02aa4d6c6333d057dc588665b171ec10_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

02aa4d6c6333d057dc588665b171ec10_NEIKI
Size

203KB
MD5

02aa4d6c6333d057dc588665b171ec10
SHA1

007ba3318f0cca46c134f74a1642e8feafd9286c
SHA256

232525a24f2843a1b268803a89043417586a1a904099d42ff1e207842f0b6485
SHA512

321482cb45d59f87c0b5828f423c730dc2f2198cb02ce2a333fe0ce96f0c920fb1a0c1a7ce5a5c4558d5b9b6538c4606fc93286609c5700d92fce364346186af
SSDEEP

3072:MMs+NzUmpiaukL5Li4QrRCHsC9bolwv+l7Icv0ThXv5End1H3qZexOd+IH:MMsgqaukL5LiRUMC9x+lRvqud3fYv

Score

1^/10

Malware Config

Signatures

Files

02aa4d6c6333d057dc588665b171ec10_NEIKI
.exe windows:6 windows x64 arch:x64

6cee8a258938900d1e95884265543310

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:be:8b:d9:cc:c3:d9:c1:0c:46:63:20
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/09/2022, 09:44

Not After

15/09/2023, 09:44

Subject

SERIALNUMBER=91440101MA9Y0A9B9D,CN=广州音视舞动网络科技有限公司,OU=市场部,O=广州音视舞动网络科技有限公司,STREET=天河区建中路59号302房,L=广州,ST=广东,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13094775616e677a686f75,1.3.6.1.4.1.311.60.2.1.2=#13094775616e67646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:a8:1d:11:c8:64:9b:72:bb:81:6f:1a:cb:45:e1:d7:0e:72:ff:2c:c0:17:30:f3:9c:18:5e:83:90:00:f6:c2
Signer

Actual PE Digest

47:a8:1d:11:c8:64:9b:72:bb:81:6f:1a:cb:45:e1:d7:0e:72:ff:2c:c0:17:30:f3:9c:18:5e:83:90:00:f6:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

cvcore

??0CVCProperties@CVCore@@QEAA@XZ
??1CVCProperties@CVCore@@UEAA@XZ
?setDouble@CVCProperties@CVCore@@QEAAXPEBDN@Z
?setString@CVCProperties@CVCore@@QEAAXPEBDAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getDouble@CVCProperties@CVCore@@QEBANPEBDN@Z
?getPointer@CVCProperties@CVCore@@QEBAPEAXPEBDQEAX@Z
?dump@CVCProperties@CVCore@@QEAAXXZ
?fps@CVCProfile@CVCore@@QEBANXZ
?dump@CVCProfile@CVCore@@QEBAXXZ
??1CVCProfile@CVCore@@QEAA@XZ
?getStringId@CVCService@CVCore@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getSingleton@CVCManager@CVCore@@SAPEAV12@XZ
?init@CVCManager@CVCore@@QEAAHXZ
?release@CVCManager@CVCore@@QEAAXXZ
?setProfile@CVCManager@CVCore@@QEAAXAEBVCVCProfile@2@@Z
?setMode@CVCManager@CVCore@@QEAAXW4CVCMode@2@@Z
?getSingleton@CVCFactory@CVCore@@SAPEAV12@XZ
?createProducer@CVCFactory@CVCore@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVCVCProfile@2@AEBVCVCProperties@2@@Z
?loadProfile@CVCFactory@CVCore@@QEAA?AVCVCProfile@2@PEBD@Z
?getProducerById@CVCore@@YAPEAVCVCProducer@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getSingleton@CVCProgress@CVCore@@SAPEAV12@XZ
?updateProgress@CVCProgress@CVCore@@QEAAXN@Z
?setAppDataPath@CVCManager@CVCore@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

crashrpt1403

ord8
ord9
ord16
ord27
ord24
ord29

alog

log_debug
log_set_level
log_error
log_info

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Xlength_error@std@@YAXPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uncaught_exception@std@@YA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

vcruntime140

__C_specific_handler
__std_terminate
memset
memmove
memcpy
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_register_thread_local_exe_atexit_callback
_crt_atexit
terminate
_c_exit
_set_app_type
_cexit
__p___argv
__p___argc
_exit
exit
_seh_filter_exe
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_sleep
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

kernel32

GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

`��ط�Dh��d=�e�:*�'G��h~��/{u(��u��p��Bm��3c��q��$nn@Gz��*<G>�卺EXj}GF۳*9�3V7p��ӱ��:��X��.�0vpb� ��t1�o�^��XJE��ا5k;�� '9�\��Hk��5�ۈ#4��4b0q�n��FԌ��F�].�S�Г��P��|k�q]V�O�DO�{R��IS��U�>f �+R��?�u�'�+n�i0|��8��-\� ��{��u@?�t�E��1�4�P��]`��e��sF�J^/x�r��Av�uP��Ȭv��F�U��,NrQxI��-L�s?E�ҽ ��usY�/��q��G�a�-�Y��s|S��;�E'tu1��m ��Q�d׫E��b==��t��P��Ea�)�z-�N^��0��Kl��C�ײ��~\M2V=��C��~�-+�5��'��h�Åw��vT�/��g�B�n��Y�P�dZ,��A��#j(ϛ�o��=��i��9��`}wN�?<�i�LZ:��Td�w ��c��B�癙�ӷ�lP\��b�g'S� �nw37c�Cϗ�|��sd�b�I%��Rr�NTd{��'2��Ȫ��|C`�_�wL�Wj�u��N�g�^P��r�߽c�%F��-�d`A�� ,1��QS�� F�$gm��?��L�S��Qƍ��~�Eƻr�N�W=XF��3Y<��5%�z3�m��EX(KU9X&��(S�;l/��K� ��Ӽ�Q^J(�S��IhvH��7&�r��քvI{�eB{{w�}��b��#�|v�f��o��j�7k��=�<��}Y��R��'��A�Y+�7��F��f��(�4e�v��z�^k]��u��hqQ:�jqH��7" �K�ڨo�A�aN�*��Y#�Wڝ0J��SG�lv��3�ж�l��z��s�h"�/��?E�_�f��g�~,�=�ڊ�^��W��`�Ԧ3�;�Fg��e+pL��I7�R�:�Ѿ��'DV��n�F#a��R$n�o�4��71_*=�:�aiMԊ��NuWK�Ir;�r�o��U��WJN�� )c��l��ދ况��C~Tv5�cY��,RO�0wF��(9n�� G�#�0��s��֨�k��8�~O�Mj��l\ �D��5Eb�6֛�K��:�N�Y��4~g��D��|޶�M��B�-�H�.�W��h�!z�Q��5�Ա@ՠr�C7��/��g��B R%��Z'�D��c5�Ɔ��}b)"�&둪�6l�n/L�e��i4�~�+9T�M6Z��Rh]=�M�՞46�21��1|�ħ�?��E` j��ËujcD�D@��[Y^��/��kcRC#�)�Aٿ� �-��❶ �� E�/rn, ӧgWQFV��{�姖��⿠k.Us� L.��P<=Q�h�U�=tA�u��UiИ�M3�H��&$tm݂i�dz^��q��)�Я?�oq�[�ٌ��Q��X��Q(��j��'ȋ ��!��g#�"�|�ЀF��e�K��.��l_W[)}-��c�syl��oc?�4��}��of�c�X��Wgޮ��{D�� 듊��ӱ��BG�v�8X$�e��7�d�r�ZA3 �M��N��/�d��UU�g�.�Mi z�5�%{[CO��1�7Z��'�g�O^��,x� T��X}Bص锵��k�K�w7��u�q�M=��[/#�pݵX�+)��7��%�c.LȰ�I_�a�q�-�D `(ٛ��ـBI�}( 4��쥹��7��n_m7��6ɔ\�}#��I�"_:��o4��T.*O�o'��֕��7��q|P�ۆ�ǽ� ui��L�5�&�L��@��j��i a��qz7#��pq��t$��Mf/o�q�%�[}:T��ħ�c� iWb'C��~��E��^�RN�tW��٦��b�#kR=gw�� U�P=[k� �:��#|*ơI��?��q��?��J��t��+v��\!��oove��(��8�:ۘ�?��w%G� ��5!��0��T�o�>8�*��p�FX��m��Co�C��oN�׫%F�~i��H�<� \ЮG*��q׹�8��("�5d_��SnJ!�O�9쩧�2�vT�գϚQE� �8�A�L�f��}O7ZS�4w��`�#`J�V�E�4�,��3xy�N��^��N��j �Pa�wZd;�`y�Hvp*��/|��C�:Hœ6��B�+�&f��*�R&]y��*��t��-+�6��t�5��"��-��0'>��!� �\�m�fw��1Wvq+�N�Ds6'D��E��is��!��ï.p_F�V�a��b��cLVR�6�=�u�-�Ne��Oy��sw4jh�`�q��d�;8��?��|cR�� s��?��W�\Twat��<<�J��?�n��C�Ra��)8�-��!m��"��95�p�e"��\0��ノr��^��J@Ml�Th�T�Q ��M,+��3Y��w�1�� ;%¼ ��T��h��'GsT��{ġ�L��I2J�v�=x��1��h%>�|�Yp�G}-��vef晿��f�ٗ��ҽ��R�a�U$��Lh3��%��- �]��_&'��N�1�z�>�,cTvn�i[�E Jo�f+s"��]� {��H�!�,��`?��eA�N��>&��g��~��Q��Y�5��e��]ė�?x�A��ƽ�}�`�Z�|��~�N6@˚'��T�� p�O[^��A�}�e0��H�!�D��@�*��J2��tDnx�d�$�k�2D��O2\k[�

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cee8a258938900d1e95884265543310

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

30:be:8b:d9:cc:c3:d9:c1:0c:46:63:20Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

47:a8:1d:11:c8:64:9b:72:bb:81:6f:1a:cb:45:e1:d7:0e:72:ff:2c:c0:17:30:f3:9c:18:5e:83:90:00:f6:c2Signer

Headers

DLL Characteristics

File Characteristics

Imports

cvcore

crashrpt1403

alog

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 924B

.vmp0 Size: 84KB - Virtual size: 84KB

.tls Size: 512B - Virtual size: 48B

.vmp1 Size: 81KB - Virtual size: 81KB

.reloc Size: 512B - Virtual size: 472B

.rsrc Size: 1KB - Virtual size: 1KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

30:be:8b:d9:cc:c3:d9:c1:0c:46:63:20
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

47:a8:1d:11:c8:64:9b:72:bb:81:6f:1a:cb:45:e1:d7:0e:72:ff:2c:c0:17:30:f3:9c:18:5e:83:90:00:f6:c2
Signer

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 924B

.vmp0
Size: 84KB - Virtual size: 84KB

.tls
Size: 512B - Virtual size: 48B

.vmp1
Size: 81KB - Virtual size: 81KB

.reloc
Size: 512B - Virtual size: 472B

.rsrc
Size: 1KB - Virtual size: 1KB