66988e8f8e6b4996c277f4615ea31cf0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

66988e8f8e6b4996c277f4615ea31cf0_NeikiAnalytics.exe
Size

88KB
MD5

66988e8f8e6b4996c277f4615ea31cf0
SHA1

be886289675906b5cffb2cbceac6a81a8a43e8a5
SHA256

6fcfc949f010c02851d9890985c2e6316642e466c314d746f1b25e4de58ec614
SHA512

2d30d7a7e3c8ec0477446dc2d213174a88c809359b408cce608ffe6b599c602670e108303e9fca301f9f1d359eda5f7e4de29f5e800a425913fff31805cedac5
SSDEEP

1536:8MxTUWdWSp1zVnTG/mYSirUZnyGaFx9sqOSsI7MF:dkSLz50mYSiWyGatO/I7I

Score

1^/10

Malware Config

Signatures

Files

66988e8f8e6b4996c277f4615ea31cf0_NeikiAnalytics.exe
.sys windows:10 windows x64 arch:x64

c07c9b1f23e4e7dafa545d6409726bb5

Code Sign

69:21:98:19:42:19:bb:b2:4a:5f:7f:8c:f5:f9:18:aa
Certificate

Issuer

CN=WDKTestCert poiso\,133327651793720026

Not Before

02/07/2023, 09:52

Not After

02/07/2033, 00:00

Subject

CN=WDKTestCert poiso\,133327651793720026

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

e0:70:20:ac:3f:d7:05:53:46:75:d1:e1:1d:74:db:af:d9:aa:90:b0:97:df:f0:d0:af:f8:d3:dc:bc:5c:76:2a
Signer

Actual PE Digest

e0:70:20:ac:3f:d7:05:53:46:75:d1:e1:1d:74:db:af:d9:aa:90:b0:97:df:f0:d0:af:f8:d3:dc:bc:5c:76:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\poiso\Desktop\cheat-engine-master\Cheat Engine\bin\Yunicansuckmycock64.pdb

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObUnRegisterCallbacks
ZwClose
ZwOpenKey
ZwQueryValueKey
SeSinglePrivilegeCheck
PsSetCreateProcessNotifyRoutineEx
KeInitializeDpc
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeFlushQueuedDpcs
KeRevertToUserAffinityThreadEx
KeSetSystemAffinityThreadEx
KeQueryActiveProcessors
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
PsGetCurrentProcessId
PsGetCurrentThreadId
KeDelayExecutionThread
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdlEx
PsWrapApcWow64Thread
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
ObReferenceObjectByHandle
ObfDereferenceObject
ObRegisterCallbacks
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
MmGetPhysicalMemoryRanges
MmGetPhysicalAddress
PsSetCreateThreadNotifyRoutine
PsGetProcessId
PsGetThreadProcessId
KeAttachProcess
KeDetachProcess
KeStackAttachProcess
KeUnstackDetachProcess
ExDeleteResourceLite
ObOpenObjectByPointer
ZwAllocateVirtualMemory
KeInitializeApc
KeInsertQueueApc
ZwOpenThread
ZwQueryInformationProcess
PsProcessType
PsThreadType
DbgBreakPointWithStatus
RtlGetVersion
MmGetVirtualForPhysical
PsLookupThreadByThreadId
__C_specific_handler
KeQueryActiveProcessorCount
KeClearEvent
ExAcquireResourceSharedLite
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlGetElementGenericTable
KeReleaseSemaphore
KeInitializeSemaphore
KeWaitForMultipleObjects
ExAcquireFastMutex
ExReleaseFastMutex
MmBuildMdlForNonPagedPool
ZwCreateFile
ZwWriteFile
HalDispatchTable
KeInitializeMutex
KeReleaseMutex
KeSetSystemAffinityThread
KeQueryMaximumProcessorCount
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
PsCreateSystemThread
ZwDeleteFile
ZwWaitForSingleObject
swprintf_s
MmMapIoSpace
MmUnmapIoSpace
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
MmAllocateContiguousMemory
ZwQueryInformationFile
ZwReadFile
RtlUnwind
RtlAnsiCharToUnicodeChar
KeBugCheckEx
ExInitializeResourceLite
RtlCopyUnicodeString
ExFreePoolWithTag
ExAllocatePool
PsLookupProcessByProcessId
RtlInitUnicodeString

wdfldr.sys

WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c07c9b1f23e4e7dafa545d6409726bb5

Code Sign

69:21:98:19:42:19:bb:b2:4a:5f:7f:8c:f5:f9:18:aaCertificate

Extended Key Usages

Key Usages

e0:70:20:ac:3f:d7:05:53:46:75:d1:e1:1d:74:db:af:d9:aa:90:b0:97:df:f0:d0:af:f8:d3:dc:bc:5c:76:2aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 43KB

.pdata Size: 3KB - Virtual size: 2KB

INIT Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 56B

69:21:98:19:42:19:bb:b2:4a:5f:7f:8c:f5:f9:18:aa
Certificate

e0:70:20:ac:3f:d7:05:53:46:75:d1:e1:1d:74:db:af:d9:aa:90:b0:97:df:f0:d0:af:f8:d3:dc:bc:5c:76:2a
Signer

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 43KB

.pdata
Size: 3KB - Virtual size: 2KB

INIT
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 56B