ed29d4f525c46d69541bf00222a8bb50_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

ed29d4f525c46d69541bf00222a8bb50_NEIKI
Size

477KB
MD5

ed29d4f525c46d69541bf00222a8bb50
SHA1

6d1e602bc38188ecf83b777955275aef460850d4
SHA256

8ebcc4853ae72a58af6f98fc561435ff7647ae1f4df02289e00ab6c1eeeea3af
SHA512

479df16849838f2fc8a00d5994b3ecaa3b3e643a74f257f083ec56d9f15f5c457a7466829c257af6e56d115f2583f68f28345164572d49980b7169a426b3c04e
SSDEEP

6144:wUgmvmW0KT867J3nL5IBy40keDcefrr1ctEhX/2tr3RzscQp5XHt:wGvmW0Y867J3KBy40kkfrritpzyHt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed29d4f525c46d69541bf00222a8bb50_NEIKI

Files

ed29d4f525c46d69541bf00222a8bb50_NEIKI
.exe windows:4 windows x86 arch:x86

186ebdc06a56e72e9aa9f50676f5f615

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hilimg32

ord56
ord51
ord72
ord69
ord55
ord52
ord71
ord23
ord20
ord13
ord18
ord22
ord21
ord17
ord65
ord57
ord54
ord73
ord77
ord68
ord78
ord58
ord87
ord50
ord61

hilcnv32

ord19
ord11
ord21
ord20
ord5
ord13
ord9
ord32
ord49
ord31
ord14
ord35
ord53
ord38
ord15
ord16
ord24
ord37
ord26
ord12
ord39
ord50
ord25
ord10
ord34
ord46
ord33

hilxfm32

ord14
ord16

halaoi32

ord12
ord6
ord11
ord3
ord10
ord7
ord16
ord5
ord8
ord4

halcal32

ord22
ord23
ord5
ord9
ord27
ord4

halhst32

ord15

iputil32

ord50
ord86
ord51
ord95
ord64
ord17
ord40
ord9
ord30
ord97
ord62
ord11
ord3
ord16
ord63
ord23
ord107
ord77
ord65
ord144
ord41
ord5
ord143
ord71
ord31
ord35
ord69
ord15
ord10
ord14
ord13
ord12
ord83
ord137
ord145
ord66
ord72
ord80
ord70
ord79
ord7
ord81
ord89
ord140
ord8
ord19
ord21
ord139
ord20
ord22
ord28
ord138
ord92
ord29
ord90
ord53
ord91
ord2
ord87
ord88

ipfile32

ord27
ord28
ord29
ord4
ord26
ord17
ord30
ord16
ord8
ord14
ord5
ord2
ord7

ipcntl32

ord2

mcedit32

LoadMCEdit

mcspin32

LoadHALOSpin

frames32

ord16
ord17
ord8
ord10
ord11
ord3
ord15
ord2
ord12
ord4
ord6
ord5
ord9
ord7

ipcgp32

ord267
ord3
ord2
ord332
ord108

ipbas32

ord8
ord4
ord2
ord5
ord3

ipaoi32

ord12
ord8
ord4
ord14
ord13
ord18

ipins32

ord4
ord3
ord2

ipcal32

ord30

mcgrid32

ord17
ord38
ord37
ord31
ord39
ord19
ord16
ord30

ipscd32

ord4
ord3
ord14
ord15
ord10

iprpt32

ord12
ord17
ord16
ord10
ord11
ord14

mfc42

ord860
ord1644
ord4153
ord5255
ord6199
ord4123
ord6215
ord4224
ord5990
ord3797
ord4501
ord5032
ord1168
ord3072
ord2379
ord2863
ord4147
ord4216
ord1175
ord1895
ord4958
ord3407
ord4990
ord4927
ord4932
ord4937
ord4717
ord4688
ord4857
ord5018
ord5108
ord4912
ord4646
ord4980
ord4522
ord4993
ord4537
ord5075
ord4038
ord3281
ord3353
ord4626
ord4424
ord749
ord457
ord4653
ord2563
ord2383
ord2880
ord4614
ord4613
ord1945
ord4273
ord4589
ord4899
ord5076
ord5472
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4078
ord5240
ord5290
ord3748
ord1726
ord4432
ord813
ord560
ord3754
ord5260
ord6197
ord6379
ord2535
ord738
ord2652
ord1199
ord2394
ord6329
ord3769
ord1265
ord2175
ord268
ord1669
ord2521
ord441
ord1567
ord1992
ord5981
ord3256
ord6009
ord4349
ord4441
ord5656
ord5148
ord800
ord535
ord2438
ord6270
ord4220
ord2584
ord3654
ord3663
ord2864
ord6067
ord3482
ord3294
ord6069
ord2859
ord4615
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5714
ord4622
ord3738
ord815
ord5006
ord561
ord743
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5241
ord5280
ord5261
ord4425
ord3597
ord641
ord324
ord4234
ord1858
ord2101
ord5104
ord3351
ord976
ord4152
ord2382
ord5283
ord2120
ord4470
ord3372
ord401
ord5101
ord4695
ord5939
ord5197
ord2003
ord5730
ord3948
ord2185
ord2184
ord4214
ord3107
ord5616
ord988
ord3444
ord3193
ord4162
ord3659
ord709
ord411
ord2558
ord5716
ord5717
ord5500
ord986
ord6137
ord5914
ord4159
ord2621
ord1205
ord2725
ord3922
ord5289
ord1146
ord5098
ord5883
ord5127
ord5122
ord4563
ord5092
ord4457
ord5128
ord1894
ord4254
ord2486
ord4957
ord4861
ord4826
ord3187
ord4950
ord2437
ord2171
ord5020
ord4517
ord4640
ord4916
ord5002
ord4494
ord4491
ord5021
ord3106
ord4605
ord5000
ord4416
ord5090
ord5501
ord4628
ord4657
ord5752
ord4155
ord2991
ord3417
ord5025
ord3514
ord6344
ord5627
ord1003
ord3449
ord3787
ord3250
ord4697
ord3060
ord3066
ord6336
ord2510
ord2542
ord5244
ord5742
ord5577
ord3172
ord5654
ord4423
ord4956
ord4387
ord3454
ord3198
ord6081
ord6175
ord3261
ord3280
ord4623
ord4430
ord748
ord1206
ord456
ord1223
ord4860
ord4825
ord2402
ord1876
ord266
ord5460
ord2014
ord6395
ord5455
ord3298
ord4483
ord1781
ord2793
ord2955
ord2858
ord5652
ord5019
ord5106
ord4921
ord5003
ord4730
ord4669
ord4490
ord4345
ord4338
ord4647
ord5022
ord4492
ord4512
ord4962
ord971
ord2058
ord4645
ord2548
ord5508
ord5956
ord4037
ord3268
ord720
ord420
ord4382
ord4388
ord2371
ord4493
ord5824
ord1729
ord1695
ord2441
ord3254
ord4468
ord5105
ord2391
ord2127
ord4246
ord1859
ord823
ord825
ord4460
ord2104
ord5495
ord442
ord554
ord450
ord439
ord736
ord747
ord807
ord739
ord4427
ord4627
ord4080
ord3079
ord3825
ord4946
ord4251
ord1886
ord4681
ord4685
ord4671
ord4450
ord2117
ord6000
ord674
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5252
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4436
ord4837
ord3798
ord1665
ord2649
ord5285
ord4353
ord6374
ord5163
ord2385
ord5237
ord4407
ord1776
ord4077
ord6055
ord4154
ord2878
ord2879
ord3403
ord5476
ord975
ord5012
ord3350
ord4303
ord4467
ord5103
ord5100
ord3059
ord2390
ord2723
ord402
ord529
ord796
ord4428
ord4437
ord4620
ord5284
ord4554
ord5254
ord2445
ord4694
ord4341
ord3442
ord6194
ord459
ord1576

msvcrt

strrchr
atoi
_strlwr
_stricmp
_setmbcp
_strnicmp
strncmp
strstr
__CxxFrameHandler
strchr
localtime
_stat
atof
strtok
_itoa
modf
_ecvt
sprintf
strncpy
_strrev
_controlfp
strcspn
??1type_info@@UAE@XZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
__p__acmdln
_initterm
__getmainargs
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

kernel32

GetTickCount
GlobalHandle
GetLastError
OpenFile
lstrcmpA
LocalAlloc
LocalLock
LocalUnlock
LocalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GetProfileIntA
_lread
_lwrite
lstrcmpiA
_llseek
_hread
_lclose
GetPrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryA
FreeLibrary
GetProcAddress
WinExec
LoadLibraryExA
GlobalAddAtomA
CloseHandle
GetProfileStringA
GetWindowsDirectoryA
OpenFileMappingA
UnmapViewOfFile
MapViewOfFile
GetModuleHandleA
MulDiv
GlobalMemoryStatus
GetPrivateProfileIntA
GetModuleFileNameA
CopyFileA
Sleep
CreateFileMappingA
CreateFileA
GetVersion
GetStartupInfoA
WritePrivateProfileStringA
lstrcatA

user32

ShowWindow
IsWindowVisible
WinHelpA
SetFocus
AdjustWindowRect
SetForegroundWindow
DefFrameProcA
DispatchMessageA
UpdateWindow
TranslateAcceleratorA
TranslateMDISysAccel
IsDialogMessageA
GetMessageA
TranslateMessage
IsIconic
SetTimer
KillTimer
GetClassLongA
ClientToScreen
DrawMenuBar
CheckMenuItem
LoadMenuA
GetSystemMenu
CharLowerA
ReleaseDC
GetDC
SetScrollPos
ScrollWindow
GetClientRect
ScreenToClient
GetWindow
EnumChildWindows
GetClipboardData
CreateMenu
InsertMenuA
SetScrollRange
EnableScrollBar
InflateRect
PtInRect
GetCursorPos
IsRectEmpty
GetScrollPos
GetMenuItemID
GetSubMenu
IsMenu
EndPaint
BeginPaint
GetDesktopWindow
IsClipboardFormatAvailable
SetRect
ChangeClipboardChain
MapWindowPoints
GetClipboardOwner
SetClipboardViewer
GetFocus
CreateWindowExA
WindowFromPoint
DefWindowProcA
DrawTextA
LoadStringA
GetClassInfoA
LoadBitmapA
SetClassLongA
RegisterClipboardFormatA
DrawIcon
IsWindow
ReleaseCapture
SetCapture
ModifyMenuA
GetWindowLongA
CallWindowProcA
EnableMenuItem
PostMessageA
SetWindowLongA
GetKeyState
LoadCursorA
wsprintfA
SetCursor
MessageBeep
DestroyWindow
GetActiveWindow
BringWindowToTop
SendMessageA
UnregisterClassA
LoadIconA
RegisterClassA
IntersectRect
OffsetRect
CheckRadioButton
CheckDlgButton
IsDlgButtonChecked
InvalidateRect
SetWindowTextA
SetDlgItemInt
GetWindowTextA
GetDlgItemInt
GetSystemMetrics
GetWindowRect
SetWindowPos
PeekMessageA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawFocusRect
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
GetParent
EndDialog
GetDlgItem
EnableWindow
DialogBoxParamA
CreateDialogParamA
DeleteMenu
AppendMenuA
MessageBoxA
GetMenuStringA
GetMenu
GetMenuItemCount
wvsprintfA
CreatePopupMenu
DestroyMenu
FillRect
TrackPopupMenu

gdi32

CloseMetaFile
UnrealizeObject
DeleteMetaFile
SelectPalette
SetDIBits
CreateBitmap
GetPaletteEntries
GetBitmapBits
GetDIBits
CreatePalette
StretchDIBits
SetStretchBltMode
CreateFontA
RealizePalette
SetWindowExtEx
SetWindowOrgEx
CreateMetaFileA
TextOutA
SetTextColor
GetBkColor
GetNearestPaletteIndex
CreatePatternBrush
CreatePen
GetStockObject
BitBlt
SelectObject
MoveToEx
LineTo
SetBrushOrgEx
StretchBlt
ExcludeClipRect
DeleteDC
GetObjectA
CreateCompatibleDC
GetTextMetricsA
GetTextExtentPointA
SetBkColor
PatBlt
SaveDC
CreateSolidBrush
Rectangle
SetBkMode
DeleteObject
RestoreDC
CreateRectRgnIndirect
GetDeviceCaps
CreateDIBitmap
CreateCompatibleBitmap

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

DragQueryFileA
DragFinish

comctl32

PropertySheetA
ord17

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_HA
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

186ebdc06a56e72e9aa9f50676f5f615

Headers

File Characteristics

Imports

hilimg32

hilcnv32

hilxfm32

halaoi32

halcal32

halhst32

iputil32

ipfile32

ipcntl32

mcedit32

mcspin32

frames32

ipcgp32

ipbas32

ipaoi32

ipins32

ipcal32

mcgrid32

ipscd32

iprpt32

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

shell32

comctl32

Sections

.text Size: 256KB - Virtual size: 256KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 13KB - Virtual size: 29KB

.idata Size: 12KB - Virtual size: 12KB

_TEXT_HA Size: 62KB - Virtual size: 62KB

.rsrc Size: 103KB - Virtual size: 103KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 256KB - Virtual size: 256KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 13KB - Virtual size: 29KB

.idata
Size: 12KB - Virtual size: 12KB

_TEXT_HA
Size: 62KB - Virtual size: 62KB

.rsrc
Size: 103KB - Virtual size: 103KB

.reloc
Size: 22KB - Virtual size: 21KB