a73dd3907b1a5ed7f312432eafe8f210_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a73dd3907b1a5ed7f312432eafe8f210_NeikiAnalytics.exe
Size

13KB
MD5

a73dd3907b1a5ed7f312432eafe8f210
SHA1

1f90a53d17454f33a61be0bf681e04c025b85856
SHA256

604cbea4146f24f7d57adf4c05b42dab2e916aa5c991a58101f1df209922c863
SHA512

43c01f4cb6e1a2a9147e7444ca8273e048f3a00d991d41c5ac4cf1c882729d2f9365995f9e33e31389d881787a9ec3b0436044ef99c7bb53831ab36d9b616879
SSDEEP

192:Pvz3I616n76XghCbrmMvG2Sja0YcpmRtuTFacaKf0:DxoH8KDa05YiFacaK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a73dd3907b1a5ed7f312432eafe8f210_NeikiAnalytics.exe

Files

a73dd3907b1a5ed7f312432eafe8f210_NeikiAnalytics.exe
.sys windows:10 windows x64 arch:x64

ade653808f6a338d2a37a5d25eb2d606

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\JieNiGui_Driver\JieNiGui_Driver.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlEqualUnicodeString
RtlFreeUnicodeString
DbgPrint
ExAllocatePool
ExFreePoolWithTag
ProbeForRead
ProbeForWrite
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
MmCreateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
ObfDereferenceObject
ZwClose
MmIsAddressValid
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
PsGetProcessWow64Process
PsGetProcessPeb
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
IoAllocateIrp
IofCallDriver
IoCreateFile
IoFreeIrp
ObReferenceObjectByHandle
IoGetFileObjectGenericMapping
SeCreateAccessState
ObCreateObject
IoFileObjectType
ObRegisterCallbacks
ObUnRegisterCallbacks
PsGetProcessId
PsProcessType
__C_specific_handler

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ade653808f6a338d2a37a5d25eb2d606

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 32B

.pdata Size: 512B - Virtual size: 312B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 32B

.pdata
Size: 512B - Virtual size: 312B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 20B