eda0496bd3955d0044fcea3e7491eb50_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

eda0496bd3955d0044fcea3e7491eb50_NEIKI
Size

73KB
MD5

eda0496bd3955d0044fcea3e7491eb50
SHA1

4530dd7308e364407deea86234e3ce0b2e40eded
SHA256

ebff1f10bf9540922eb90bcedfacd587b4c180fc327b4fb3b4483b7e9bec1a15
SHA512

524a1c47f7f078946b3eed649353551dfb751b2e11eaa150bfddd59618c61ed4036b5203fc386f2bd3f7c4733d40daf216bc4ff1ba0cd572a55b94eab72c4385
SSDEEP

1536:/oHDINM1kZxrIfNPh6MWOoQqOkA81jwMg1wNu3MzdT8dF/VmG9BB:wHEEkTkfb6xbQdG1dNUuT+F/59B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eda0496bd3955d0044fcea3e7491eb50_NEIKI

Files

eda0496bd3955d0044fcea3e7491eb50_NEIKI
.dll windows:5 windows x86 arch:x86

7ad845f0e501600b411973770adc7b75

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

debug.pdb

Imports

lua51

lua_error
lua_tointeger
lua_tolstring
lua_pushinteger
luaL_argerror
luaL_unref
luaL_ref
lua_checkstack
lua_objlen
lua_pushnumber
lua_pushfstring
lua_pushnil
lua_setmetatable
lua_newuserdata
lua_pushlstring
luaL_checkinteger
lua_settable
lua_insert
lua_remove
lua_pcall
lua_pushcclosure
luaL_optlstring
luaL_checklstring
lua_rawgeti
lua_concat
luaL_gsub
lua_load
lua_createtable
lua_pushvalue
lua_gettable
luaL_checktype
luaL_pushresult
lua_getinfo
lua_getstack
luaL_addvalue
luaL_addstring
luaL_buffinit
luaL_openlib
luaL_newmetatable
lua_tonumber
lua_rawseti
lua_next
luaL_openlibs
luaL_error
lua_gettop
lua_toboolean
lua_pushboolean
lua_type
lua_pushlightuserdata
lua_setfield
luaL_newstate
luaL_loadstring
lua_close
luaL_optinteger
lua_isstring
lua_isnumber
lua_settop
lua_rawequal
lua_getfield
lua_getmetatable
lua_touserdata
lua_pushstring
lua_isuserdata

kernel32

RtlUnwind
TerminateProcess
UnhandledExceptionFilter
GetVersion
QueryPerformanceCounter
GetTickCount
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime
FindFirstFileA
FindClose
GlobalAlloc
CreateThread
Sleep
DeleteTimerQueueEx
DeleteCriticalSection
CreateTimerQueueTimer
DeleteTimerQueueTimer
AssignProcessToJobObject
ResumeThread
CreateProcessA
GetExitCodeProcess
GetCurrentProcessId
GetCurrentProcess
ReleaseSemaphore
OpenThread
QueueUserAPC
SetLastError
SetUnhandledExceptionFilter
lstrcpyA
RaiseException
CreateFileA
GetFileSize
GlobalFree
CreateDirectoryA
GetFileAttributesA
TerminateJobObject
WaitForMultipleObjects
CreateJobObjectA
GetProcAddress
FreeLibrary
lstrcmpA
GetStdHandle
CreatePipe
ReadFile
GetLastError
CloseHandle
ExpandEnvironmentStringsA
LoadLibraryA
CreateEventA
CreateMutexA
CreateSemaphoreA
InitializeCriticalSection
lstrcpynA
lstrlenA
WaitForSingleObject
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
GetCurrentThreadId
CreateTimerQueue
DebugBreak
OutputDebugStringA
lstrcmpiA

user32

DestroyWindow
CharNextA
CreateWindowExA
GetMessageA
IsDialogMessageA
CallWindowProcA
LoadCursorA
RegisterClassExA
DefWindowProcA
MsgWaitForMultipleObjectsEx
PeekMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
PostThreadMessageA
ClientToScreen
GetClientRect
BringWindowToTop
EnableWindow
ShowWindow
GetWindowRect
UpdateWindow
InvalidateRect
ReleaseCapture
MoveWindow
MapWindowPoints
GetWindowLongA
SetWindowLongA
SetWindowPos
PostMessageA
SendMessageA

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA

shell32

SHFileOperationA
ShellExecuteA

winmm

timeGetTime

msvcrt

strchr
_except_handler3
_snprintf
memset
__CxxFrameHandler
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_callnewh
_XcptFilter
_initterm
_amsg_exit
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit
fclose
memcpy
sprintf
_vscprintf
vsprintf
free
atoi
malloc
fopen

Exports

Exports

??0ArgTable@LuaBridge@@QAE@XZ
??0char_result_dynamic@LuaBridge@@QAE@XZ
??1ArgTable@LuaBridge@@QAE@XZ
??1char_result_dynamic@LuaBridge@@QAE@XZ
??4ArgTable@LuaBridge@@QAEAAV01@ABV01@@Z
??4char_result_context@LuaBridge@@QAEAAU01@ABU01@@Z
??4char_result_dynamic@LuaBridge@@QAEAAU01@ABU01@@Z
?add@ArgTable@LuaBridge@@QAEAAV12@ABV12@PBD@Z
?add@ArgTable@LuaBridge@@QAEAAV12@HPBD@Z
?add@ArgTable@LuaBridge@@QAEAAV12@JPBD@Z
?add@ArgTable@LuaBridge@@QAEAAV12@NPBD@Z
?add@ArgTable@LuaBridge@@QAEAAV12@PAUCodeRef@2@PBD@Z
?add@ArgTable@LuaBridge@@QAEAAV12@PAUlua_State@@HPBD@Z
?add@ArgTable@LuaBridge@@QAEAAV12@PBD0@Z
?add@ArgTable@LuaBridge@@QAEAAV12@PBDI0@Z
?add@ArgTable@LuaBridge@@QAEAAV12@Q6AHPAUlua_State@@@ZPBD@Z
?add@ArgTable@LuaBridge@@QAEAAV12@Q6AHPAUlua_State@@@ZPBV12@PBD@Z
?add@ArgTable@LuaBridge@@QAEAAV12@_NPBD@Z
?addnil@ArgTable@LuaBridge@@QAEAAV12@PBD@Z
?addskipped@ArgTable@LuaBridge@@QAEAAV12@PBD@Z
?apply@ArgTable@LuaBridge@@QBEXPAUlua_State@@@Z
?arg_result_handler@LuaBridge@@YAXPAUnamed_state_t@1@_NPAX@Z
?astable@ArgTable@LuaBridge@@QBEXPAUlua_State@@@Z
?begin@ArgTable@LuaBridge@@QBE?AViterator@12@XZ
?call@LuaBridge@@YAHPAUnamed_state_t@1@PBDPBVArgTable@1@P6AX0_NPAX@Z4@Z
?call@LuaBridge@@YA_NPAUnamed_state_t@1@PBDPBVArgTable@1@PADI@Z
?char_result_handler@LuaBridge@@YAXPAUnamed_state_t@1@_NPAX@Z
?closeState@LuaBridge@@YAXPAUnamed_state_t@1@@Z
?copy@ArgTable@LuaBridge@@QBEPAV12@XZ
?createInterp@LuaBridge@@YAPAUlua_State@@PBD@Z
?createState@LuaBridge@@YAPAUnamed_state_t@1@PBDPAU21@@Z
?end@ArgTable@LuaBridge@@QBE?AViterator@12@XZ
?eval@LuaBridge@@YA_NPAUnamed_state_t@1@PBD@Z
?eval@LuaBridge@@YA_NPAUnamed_state_t@1@PBDPADI@Z
?execFile@LuaBridge@@YA_NPAUnamed_state_t@1@PBD@Z
?findOrCreateState@LuaBridge@@YAPAUnamed_state_t@1@PBD@Z
?findState@LuaBridge@@YAPAUnamed_state_t@1@PBDPAUlua_State@@@Z
?from_arguments@ArgTable@LuaBridge@@QAEXPAUlua_State@@H@Z
?from_stack@ArgTable@LuaBridge@@QAEXPAUlua_State@@HH@Z
?from_table@ArgTable@LuaBridge@@QAEXPAUlua_State@@H@Z
?getState@LuaBridge@@YAPAUlua_State@@PBD@Z
?multi_ret_arg_result_handler@LuaBridge@@YAXPAUnamed_state_t@1@_NPAX@Z
?processPipeCommands@LuaBridge@@YAHPAUnamed_state_t@1@PAX_N@Z
?push_cell@ArgTable@LuaBridge@@AAEAAV12@PAUarg_cell_t@2@@Z
?serveRemoteState@LuaBridge@@YAHPBD0@Z
?shutdownState@LuaBridge@@YAXPAUnamed_state_t@1@@Z
?size@ArgTable@LuaBridge@@QBEHXZ
?startRemoteState@LuaBridge@@YAHPBD000J@Z
?stateFromState@LuaBridge@@YAPAUlua_State@@PAUnamed_state_t@1@@Z
?waitForState@LuaBridge@@YA_NPBD@Z
luabridge_cancel_state
luabridge_close_state
luabridge_configure_default_context
luabridge_enter_thread_loop
luabridge_eval
luabridge_exec_file
luabridge_finalize
luabridge_find_state
luabridge_get_state_thread
luabridge_init
luabridge_open_classes
luabridge_open_config
luabridge_open_fs
luabridge_open_net
luabridge_open_nsis
luabridge_open_registry
luabridge_open_win32
luabridge_pause_state
luabridge_reset_state
luabridge_resume_state
luabridge_serve_remote_state
luabridge_shutdown_state
luabridge_start_remote_state
luabridge_wait_for_state
luabridge_wnd_proc

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ad845f0e501600b411973770adc7b75

Headers

File Characteristics

PDB Paths

Imports

lua51

kernel32

user32

advapi32

shell32

winmm

msvcrt

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 4KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 4KB

.reloc
Size: 5KB - Virtual size: 4KB