Size: 596KB - Virtual size: 600KB