d:\projects\usb2serial\sourcetobuild\bbubus\objfre_w2k_x86\i386\BbUBus34.pdb
Static task
static1
1 signatures
General
-
Target
6429c5d0fa773eb872eca75a03e49550_NeikiAnalytics.exe
-
Size
154KB
-
MD5
6429c5d0fa773eb872eca75a03e49550
-
SHA1
556880e4b3a75fc5efca2c23ec9e0e81689947c2
-
SHA256
cfee1c85c859a5dd82e3339ffe35037d223ad2e430de7719cee7791246110f44
-
SHA512
d5e2a7e08caf2b23a73905ec93468dbd1d9cb437b2e0efcad23022aac3c5965d73bf97291126b2be6fc486bd7255d6e3a34d19cf0be3e1d2f5e92f845701cf19
-
SSDEEP
3072:fEp9EGJpNrjhiIuW5m2SIn12qgVNxXM4/IQGkisUuE1ERH:fGd02Vn1RibXMgIQGk
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6429c5d0fa773eb872eca75a03e49550_NeikiAnalytics.exe
Files
-
6429c5d0fa773eb872eca75a03e49550_NeikiAnalytics.exe.sys windows:6 windows x86 arch:x86
2261aa07cfb973f79766e414884488e0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeBugCheckEx
InterlockedDecrement
KeGetCurrentThread
ExAllocatePoolWithTag
memset
ExFreePool
KeInitializeSpinLock
RtlUnicodeStringToAnsiString
RtlEqualUnicodeString
RtlCompareMemory
RtlIntegerToUnicodeString
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlInitAnsiString
RtlInitUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
IoWMIWriteEvent
MmGetSystemRoutineAddress
IoWMIRegistrationControl
IofCallDriver
IofCompleteRequest
_alldiv
_allmul
vsprintf
PsTerminateSystemThread
KeWaitForMultipleObjects
ZwClose
ObfDereferenceObject
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
KeSetEvent
KeClearEvent
DbgBreakPoint
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
IoFreeWorkItem
KeSetPriorityThread
IoAllocateWorkItem
IoIsWdmVersionAvailable
KeTickCount
PoCallDriver
IoFreeIrp
IoCancelIrp
IoAllocateIrp
KeResetEvent
IoBuildDeviceIoControlRequest
ZwDeleteKey
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlWriteRegistryValue
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoOpenDeviceRegistryKey
PoStartNextPowerIrp
IoCreateSymbolicLink
IoDeleteSymbolicLink
PoRequestPowerIrp
PoSetPowerState
ObfReferenceObject
MmMapIoSpace
MmUnmapIoSpace
KeInitializeDpc
IoAttachDeviceToDeviceStack
IoDetachDevice
KeCancelTimer
KeSetTimer
KeInitializeTimer
IoDeleteDevice
IoCreateDevice
RtlGUIDFromString
InterlockedCompareExchange
_purecall
IoGetDeviceProperty
RtlUnicodeStringToInteger
DbgPrint
KeReleaseMutex
InterlockedIncrement
InterlockedExchange
KeDelayExecutionThread
KeWaitForSingleObject
KeInitializeMutex
IoQueueWorkItem
memcpy
IoReleaseCancelSpinLock
ExUnregisterCallback
ExNotifyCallback
ExRegisterCallback
ExCreateCallback
hal
KeQueryPerformanceCounter
KfReleaseSpinLock
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
KfAcquireSpinLock
wmilib.sys
WmiSystemControl
WmiCompleteRequest
usbd.sys
_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8
Sections
.text Size: 134KB - Virtual size: 134KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 1024B - Virtual size: 910B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ