d:\young\httprdr\driver\objfre_wxp_x86\i386\HrDrv.pdb
Static task
static1
1 signatures
General
-
Target
fba2504f2d08b4cf940a7f8f581273d0_NeikiAnalytics.exe
-
Size
92KB
-
MD5
fba2504f2d08b4cf940a7f8f581273d0
-
SHA1
d576d9f681d2304a277cab7e864a0ff435df6a53
-
SHA256
a4af1ff234b1d3bf927b115febc64f0dca074e73f37fc4ebec87d9b4301dff02
-
SHA512
efd52efc7bd3b7ad10012736666865538f2067289379871394826aaf4f9351731e10b3667b5ee9ded7f6b7ab4a7ce285af0b326c8b7221523f0ea2ee478e787d
-
SSDEEP
768:yQF4uvPj3FbG/HumtQRrzy+KKvdKAy+PnxEjNoHAh/DhL7amJTy/L4i/wzg/pO2:yQF46FKirztjVKA5qjNrhV7s/0i/BO2
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource fba2504f2d08b4cf940a7f8f581273d0_NeikiAnalytics.exe
Files
-
fba2504f2d08b4cf940a7f8f581273d0_NeikiAnalytics.exe.sys windows:6 windows x86 arch:x86
81a9d3e2fb839e1a6ed8d8b28bc9946d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ObReferenceObjectByHandle
ZwCreateFile
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetRelatedDeviceObject
memset
IoFreeMdl
MmProbeAndLockPages
IoFreeIrp
IoAllocateMdl
IofCompleteRequest
IoCancelIrp
KeQueryTimeIncrement
KeTickCount
_alldiv
_allmul
ZwFlushKey
ZwSetValueKey
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
memcpy
ZwDeleteValueKey
IoDeleteDevice
IoDeleteSymbolicLink
IoGetDeviceObjectPointer
IoCreateSymbolicLink
IoCreateDevice
IoGetLowerDeviceObject
ZwUnloadDriver
ZwDeleteKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlRandomEx
rand
srand
ExSystemTimeToLocalTime
KeQuerySystemTime
RtlLargeIntegerDivide
_allrem
RtlGetVersion
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoRegisterShutdownNotification
RtlUpcaseUnicodeString
ExFreePoolWithTag
IoAttachDeviceToDeviceStack
IoDetachDevice
RtlCompareMemory
MmIsAddressValid
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
PsGetCurrentProcessId
memmove
MmGetSystemRoutineAddress
_snprintf
strrchr
strncpy
PsGetCurrentThreadId
ZwEnumerateKey
DbgPrint
strstr
_strnicmp
IoBuildSynchronousFsdRequest
RtlCompareUnicodeString
ZwSetInformationFile
ZwWriteFile
ZwReadFile
ZwWaitForSingleObject
ZwQueryInformationFile
IoCreateFileSpecifyDeviceObjectHint
IoGetDeviceAttachmentBaseRef
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlEqualUnicodeString
ObQueryNameString
swprintf
ZwDeviceIoControlFile
ZwFsControlFile
KeGetCurrentThread
RtlCopyUnicodeString
ExAllocatePoolWithTag
ZwDeleteFile
IoAttachDeviceToDeviceStackSafe
PsCreateSystemThread
PsTerminateSystemThread
KeSetTimerEx
KeSetPriorityThread
KeCancelTimer
KeInitializeTimerEx
KeBugCheckEx
KeInitializeEvent
ObfDereferenceObject
KeWaitForSingleObject
ZwClose
RtlInitUnicodeString
ExAllocatePool
KeSetEvent
RtlAnsiCharToUnicodeChar
RtlUnwind
hal
KfReleaseSpinLock
KfAcquireSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeStallExecutionProcessor
Sections
.text Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 936B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ