F:\Study\hidden-master\x64\Debug\Hidden.pdb
Static task
static1
1 signatures
General
-
Target
af4127ee336a89d17d154f733fa63fe0_NeikiAnalytics
-
Size
515KB
-
MD5
af4127ee336a89d17d154f733fa63fe0
-
SHA1
8213a0cf7848d5f9b5b3c2ac343be37349d1464b
-
SHA256
ecdaaa2771403c3fcf7fabc7a3c5ce51a8178afd9f2b1b1bd6b5f206cd7587ac
-
SHA512
bb5367c00095b1338295be88ea844438541cfe02ed89eff152dd6907b12e442f42224f3dce316199f518185b87f5ec364ae07d0a855dbced59db10eac6c4bbb0
-
SSDEEP
6144:cXhG84XXOptt4rBdY8CO/rZgkyZkRzleFeorqrldqw:cXhGnXWO/1gkyeR
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource af4127ee336a89d17d154f733fa63fe0_NeikiAnalytics
Files
-
af4127ee336a89d17d154f733fa63fe0_NeikiAnalytics.sys windows:10 windows x64 arch:x64
6aad888fa545de3df9401ee4380a4322
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
fltmgr.sys
FltUnregisterFilter
FltStartFiltering
FltGetFileNameInformation
FltReleaseFileNameInformation
FltRegisterFilter
ntoskrnl.exe
RtlInitUnicodeString
DbgPrintEx
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwClose
ZwOpenKey
ZwQueryValueKey
PsGetCurrentProcessId
PsGetCurrentThreadId
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
__C_specific_handler
RtlAppendUnicodeStringToString
RtlGetVersion
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlPrefixUnicodeString
ZwQuerySystemInformation
ZwQueryInformationProcess
IoGetCurrentProcess
MmIsAddressValid
PsGetProcessId
PsLookupProcessByProcessId
RtlCompareUnicodeString
RtlEqualUnicodeString
KeInitializeEvent
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
ExAcquireFastMutex
ExReleaseFastMutex
ObfDereferenceObject
ObRegisterCallbacks
ObUnRegisterCallbacks
PsSetCreateProcessNotifyRoutineEx
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsGetThreadId
PsGetThreadProcessId
ZwOpenProcess
ExEnumHandleTable
ExfUnblockPushLock
PsProcessType
PsThreadType
RtlCopyUnicodeString
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
ObfReferenceObject
RtlLookupElementGenericTableAvl
CmUnRegisterCallback
CmRegisterCallbackEx
CmCallbackGetKeyObjectID
ZwEnumerateKey
ZwEnumerateValueKey
ObOpenObjectByPointer
_vsnwprintf
_local_unwind
CmKeyObjectType
RtlAssert
ExAllocatePoolWithQuotaTag
KeBugCheckEx
Sections
.text Size: 152KB - Virtual size: 152KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 345KB - Virtual size: 345KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ