C:\Users\erand\Dropbox\Dev\ag.v66\Libraries\VMRuntime\obj\Trial\AgileDotNet.VMRuntime.pdb
Behavioral task
behavioral1
Sample
7f66c167aa0a25bbd9b34420ff906fd0_NeikiAnalytics.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
7f66c167aa0a25bbd9b34420ff906fd0_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
General
-
Target
7f66c167aa0a25bbd9b34420ff906fd0_NeikiAnalytics.exe
-
Size
50KB
-
MD5
7f66c167aa0a25bbd9b34420ff906fd0
-
SHA1
46c04bfac4fa4897a3646174189b17e6d5dd71b1
-
SHA256
01f9e6283ab033c1e7ce532cabab09997ef0e8fbdaafae7bbcfa8cb7aa5ffac5
-
SHA512
f8a49189e96ab94d016fb7e1798827e30b1a3e6319ccc6884a0fd1b1a7117b561141635ff9cd1164a0f674e89462535bb73e5879de4264e64d9a13ac359fb742
-
SSDEEP
768:t4gOx89NGERw2A11HI+bFK603JLw8MdErkRDdcFAq+sLJh+eUWhs:tDGB2KHIwoK9RDdcyq5/+RWhs
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 7f66c167aa0a25bbd9b34420ff906fd0_NeikiAnalytics.exe
Files
-
7f66c167aa0a25bbd9b34420ff906fd0_NeikiAnalytics.exe.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ