90b840edb35f54120d6d7c362d131310_NeikiAnalytics[.]exe

General

Target

90b840edb35f54120d6d7c362d131310_NeikiAnalytics.exe
Size

61KB
MD5

90b840edb35f54120d6d7c362d131310
SHA1

dafe2f877529e705011f247f4020754164907186
SHA256

f8a832866c78b43a50facaf7445c4a6634baa06b5d660962315c1a0b198c1d63
SHA512

dd40e522e9bb57f28e6b32012f066969bde8354df01f4bbd8301c5ebb1d094cd7775d444bc9c45c1a2ca9f913df0d19af909c9dd779eff463b93a7e5566aa2d6
SSDEEP

1536:UpGxo4lrkAjt5v7DzH2pVrlCZ5dmbZw86H:2GTlrRZ9DqVrlG5IsH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
90b840edb35f54120d6d7c362d131310_NeikiAnalytics.exe

Files

90b840edb35f54120d6d7c362d131310_NeikiAnalytics.exe
.sys windows:6 windows x86 arch:x86

281287d692283275d8dc40f5c42adac6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

ntoskrnl.exe

tolower
ZwClose
ZwCreateFile
RtlInitUnicodeString
swprintf
ZwWriteFile
ObfDereferenceObject
ObReferenceObjectByHandle
MmIsAddressValid
IoGetCurrentProcess
PsGetCurrentProcessId
MmGetSystemRoutineAddress
memcpy
KeDetachProcess
KeAttachProcess
PsGetVersion
ExFreePoolWithTag
ZwQuerySystemInformation
ExAllocatePoolWithTag
memset
ZwReadFile
ZwQueryInformationFile
ZwOpenFile
_wcsicmp
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
strrchr
RtlCompareUnicodeString
KeServiceDescriptorTable
KeAddSystemServiceTable
ZwOpenDirectoryObject
KeTickCount
KeBugCheckEx
RtlUnwind

Sections

Xkh_Kx5U
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

9L@^Dj\9
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

T58/?G<j
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qj%)Kcjr
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

n?X"y;AZ
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

;AcdUC>$
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

281287d692283275d8dc40f5c42adac6

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

Xkh_Kx5U Size: 6KB - Virtual size: 5KB

9L@^Dj\9 Size: 512B - Virtual size: 404B

T58/?G<j Size: 512B - Virtual size: 1KB

qj%)Kcjr Size: 7KB - Virtual size: 7KB

n?X"y;AZ Size: 43KB - Virtual size: 42KB

;AcdUC>$ Size: 2KB - Virtual size: 2KB

Xkh_Kx5U
Size: 6KB - Virtual size: 5KB

9L@^Dj\9
Size: 512B - Virtual size: 404B

T58/?G<j
Size: 512B - Virtual size: 1KB

qj%)Kcjr
Size: 7KB - Virtual size: 7KB

n?X"y;AZ
Size: 43KB - Virtual size: 42KB

;AcdUC>$
Size: 2KB - Virtual size: 2KB