6c5871a7e0a3a8e1ab3bc8ca59f4b180_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6c5871a7e0a3a8e1ab3bc8ca59f4b180_NeikiAnalytics.exe
Size

306KB
MD5

6c5871a7e0a3a8e1ab3bc8ca59f4b180
SHA1

79ebee2ff325b4f4c1932ea8ef11f121780dec31
SHA256

709f22ee8db916265fe8f3e45d8a69672962cbd0f192df9cc6aa787913409ef2
SHA512

5397efd0178a09a9a34656ded914317102647fb9e144f3a331cccfcafb436706999cce331e33cfbbe6f7a5789354c3c302d4eafe4fcd859bd0b4c1182e3e51f3
SSDEEP

3072:ucvqTYs9mJPLlcZ3oOJryy9L9fbMZuo+mMswVaNAY3UgZDPfF:uvmJycy9L9XsdUE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c5871a7e0a3a8e1ab3bc8ca59f4b180_NeikiAnalytics.exe

Files

6c5871a7e0a3a8e1ab3bc8ca59f4b180_NeikiAnalytics.exe
.dll .vbs regsvr32 windows:5 windows x86 arch:x86 polyglot

a8d45f01ac48bceee91c2a0c9ed111d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 173B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 402B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ