6e728f619dffba5314218d8294422780_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6e728f619dffba5314218d8294422780_NeikiAnalytics.exe
Size

653KB
MD5

6e728f619dffba5314218d8294422780
SHA1

3e6fbc425aa9e9821a66dda9a2fb70bc3f8db2d6
SHA256

c08893ded20b49a27bd7bc7c85b11707d394e5f9263603ad8b2ff7702827e4b3
SHA512

5c6f9ad9eea76b7a4d7e18412328fe4608df018d081aadf6858488f8d7cb2bb8e36f98a8815461393edf5165444caa6370b407f7355c61151efce06d547e753f
SSDEEP

12288:W3MtjLW2Oil3Fcx+ZK65LaRwume4r0yIL/avH4C+rnk+ZrzZ9VV5yl2lcnYQ:W8AvA3Fcx+Z1Q/me4r0/rSctrF9VV5y4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e728f619dffba5314218d8294422780_NeikiAnalytics.exe

Files

6e728f619dffba5314218d8294422780_NeikiAnalytics.exe
.dll regsvr32 windows:4 windows x86 arch:x86

aa99c9dffd770edd25e2d6fcbd292a10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mfc42

ord6805

msvcrt

_ftol

user32

GetForegroundWindow

gdi32

DeleteDC

advapi32

AdjustTokenPrivileges

shell32

SHGetPathFromIDListW

ole32

CoSetProxyBlanket

oleaut32

SysFreeString

version

GetFileVersionInfoSizeA

ws2_32

htonl

winmm

timeGetTime

imm32

ImmInstallIMEA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 596KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE