E:\code\homepage\pluginstall\pdb\xadfilter.pdb
Static task
static1
1 signatures
General
-
Target
96d3650a989dd1276397e5e8b1b61aa0_NeikiAnalytics.exe
-
Size
29KB
-
MD5
96d3650a989dd1276397e5e8b1b61aa0
-
SHA1
a7d446695d9551ac35963aa20857889613e37300
-
SHA256
74ded0b9b3553f80a8f81c65197e596da0857322b4a353e0080653430402ccf5
-
SHA512
f6b7b23d3cb7fcd62bed021a8d3b8f199cbbf41f9b452810e0e7b27943fcfa2dfe57cb048c095679d506db7b2325af5022ee33ac499fe4a6e1ce2da78f24ed3e
-
SSDEEP
384:ZtXozUsrct8nS1uW0W1WzrlMRk51rQEROuKhT1ld9ZSp4t8KXKUiJ:Z0U78Sws1Wzrr5+EROtDS2Y
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 96d3650a989dd1276397e5e8b1b61aa0_NeikiAnalytics.exe
Files
-
96d3650a989dd1276397e5e8b1b61aa0_NeikiAnalytics.exe.sys windows:5 windows x86 arch:x86
358657500706324dee236735134e1ed2
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_wcslwr
wcsstr
memset
IofCompleteRequest
PsGetCurrentProcessId
ObfDereferenceObject
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeWaitForSingleObject
MmIsAddressValid
KeInitializeTimerEx
KeSetEvent
KeInitializeEvent
IoFreeMdl
IoFileObjectType
ExAllocatePool
KeGetCurrentThread
IoFreeIrp
IoAllocateIrp
IoAllocateMdl
IofCallDriver
wcscat
ZwCreateKey
_wcsnicmp
ZwReadFile
IoGetRelatedDeviceObject
RtlIntegerToUnicodeString
wcsncpy
RtlAppendUnicodeToString
IoCreateFile
RtlUnicodeStringToAnsiString
ZwSetValueKey
wcslen
ZwSetInformationFile
KeQuerySystemTime
wcsrchr
ZwClose
RtlAppendUnicodeStringToString
RtlRandom
ObReferenceObjectByHandle
RtlFreeAnsiString
RtlCopyUnicodeString
ZwQueryInformationFile
ZwDeleteKey
wcscpy
ZwEnumerateKey
RtlInitUnicodeString
ZwOpenKey
KeSetTimerEx
MmHighestUserAddress
DbgPrint
MmGetSystemRoutineAddress
PsGetVersion
ExQueueWorkItem
ExAcquireResourceExclusiveLite
ProbeForRead
PsSetLoadImageNotifyRoutine
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
KeDetachProcess
ExAcquireResourceSharedLite
ExReleaseResourceLite
PsRemoveLoadImageNotifyRoutine
KeAttachProcess
ZwQueryInformationProcess
ExInitializeResourceLite
ObOpenObjectByPointer
ZwAllocateVirtualMemory
_vsnprintf
RtlQueryRegistryValues
wcsncat
ZwQueryValueKey
ZwWriteFile
IoBuildDeviceIoControlRequest
ZwCreateFile
MmProbeAndLockPages
IoThreadToProcess
IoGetCurrentProcess
IoCreateDevice
PsGetProcessId
strlen
KeSetPriorityThread
strstr
PsCreateSystemThread
_vsnwprintf
IoCreateSymbolicLink
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryKey
memcpy
_allmul
_except_handler3
hal
KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ