d:\young\httprdr\tdxflt\objfre_win7_amd64\amd64\TdxFlt_amd64.pdb
Static task
static1
1 signatures
General
-
Target
f28307a4bcc01c569ccbec71d27d1bb0_NeikiAnalytics.exe
-
Size
109KB
-
MD5
f28307a4bcc01c569ccbec71d27d1bb0
-
SHA1
127a765248eb73bd6a17027b78ee0aa81d6924f5
-
SHA256
f9aad1e986a7f9ce7dd08546a7f5cb687631d717ad54b197dc68af1686df57f6
-
SHA512
82993a4185ea135152e5c0ff04cc032b0109ca08140167a8acba7d967665fbbcd3b9790b62d54ad8ea271f3ebbcb3cee7cedb98a74fc9a4c5cd2625ee355cc9f
-
SSDEEP
3072:WqoiWYqiElQP1+FxTgcOOCQDibkkG7zIgBLlwY8S4Zdl:TWb3qt+FxMcOOCQDibkkG7sgBLlwY8SI
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f28307a4bcc01c569ccbec71d27d1bb0_NeikiAnalytics.exe
Files
-
f28307a4bcc01c569ccbec71d27d1bb0_NeikiAnalytics.exe.sys windows:6 windows x64 arch:x64
1e2a6650952b75729c4620860ddf7d50
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
RtlInitUnicodeString
KeSetEvent
KeInitializeEvent
ZwClose
KeWaitForSingleObject
ObfDereferenceObject
IoBuildDeviceIoControlRequest
IoGetRelatedDeviceObject
IoFreeMdl
IoCancelIrp
ZwCreateFile
IofCompleteRequest
ObReferenceObjectByHandle
IoFreeIrp
MmProbeAndLockPages
IoAllocateMdl
IofCallDriver
ZwCreateKey
ExReleaseFastMutex
IoRegisterShutdownNotification
RtlUpcaseUnicodeString
RtlAnsiStringToUnicodeString
ExAcquireFastMutex
IoDeleteDevice
RtlAppendUnicodeToString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlGetVersion
ZwSetValueKey
RtlFreeUnicodeString
IoDriverObjectType
ExSystemTimeToLocalTime
ZwQueryValueKey
rand
RtlRandomEx
KeQueryTimeIncrement
srand
RtlAppendUnicodeStringToString
ZwFlushKey
IoCreateSymbolicLink
ObReferenceObjectByName
IoCreateDevice
ZwOpenKey
ExFreePoolWithTag
KeReleaseSpinLock
ExAllocatePool
KeAcquireSpinLockRaiseToDpc
ExAllocatePoolWithTag
ProbeForRead
ProbeForWrite
IoIs32bitProcess
IoDetachDevice
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
IoAttachDeviceToDeviceStack
RtlCompareMemory
PsGetCurrentProcessId
MmIsAddressValid
_strnicmp
strstr
_snprintf
ZwEnumerateKey
ZwFsControlFile
IoAttachDeviceToDeviceStackSafe
ZwQuerySymbolicLinkObject
ZwReadFile
swprintf
RtlEqualUnicodeString
ZwOpenSymbolicLinkObject
ZwSetInformationFile
ObQueryNameString
ZwWaitForSingleObject
PsCreateSystemThread
IoGetDeviceAttachmentBaseRef
IoCreateFileSpecifyDeviceObjectHint
ZwFlushBuffersFile
ZwDeleteFile
RtlCompareUnicodeString
ZwDeviceIoControlFile
RtlCopyUnicodeString
ZwOpenFile
ZwQueryInformationFile
ZwWriteFile
ZwDeleteKey
KeSetPriorityThread
KeSetTimerEx
PsTerminateSystemThread
KeInitializeTimerEx
KeCancelTimer
KeBugCheckEx
RtlAnsiCharToUnicodeChar
__C_specific_handler
Sections
.text Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 936B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 402B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ