E:\code\homepage\pluginstall\pdb\xadfilter.pdb
Static task
static1
1 signatures
General
-
Target
5034b2f5f1e597ceaf81ad7140eea4d0_NeikiAnalytics.exe
-
Size
29KB
-
MD5
5034b2f5f1e597ceaf81ad7140eea4d0
-
SHA1
cf3d25e352a3b243db454a718e06eb4ae5ba7258
-
SHA256
42f53932946ec4cc6bd39b7c9a2dfbd019eba67e93f7aff2a3c2495ebf2b16ee
-
SHA512
818f0e03efd139036736f4264d715f9dd7a79f512f4658ba74b58f4d6d7f4ab16d24cf88c6f46ffe06f4eedb6d37aa65b444a449fbdbfc55d045f36f4e2d0608
-
SSDEEP
384:ZtTozUsrct8nS1uW0W1WzrlMRk51rQE4OuKhT1ld9ZSp4t8KXKUiJ:ZMU78Sws1Wzrr5+E4OtDS2Y
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5034b2f5f1e597ceaf81ad7140eea4d0_NeikiAnalytics.exe
Files
-
5034b2f5f1e597ceaf81ad7140eea4d0_NeikiAnalytics.exe.sys windows:5 windows x86 arch:x86
358657500706324dee236735134e1ed2
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_wcslwr
wcsstr
memset
IofCompleteRequest
PsGetCurrentProcessId
ObfDereferenceObject
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeWaitForSingleObject
MmIsAddressValid
KeInitializeTimerEx
KeSetEvent
KeInitializeEvent
IoFreeMdl
IoFileObjectType
ExAllocatePool
KeGetCurrentThread
IoFreeIrp
IoAllocateIrp
IoAllocateMdl
IofCallDriver
wcscat
ZwCreateKey
_wcsnicmp
ZwReadFile
IoGetRelatedDeviceObject
RtlIntegerToUnicodeString
wcsncpy
RtlAppendUnicodeToString
IoCreateFile
RtlUnicodeStringToAnsiString
ZwSetValueKey
wcslen
ZwSetInformationFile
KeQuerySystemTime
wcsrchr
ZwClose
RtlAppendUnicodeStringToString
RtlRandom
ObReferenceObjectByHandle
RtlFreeAnsiString
RtlCopyUnicodeString
ZwQueryInformationFile
ZwDeleteKey
wcscpy
ZwEnumerateKey
RtlInitUnicodeString
ZwOpenKey
KeSetTimerEx
MmHighestUserAddress
DbgPrint
MmGetSystemRoutineAddress
PsGetVersion
ExQueueWorkItem
ExAcquireResourceExclusiveLite
ProbeForRead
PsSetLoadImageNotifyRoutine
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
KeDetachProcess
ExAcquireResourceSharedLite
ExReleaseResourceLite
PsRemoveLoadImageNotifyRoutine
KeAttachProcess
ZwQueryInformationProcess
ExInitializeResourceLite
ObOpenObjectByPointer
ZwAllocateVirtualMemory
_vsnprintf
RtlQueryRegistryValues
wcsncat
ZwQueryValueKey
ZwWriteFile
IoBuildDeviceIoControlRequest
ZwCreateFile
MmProbeAndLockPages
IoThreadToProcess
IoGetCurrentProcess
IoCreateDevice
PsGetProcessId
strlen
KeSetPriorityThread
strstr
PsCreateSystemThread
_vsnwprintf
IoCreateSymbolicLink
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryKey
memcpy
_allmul
_except_handler3
hal
KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ