8b1ede377d1f1ab2db65693c11f8d470_NEIKI

General

Target

8b1ede377d1f1ab2db65693c11f8d470_NEIKI
Size

87KB
MD5

8b1ede377d1f1ab2db65693c11f8d470
SHA1

429a30fd6ee884716edc634d5a752357e1a5f425
SHA256

1173a234132f6cfe408ffc78b8588c49133574822fd1cc3a915b6b22189c6419
SHA512

4fc6c928bb15a9e6204b264ee01e8bd4bc5c783bb3497274159552a736fb20d0e0677ae339dc9fa33b5ad959806967cf8d473f987c891c21ccd2618a113bf5ed
SSDEEP

1536:6DaaNM7raCJaUEy2h3x2y8Gu6xKQsAkbbbAV2PMqqU+aS2bJpNBUC:cMn7JaUD2xx2y8Gu6hsAliMqqDa/NpNq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b1ede377d1f1ab2db65693c11f8d470_NEIKI

Files

8b1ede377d1f1ab2db65693c11f8d470_NEIKI
.exe windows:5 windows x86 arch:x86

e660929b3d8ca3ba5721bb9e3b8bb889

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\656su\dev\built\winx86uni\release\kernel\cvendian.pdb

Imports

msvcr120

fwrite
realloc
fclose
exit
_close
_wassert
_stricmp
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
fprintf
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
fopen
_read
printf
fgets
strncpy
_errno
atoi
__iob_func
fputs
strerror
malloc
_open
calloc
free
strncmp
memmove
_strnicmp
_configthreadlocale
sprintf
_unlink
memcpy
memset

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
CloseHandle
GetLastError
GetStdHandle
ReadFile
SetConsoleMode
GetConsoleMode
WriteFile
FormatMessageA
SetFilePointer
CreateFileA
DecodePointer

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e660929b3d8ca3ba5721bb9e3b8bb889

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr120

kernel32

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 6KB - Virtual size: 139KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 6KB - Virtual size: 139KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 4KB