E:\code\homepage\pluginstall\pdb\xadfilter.pdb
Static task
static1
1 signatures
General
-
Target
60fb66e1ccd2286bc04363e2ca871490_NeikiAnalytics.exe
-
Size
29KB
-
MD5
60fb66e1ccd2286bc04363e2ca871490
-
SHA1
b9045f93aecbcdd957041885240963750c128712
-
SHA256
1dc3d743188ad92398b098ce6164f94b74b60aedbee462704c0698d81bc8eee7
-
SHA512
2300def6fcb3545d7339c04a49c74677fe60751f349dab9882e76ba963e3aa8b9fc9942ce6d61396cf886a0b70aafdd97f588aff9857ba60655265e525102a7f
-
SSDEEP
384:ZtJozUsrct8nS1uW0W1WzrlMRk51rQEEOuKhT1ld9ZSp4t8KXKUiJ:ZSU78Sws1Wzrr5+EEOtDS2Y
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 60fb66e1ccd2286bc04363e2ca871490_NeikiAnalytics.exe
Files
-
60fb66e1ccd2286bc04363e2ca871490_NeikiAnalytics.exe.sys windows:5 windows x86 arch:x86
358657500706324dee236735134e1ed2
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_wcslwr
wcsstr
memset
IofCompleteRequest
PsGetCurrentProcessId
ObfDereferenceObject
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeWaitForSingleObject
MmIsAddressValid
KeInitializeTimerEx
KeSetEvent
KeInitializeEvent
IoFreeMdl
IoFileObjectType
ExAllocatePool
KeGetCurrentThread
IoFreeIrp
IoAllocateIrp
IoAllocateMdl
IofCallDriver
wcscat
ZwCreateKey
_wcsnicmp
ZwReadFile
IoGetRelatedDeviceObject
RtlIntegerToUnicodeString
wcsncpy
RtlAppendUnicodeToString
IoCreateFile
RtlUnicodeStringToAnsiString
ZwSetValueKey
wcslen
ZwSetInformationFile
KeQuerySystemTime
wcsrchr
ZwClose
RtlAppendUnicodeStringToString
RtlRandom
ObReferenceObjectByHandle
RtlFreeAnsiString
RtlCopyUnicodeString
ZwQueryInformationFile
ZwDeleteKey
wcscpy
ZwEnumerateKey
RtlInitUnicodeString
ZwOpenKey
KeSetTimerEx
MmHighestUserAddress
DbgPrint
MmGetSystemRoutineAddress
PsGetVersion
ExQueueWorkItem
ExAcquireResourceExclusiveLite
ProbeForRead
PsSetLoadImageNotifyRoutine
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
KeDetachProcess
ExAcquireResourceSharedLite
ExReleaseResourceLite
PsRemoveLoadImageNotifyRoutine
KeAttachProcess
ZwQueryInformationProcess
ExInitializeResourceLite
ObOpenObjectByPointer
ZwAllocateVirtualMemory
_vsnprintf
RtlQueryRegistryValues
wcsncat
ZwQueryValueKey
ZwWriteFile
IoBuildDeviceIoControlRequest
ZwCreateFile
MmProbeAndLockPages
IoThreadToProcess
IoGetCurrentProcess
IoCreateDevice
PsGetProcessId
strlen
KeSetPriorityThread
strstr
PsCreateSystemThread
_vsnwprintf
IoCreateSymbolicLink
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryKey
memcpy
_allmul
_except_handler3
hal
KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ