39b447e293979ac7259d4d9a2711c9a0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

39b447e293979ac7259d4d9a2711c9a0_NeikiAnalytics
Size

73KB
MD5

39b447e293979ac7259d4d9a2711c9a0
SHA1

d69b06801a8378e8c9ac8b369cb9e14ef8c8d479
SHA256

b3fea8183670ecf6150325f05aed28dfa27d7c6d2c1007808661f97c27fd7e1e
SHA512

e58759dbbdb26befac455beee8e3ff2d018228e9234cc6865bfef59058c98b1bcc335dfa834aa9de76554a9829081e04a82d8b7a3af20f257f777cf9725d9cc9
SSDEEP

1536:JTruifa/pfBqr0vR2Tjmx1SgoKkatKatQK6+L3t1W:J/i/NBqrcReKvS/Wntz6+R1W

Score

1^/10

Malware Config

Signatures

Files

39b447e293979ac7259d4d9a2711c9a0_NeikiAnalytics
.sys windows:6 windows x64 arch:x64

6861bb50ccb8c153d2a30c72f40720db

Code Sign

0b:e8:6b:7a:40:05:bc:45:b7:e7:bd:88:55:2a:be
Certificate

Issuer

CN=Hyaagedoqyxow

Not Before

20/11/2012, 14:19

Not After

31/12/2039, 23:59

Subject

CN=Hyaagedoqyxow

de:6c:dc:3b:cc:3f:48:84:6d:3b:15:1a:5c:56:0b:0a:4d:90:de:58
Signer

Actual PE Digest

de:6c:dc:3b:cc:3f:48:84:6d:3b:15:1a:5c:56:0b:0a:4d:90:de:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\percent\reserves\brother\shaded\equips\overhears\masses.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
KeGetRecommendedSharedDataAlignment
ExFreePoolWithTag
RtlInitUnicodeString
ExGetPreviousMode
KeReleaseSpinLock
ExInitializeZone
RtlHashUnicodeString
MmIsAddressValid
ZwDeleteKey
KeAcquireSpinLockRaiseToDpc
KeBugCheckEx

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 326B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6861bb50ccb8c153d2a30c72f40720db

Code Sign

0b:e8:6b:7a:40:05:bc:45:b7:e7:bd:88:55:2a:beCertificate

de:6c:dc:3b:cc:3f:48:84:6d:3b:15:1a:5c:56:0b:0a:4d:90:de:58Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 1024B - Virtual size: 528B

.data Size: 1024B - Virtual size: 760B

.pdata Size: 512B - Virtual size: 348B

INIT Size: 1024B - Virtual size: 564B

.reloc Size: 512B - Virtual size: 326B

0b:e8:6b:7a:40:05:bc:45:b7:e7:bd:88:55:2a:be
Certificate

de:6c:dc:3b:cc:3f:48:84:6d:3b:15:1a:5c:56:0b:0a:4d:90:de:58
Signer

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 1024B - Virtual size: 528B

.data
Size: 1024B - Virtual size: 760B

.pdata
Size: 512B - Virtual size: 348B

INIT
Size: 1024B - Virtual size: 564B

.reloc
Size: 512B - Virtual size: 326B