d:\young\httprdr\driver\objfre_wxp_x86\i386\HrDrv.pdb
Static task
static1
1 signatures
General
-
Target
1ce0b0db1c11931e6768c5deaf0920a0_NeikiAnalytics.exe
-
Size
92KB
-
MD5
1ce0b0db1c11931e6768c5deaf0920a0
-
SHA1
58defb9fd862104db29872809c1777f0f0e586b9
-
SHA256
184fb6da1b265cced59ad52761cfa84d976f3e790806b2cbeb99036de4236a8a
-
SHA512
99dfbf8ef6af4c926c2c2489320ad6a8acd3c055284dfe0e9956213c5d3524538bcd2c484bf26733dfe32a8585c1ba3e1e399c860857dffece8c189674b3ddb6
-
SSDEEP
768:uQF42vPj3FbG/H+mtQRrz2+KKfdGAy+PnxEjpoHAh3DhLja+JXy/z4Sfwzg/p+2:uQF4uFKmrzJjlGAFqjprhNjA/8SfB+2
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1ce0b0db1c11931e6768c5deaf0920a0_NeikiAnalytics.exe
Files
-
1ce0b0db1c11931e6768c5deaf0920a0_NeikiAnalytics.exe.sys windows:6 windows x86 arch:x86
81a9d3e2fb839e1a6ed8d8b28bc9946d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ObReferenceObjectByHandle
ZwCreateFile
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetRelatedDeviceObject
memset
IoFreeMdl
MmProbeAndLockPages
IoFreeIrp
IoAllocateMdl
IofCompleteRequest
IoCancelIrp
KeQueryTimeIncrement
KeTickCount
_alldiv
_allmul
ZwFlushKey
ZwSetValueKey
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
memcpy
ZwDeleteValueKey
IoDeleteDevice
IoDeleteSymbolicLink
IoGetDeviceObjectPointer
IoCreateSymbolicLink
IoCreateDevice
IoGetLowerDeviceObject
ZwUnloadDriver
ZwDeleteKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlRandomEx
rand
srand
ExSystemTimeToLocalTime
KeQuerySystemTime
RtlLargeIntegerDivide
_allrem
RtlGetVersion
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoRegisterShutdownNotification
RtlUpcaseUnicodeString
ExFreePoolWithTag
IoAttachDeviceToDeviceStack
IoDetachDevice
RtlCompareMemory
MmIsAddressValid
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
PsGetCurrentProcessId
memmove
MmGetSystemRoutineAddress
_snprintf
strrchr
strncpy
PsGetCurrentThreadId
ZwEnumerateKey
DbgPrint
strstr
_strnicmp
IoBuildSynchronousFsdRequest
RtlCompareUnicodeString
ZwSetInformationFile
ZwWriteFile
ZwReadFile
ZwWaitForSingleObject
ZwQueryInformationFile
IoCreateFileSpecifyDeviceObjectHint
IoGetDeviceAttachmentBaseRef
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlEqualUnicodeString
ObQueryNameString
swprintf
ZwDeviceIoControlFile
ZwFsControlFile
KeGetCurrentThread
RtlCopyUnicodeString
ExAllocatePoolWithTag
ZwDeleteFile
IoAttachDeviceToDeviceStackSafe
PsCreateSystemThread
PsTerminateSystemThread
KeSetTimerEx
KeSetPriorityThread
KeCancelTimer
KeInitializeTimerEx
KeBugCheckEx
KeInitializeEvent
ObfDereferenceObject
KeWaitForSingleObject
ZwClose
RtlInitUnicodeString
ExAllocatePool
KeSetEvent
RtlAnsiCharToUnicodeChar
RtlUnwind
hal
KfReleaseSpinLock
KfAcquireSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeStallExecutionProcessor
Sections
.text Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 936B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ