E:\code\homepage\pluginstall\pdb\xadfilter.pdb
Static task
static1
1 signatures
General
-
Target
13cd9b4503d4f5a3e6d77d5609fa9490_NeikiAnalytics.exe
-
Size
29KB
-
MD5
13cd9b4503d4f5a3e6d77d5609fa9490
-
SHA1
41df6305155a3fc37cca33d683c0119a219b8765
-
SHA256
0088c074195d98f13de28bed7dde38af21d19aa5aea6bb78515f7f70e3dafbcf
-
SHA512
6f6d0c59edba15367b9417be8fdb10bd9a9c8c184e12c6230c469f4b781c227f00133184e81e2449ef481fd5004e5d4bd78a6f59afca67c33c9c3a052c06a42b
-
SSDEEP
384:ZtNozUsrct8nS1uW0W1WzrlMRk51rQEiOuKhT1ld9ZSp4t8KXKUiJ:ZaU78Sws1Wzrr5+EiOtDS2Y
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 13cd9b4503d4f5a3e6d77d5609fa9490_NeikiAnalytics.exe
Files
-
13cd9b4503d4f5a3e6d77d5609fa9490_NeikiAnalytics.exe.sys windows:5 windows x86 arch:x86
358657500706324dee236735134e1ed2
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_wcslwr
wcsstr
memset
IofCompleteRequest
PsGetCurrentProcessId
ObfDereferenceObject
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeWaitForSingleObject
MmIsAddressValid
KeInitializeTimerEx
KeSetEvent
KeInitializeEvent
IoFreeMdl
IoFileObjectType
ExAllocatePool
KeGetCurrentThread
IoFreeIrp
IoAllocateIrp
IoAllocateMdl
IofCallDriver
wcscat
ZwCreateKey
_wcsnicmp
ZwReadFile
IoGetRelatedDeviceObject
RtlIntegerToUnicodeString
wcsncpy
RtlAppendUnicodeToString
IoCreateFile
RtlUnicodeStringToAnsiString
ZwSetValueKey
wcslen
ZwSetInformationFile
KeQuerySystemTime
wcsrchr
ZwClose
RtlAppendUnicodeStringToString
RtlRandom
ObReferenceObjectByHandle
RtlFreeAnsiString
RtlCopyUnicodeString
ZwQueryInformationFile
ZwDeleteKey
wcscpy
ZwEnumerateKey
RtlInitUnicodeString
ZwOpenKey
KeSetTimerEx
MmHighestUserAddress
DbgPrint
MmGetSystemRoutineAddress
PsGetVersion
ExQueueWorkItem
ExAcquireResourceExclusiveLite
ProbeForRead
PsSetLoadImageNotifyRoutine
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
KeDetachProcess
ExAcquireResourceSharedLite
ExReleaseResourceLite
PsRemoveLoadImageNotifyRoutine
KeAttachProcess
ZwQueryInformationProcess
ExInitializeResourceLite
ObOpenObjectByPointer
ZwAllocateVirtualMemory
_vsnprintf
RtlQueryRegistryValues
wcsncat
ZwQueryValueKey
ZwWriteFile
IoBuildDeviceIoControlRequest
ZwCreateFile
MmProbeAndLockPages
IoThreadToProcess
IoGetCurrentProcess
IoCreateDevice
PsGetProcessId
strlen
KeSetPriorityThread
strstr
PsCreateSystemThread
_vsnwprintf
IoCreateSymbolicLink
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryKey
memcpy
_allmul
_except_handler3
hal
KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ