115b3066b2ab98acb66385bd975d2120_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

115b3066b2ab98acb66385bd975d2120_NeikiAnalytics
Size

800KB
MD5

115b3066b2ab98acb66385bd975d2120
SHA1

348224e3080f1becf5799ce1c95bec9a67b79418
SHA256

939047d434d22e8dc4861dc9d69fb70c864e16494d86118d899743e00d7f7ca5
SHA512

c188cc911baedb3a829b07887fb9ab46bbe65309afcf0eabe2a47bb55ebbe3f8a63f63584691edd86d7d8b2876145b50de18d7525a09aea33ffcb93d48ee0ae4
SSDEEP

24576:jb0VsmC0ns9nbc+oZdL91Ql2rvD8hDxnjsdi6x:P0Vu0s9bZk1919vD8BxnwQ6x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
115b3066b2ab98acb66385bd975d2120_NeikiAnalytics

Files

115b3066b2ab98acb66385bd975d2120_NeikiAnalytics
.dll windows:5 windows x86 arch:x86

5e30b7573e71c20ef538846d699dbca0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\container\omaha-updater\omahaInstaller\omaha\scons-out\opt-win\obj\goopdate\goopdate_unsigned.pdb

Imports

iphlpapi

GetIfTable

netapi32

NetApiBufferFree
NetWkstaUserGetInfo
NetWkstaGetInfo

ws2_32

WSAStartup

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOverridePredefKey
GetUserNameW
DuplicateToken
RegQueryValueExW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
AddAce
InitializeAcl
SetNamedSecurityInfoW
RegOpenKeyExW
SetSecurityDescriptorDacl
GetAclInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetAce
GetNamedSecurityInfoW
EqualSid
OpenSCManagerW
OpenServiceW
StartServiceW
ConvertStringSidToSidW
OpenProcessToken
GetTokenInformation
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CloseServiceHandle
OpenThreadToken
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegNotifyChangeKeyValue
ConvertSidToStringSidW
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RevertToSelf
ImpersonateSelf
DuplicateTokenEx
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
RegOpenCurrentUser
StartServiceCtrlDispatcherW
ChangeServiceConfig2W
DeleteService
SetServiceStatus
CreateServiceW
ChangeServiceConfigW
QueryServiceConfig2W
QueryServiceConfigW
RegisterServiceCtrlHandlerW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ImpersonateLoggedOnUser
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyHash
ControlService
QueryServiceStatus

kernel32

GetModuleFileNameW
GetTempPathW
GetCurrentThread
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
GetStringTypeExW
CreateMutexW
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
InterlockedCompareExchange
InterlockedDecrement
GetVersionExW
IsDebuggerPresent
lstrcpynW
ExitProcess
FileTimeToSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetLongPathNameW
CopyFileW
MoveFileExW
GetFileTime
FlushFileBuffers
ReadFile
SetEndOfFile
GetFileSize
CompareFileTime
SetErrorMode
VirtualQuery
GetDiskFreeSpaceExW
GetProcessWorkingSetSize
SetProcessWorkingSetSize
OpenProcess
CreateProcessW
ProcessIdToSessionId
GetSystemPowerStatus
LocalAlloc
VerSetConditionMask
VerifyVersionInfoW
WaitForMultipleObjectsEx
WaitForSingleObjectEx
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ReadProcessMemory
GetUserDefaultLCID
GetLocaleInfoW
GetThreadLocale
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetLogicalDriveStringsW
QueryDosDeviceW
GetProcessShutdownParameters
SetProcessShutdownParameters
GetPrivateProfileSectionNamesW
CreateThread
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
InterlockedIncrement
SetEnvironmentVariableW
SetCurrentDirectoryW
OpenEventW
OpenThread
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedExchange
lstrlenA
GetCommandLineW
QueryPerformanceCounter
GetStringTypeExA
lstrcmpA
WriteConsoleW
GetStdHandle
GetTempFileNameW
SetFilePointerEx
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
DecodePointer
GetCommandLineA
EncodePointer
VirtualProtect
VirtualAlloc
GetSystemInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
HeapCreate
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
RtlUnwind
GetConsoleCP
GetConsoleMode
LCMapStringW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
LoadLibraryA
InterlockedPopEntrySList
VirtualFree
InterlockedPushEntrySList
GlobalHandle
MulDiv
FormatMessageA
CreateTimerQueue
DeleteTimerQueueEx
GetProcessTimes
GetComputerNameExW
GetUserDefaultLangID
GetSystemDefaultLangID
WritePrivateProfileStringW
FlushInstructionCache
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
GetSystemTime
UnregisterWait
ReleaseSemaphore
CreateSemaphoreW
QueryPerformanceFrequency
GetFileSizeEx
UnregisterWaitEx
RegisterWaitForSingleObject
QueueUserWorkItem
FreeLibrary
FindClose
FormatMessageW
GetEnvironmentVariableW
OpenMutexW
DuplicateHandle
GetCurrentProcess
GetExitCodeProcess
GetProcAddress
LoadLibraryW
WaitForMultipleObjects
GetTickCount
RemoveDirectoryW
GetFileAttributesW
FindNextFileW
DeleteFileW
FindFirstFileW
CreateDirectoryW
LocalFree
GetCurrentDirectoryW
GetModuleHandleW
lstrcmpiW
WaitForSingleObject
SetFilePointer
lstrcmpW
WriteFile
SetLastError
CreateFileW
ReleaseMutex
CloseHandle
Sleep
OutputDebugStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
OutputDebugStringA
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
RaiseException
GetLastError
CompareStringW
SetEnvironmentVariableA
DeleteTimerQueueTimer
CreateTimerQueueTimer

ole32

CoImpersonateClient
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoSuspendClassObjects
CoAddRefServerProcess
CoRevertToSelf
CoRevokeClassObject
CoResumeClassObjects
CoRegisterClassObject
CoRegisterPSClsid
CoSetProxyBlanket
ReadClassStm
WriteClassStm
OleSaveToStream
CoGetCallContext
CoGetObject
CoTaskMemFree
CoCreateInstance
IIDFromString
StringFromGUID2
CoInitializeSecurity
CoCreateGuid
CreateStreamOnHGlobal
OleUninitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoReleaseServerProcess
OleInitialize
CoTaskMemRealloc

user32

CharNextW
PostThreadMessageW
PostMessageW
SendMessageW
LoadImageW
LoadStringW
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
CloseClipboard
SetClipboardData
IsWindow
CharLowerBuffA
CharNextA
UnregisterClassA
GetSystemMetrics
PtInRect
DrawTextW
SetCursor
GetCursorPos
GetDlgCtrlID
SetLayeredWindowAttributes
DestroyIcon
EnableMenuItem
GetSystemMenu
EnableWindow
ShowWindow
CreateDialogIndirectParamW
EmptyClipboard
OpenClipboard
FlashWindow
wsprintfW
MessageBoxW
CharLowerBuffW
CharUpperW
CharLowerW
DestroyWindow
AllowSetForegroundWindow
DispatchMessageW
TranslateMessage
PostQuitMessage
GetMessageW
PeekMessageW
SetForegroundWindow
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
CreateWindowExW
wvsprintfW
EndDialog
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
IsChild
GetFocus
SetFocus
GetClassNameW
GetSysColor
RedrawWindow
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
InvalidateRect
GetDesktopWindow
DestroyAcceleratorTable
SendDlgItemMessageW
MapDialogRect
SetWindowContextHelpId
SetWindowTextW
IsDialogMessageW
ReleaseDC
GetDC
EndPaint
BeginPaint
GetDlgItem
CallWindowProcW
DefWindowProcW
LoadCursorW
GetClassInfoExW
RegisterClassExW
WaitForInputIdle
SetWindowLongW
KillTimer
SetTimer

comctl32

InitCommonControlsEx

crypt32

CryptDecodeObject
CryptQueryObject
CryptMsgGetParam
CertDuplicateCertificateContext
CryptMsgClose
CertGetNameStringW
CertEnumCertificatesInStore
CertFreeCertificateContext
CryptUnprotectData
CertCloseStore
CryptProtectData

msi

ord190
ord141
ord88

wintrust

WinVerifyTrust

gdi32

CreateSolidBrush
GetStockObject
GetObjectW
GetDeviceCaps
BitBlt
CreateCompatibleDC
DeleteObject
DeleteDC
SelectObject
CreateCompatibleBitmap
GetTextMetricsW
GetTextExtentExPointW
SetDCPenColor
MoveToEx
LineTo
CreateFontIndirectW
SetBkMode
SetTextColor

Exports

Exports

DllEntry

Sections

.text
Size: 550KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5e30b7573e71c20ef538846d699dbca0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

netapi32

ws2_32

advapi32

kernel32

ole32

user32

comctl32

crypt32

msi

wintrust

gdi32

Exports

Exports

Sections

.text Size: 550KB - Virtual size: 549KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 21KB - Virtual size: 34KB

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 43KB - Virtual size: 42KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 550KB - Virtual size: 549KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 21KB - Virtual size: 34KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 43KB - Virtual size: 42KB

.rmnet
Size: 56KB - Virtual size: 60KB