E:\code\homepage\pluginstall\pdb\xadfilter.pdb
Static task
static1
1 signatures
General
-
Target
28f0ed82f47cba957907885d8e728e90_NeikiAnalytics.exe
-
Size
29KB
-
MD5
28f0ed82f47cba957907885d8e728e90
-
SHA1
f70c9e4fed41030971ea0522b99024c5426f3660
-
SHA256
fc603fbfd6a0fa2722087bf809d9ac454f6aa81c92e26e9ee7f91e4d335c5cf3
-
SHA512
dad47366f719f3a84e2d6e7cb4c53a7ea10ba9adfafe74311bf949574cb204eda78fa6214d293d08d8bdf22dc2fabebc6c1794b7c21cee6f7d6b690a8ac5dab2
-
SSDEEP
384:ZtSozUsrct8nS1uW0W1WzrlMRk51rQEFOuKhT1ld9ZSp4t8KXKUiJ:Z1U78Sws1Wzrr5+EFOtDS2Y
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 28f0ed82f47cba957907885d8e728e90_NeikiAnalytics.exe
Files
-
28f0ed82f47cba957907885d8e728e90_NeikiAnalytics.exe.sys windows:5 windows x86 arch:x86
358657500706324dee236735134e1ed2
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_wcslwr
wcsstr
memset
IofCompleteRequest
PsGetCurrentProcessId
ObfDereferenceObject
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeWaitForSingleObject
MmIsAddressValid
KeInitializeTimerEx
KeSetEvent
KeInitializeEvent
IoFreeMdl
IoFileObjectType
ExAllocatePool
KeGetCurrentThread
IoFreeIrp
IoAllocateIrp
IoAllocateMdl
IofCallDriver
wcscat
ZwCreateKey
_wcsnicmp
ZwReadFile
IoGetRelatedDeviceObject
RtlIntegerToUnicodeString
wcsncpy
RtlAppendUnicodeToString
IoCreateFile
RtlUnicodeStringToAnsiString
ZwSetValueKey
wcslen
ZwSetInformationFile
KeQuerySystemTime
wcsrchr
ZwClose
RtlAppendUnicodeStringToString
RtlRandom
ObReferenceObjectByHandle
RtlFreeAnsiString
RtlCopyUnicodeString
ZwQueryInformationFile
ZwDeleteKey
wcscpy
ZwEnumerateKey
RtlInitUnicodeString
ZwOpenKey
KeSetTimerEx
MmHighestUserAddress
DbgPrint
MmGetSystemRoutineAddress
PsGetVersion
ExQueueWorkItem
ExAcquireResourceExclusiveLite
ProbeForRead
PsSetLoadImageNotifyRoutine
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
KeDetachProcess
ExAcquireResourceSharedLite
ExReleaseResourceLite
PsRemoveLoadImageNotifyRoutine
KeAttachProcess
ZwQueryInformationProcess
ExInitializeResourceLite
ObOpenObjectByPointer
ZwAllocateVirtualMemory
_vsnprintf
RtlQueryRegistryValues
wcsncat
ZwQueryValueKey
ZwWriteFile
IoBuildDeviceIoControlRequest
ZwCreateFile
MmProbeAndLockPages
IoThreadToProcess
IoGetCurrentProcess
IoCreateDevice
PsGetProcessId
strlen
KeSetPriorityThread
strstr
PsCreateSystemThread
_vsnwprintf
IoCreateSymbolicLink
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryKey
memcpy
_allmul
_except_handler3
hal
KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ