f:\projects\mxproj~1\mxdriver\debug\amd64\MxDriver.pdb
Static task
static1
1 signatures
General
-
Target
062f9ce9bd5d1a10995236beb1ddbfa0_NeikiAnalytics
-
Size
346KB
-
MD5
062f9ce9bd5d1a10995236beb1ddbfa0
-
SHA1
47687af6c487c5055d4ca3fb661af669c847e3c1
-
SHA256
d6206b8304d572e97a9327b2df7c3317dbdb2f8050936f2da728c1bf768e4c73
-
SHA512
19b4dd3995e1312a8592b096acd03836036345653e25a2c9724f0a410d62627f29377eccbac96d1d478bebeac9698c73e357fde85ce0406d7d409cb2cca66458
-
SSDEEP
6144:L6MZoQ+NkWUi51CYN3YdLMs2pAnh/aSpDaTeroEmD5nm:WlQ+rFCYgAs2GkSFm9nm
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 062f9ce9bd5d1a10995236beb1ddbfa0_NeikiAnalytics
Files
-
062f9ce9bd5d1a10995236beb1ddbfa0_NeikiAnalytics.sys windows:6 windows x64 arch:x64
c902df13411389b898e1518ae0e3e80a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
KeInitializeEvent
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
PsRemoveLoadImageNotifyRoutine
KeWaitForSingleObject
ExFreePoolWithTag
ZwOpenProcess
ZwAllocateVirtualMemory
ZwClose
KeStackAttachProcess
KeUnstackDetachProcess
ExAllocatePool
KeInitializeApc
KeInsertQueueApc
RtlUnicodeStringToAnsiString
strncpy
RtlFreeAnsiString
IoGetCurrentProcess
PsGetCurrentProcessId
ExQueueWorkItem
PsGetProcessImageFileName
IoIs32bitProcess
_stricmp
FsRtlIsNameInExpression
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
ZwOpenKey
wcsncpy
ZwSetValueKey
strstr
KeInitializeMutex
KeReleaseMutex
MmGetSystemRoutineAddress
_wcsnicmp
wcsncmp
ObOpenObjectByPointer
PsLookupProcessByProcessId
ObfDereferenceObject
RtlInitAnsiString
ZwTerminateProcess
RtlFormatCurrentUserKeyPath
ZwFreeVirtualMemory
MmIsAddressValid
ObQueryNameString
ZwCreateKey
ObReferenceObjectByHandle
ZwDeleteKey
CmRegisterCallback
CmUnRegisterCallback
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
KeBugCheckEx
RtlCopyUnicodeString
ExAllocatePoolWithTag
DbgPrint
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
swprintf
RtlAssert
IofCompleteRequest
ZwQueryValueKey
KeSetEvent
__C_specific_handler
fltmgr.sys
FltSetInformationFile
FltGetDestinationFileNameInformation
FltReleaseFileNameInformation
FltParseFileNameInformation
FltGetFileNameInformation
FltUnregisterFilter
FltCloseCommunicationPort
FltStartFiltering
FltFreeSecurityDescriptor
FltCreateCommunicationPort
FltBuildDefaultSecurityDescriptor
FltRegisterFilter
FltCloseClientPort
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 152KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 84B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ