aeb59c8a5c1e40f7e34275415cf57b30_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

aeb59c8a5c1e40f7e34275415cf57b30_NEIKI
Size

140KB
MD5

aeb59c8a5c1e40f7e34275415cf57b30
SHA1

6c9721df09270dbf104dbe7f3cb0da9b35f4d343
SHA256

4cde03a970a6c1f8150c253dca17437601efb5255d3a1734e78503b960f0a12a
SHA512

3ee6faafa1a5ffd967c41991c5ac5136f135c80f58b087855ca6cbaa327917d93de2360dd4bd6823a68261796e3b89d978e5d9b3155b7f1f2e7d1daeec7e5d3b
SSDEEP

1536:R251Qim/WBnvPNFdDJNt/Owu4ppgu9CNaN9S4A3479C9Cu2hBsgcGQ/DsgcGQ/1:RO1Pv7ju42720ghgG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aeb59c8a5c1e40f7e34275415cf57b30_NEIKI

Files

aeb59c8a5c1e40f7e34275415cf57b30_NEIKI
.exe windows:4 windows x86 arch:x86

b942ea727c3b9e9b95a3bb1833674030

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetContext
ImmGetConversionStatus
ImmReleaseContext

mfc71

ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4261
ord3164
ord572
ord764
ord1063
ord578
ord5807
ord5403
ord2468
ord876
ord4035
ord310
ord6119
ord4580
ord1395
ord5641
ord602
ord347
ord2367
ord5182
ord4212
ord4735
ord4890
ord2020
ord1671
ord1670
ord1551
ord5912
ord1401
ord4244
ord5203
ord4262
ord3182
ord605
ord354
ord3660
ord3531
ord4842
ord2829
ord1959
ord1331
ord4898
ord5498
ord4311
ord2246
ord1913
ord2615
ord5009
ord5012
ord4309
ord4135
ord2939
ord4904
ord943
ord5360
ord2992
ord2425
ord2424
ord4022
ord1557
ord3945
ord5148
ord5209
ord2173
ord1306
ord4277
ord5165
ord4265
ord751
ord697
ord480
ord562
ord471
ord704
ord4302
ord762
ord4016
ord5924
ord5738
ord706
ord784
ord4858
ord2996
ord4881
ord4823
ord4833
ord4585
ord4557
ord4738
ord5017
ord4804
ord4510
ord4871
ord4375
ord4884
ord4393
ord4979
ord3912
ord2860
ord2942
ord4485
ord304
ord4912
ord3654
ord3500
ord635
ord3757
ord1604
ord1914
ord5011
ord5014
ord4310
ord5356
ord2426
ord4021
ord1905
ord5208
ord4278
ord5169
ord4267
ord742
ord553
ord431
ord2003
ord2145
ord2144
ord5859
ord4299
ord3934
ord3110
ord6306
ord6063
ord6090
ord4250
ord3758
ord5929
ord3663
ord3539
ord4857
ord4743
ord4709
ord2757
ord4847
ord1954
ord1672
ord4502
ord4809
ord4894
ord4916
ord4369
ord4335
ord4332
ord4917
ord2671
ord4461
ord4892
ord4253
ord4995
ord5384
ord4487
ord5604
ord4027
ord2547
ord3004
ord4922
ord3102
ord6245
ord5465
ord976
ord3035
ord3386
ord2825
ord4567
ord2616
ord2622
ord6238
ord2016
ord2051
ord5157
ord5594
ord1380
ord5412
ord2742
ord5496
ord4260
ord4708
ord4222
ord3040
ord2768
ord5935
ord6043
ord1964
ord2859
ord4482
ord4270
ord487
ord705
ord6229
ord1482
ord1926
ord5690
ord4525
ord6067
ord3397
ord5710
ord2902
ord907
ord911
ord1123
ord4085
ord4742
ord629
ord266
ord1439
ord6288
ord5089
ord384
ord265
ord3761
ord4856
ord3653
ord3499
ord944
ord5010
ord1572
ord5013
ord2940
ord4020
ord1904
ord5207
ord5168
ord1963
ord430
ord3109
ord6305
ord4929
ord3540
ord4049
ord6209
ord589
ord3890
ord330
ord4518
ord1198
ord2368
ord1910
ord488
ord3762
ord313
ord2306
ord4079
ord6062
ord5217
ord5731
ord3401
ord4828
ord4472
ord3646
ord3455
ord5164
ord5941
ord3106
ord1185
ord3204
ord2372
ord1903
ord1308
ord2176
ord5526
ord1923
ord4959
ord4834
ord4836
ord4488
ord4444
ord4441
ord4778
ord4387
ord4980
ord4172
ord4181
ord4591
ord4773
ord4386
ord4401
ord4399
ord4381
ord4384
ord4379
ord4864
ord4861
ord3974
ord5151
ord3344
ord1359
ord4273
ord5672
ord373
ord6026
ord1728
ord4297
ord5833
ord4147
ord3085
ord6120
ord1979
ord5803
ord2654
ord5613
ord2126
ord3760
ord2470
ord4787
ord4001
ord4123
ord4405
ord621
ord3389
ord4202
ord2022
ord391
ord1966
ord1731
ord1122
ord3105
ord508
ord2692
ord3952
ord1542
ord4413
ord3441
ord297
ord1489
ord299
ord2933
ord6118
ord1873
ord1892
ord781
ord3997
ord4108
ord2272
ord4473
ord4469
ord4467
ord3683
ord701
ord4568
ord5213
ord2248
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord5230
ord5566
ord2838
ord4481
ord3333
ord757
ord356
ord593
ord5225
ord5383
ord4031
ord2156
ord6251
ord5119
ord334
ord1497
ord959
ord5999
ord437
ord1126
ord490
ord566
ord1788
ord1881
ord2131
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord5175
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2408
ord2413
ord2394
ord2410
ord934
ord930
ord932
ord928
ord923
ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord1908
ord5152
ord4232
ord1402
ord3946
ord1617
ord1620
ord5915
ord1545
ord5637
ord1279
ord1280
ord3161
ord3163
ord3287
ord1934
ord3210
ord1084
ord6065
ord587
ord3641
ord3684
ord4394
ord2837
ord1207

msvcr71

_controlfp
fseek
_except_handler3
free
_getdiskfree
_getdrive
__CxxFrameHandler
sscanf
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_splitpath
_mbschr
_mbscmp
_time64
strftime
_localtime64
setlocale
fclose
_setmbcp
_stricmp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
fread
__security_error_handler
memset
_purecall
??0exception@@QAE@XZ
??1exception@@UAE@XZ
sprintf
fopen
ftell
_vsnprintf

kernel32

GetModuleHandleA
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrlenA
MulDiv
lstrcpynA
GlobalMemoryStatus
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
ExitProcess

user32

FillRect
DrawIcon
GetClientRect
EnableWindow
LoadIconA
wsprintfA
SendMessageA
IsWindowVisible
IsRectEmpty
InflateRect
BringWindowToTop
GetWindowRect
UpdateWindow
SetTimer
SetRect
GetFocus
GetParent
SetWindowLongA
DestroyWindow
SetWindowPos
SetWindowTextA
CreateWindowExA
ReleaseDC
GetDC
MessageBoxA
KillTimer
GetSystemMetrics
IsZoomed

gdi32

GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateFontIndirectA
GetStockObject
GetTextMetricsA
StretchBlt
Rectangle

shell32

DragAcceptFiles

msvcp71

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b942ea727c3b9e9b95a3bb1833674030

Headers

File Characteristics

Imports

imm32

mfc71

msvcr71

kernel32

user32

gdi32

shell32

msvcp71

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 48KB - Virtual size: 46KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 48KB - Virtual size: 46KB