Static task
static1
General
-
Target
011e1cfb2c342837e9b34c0b60963500_NeikiAnalytics.exe
-
Size
28KB
-
MD5
011e1cfb2c342837e9b34c0b60963500
-
SHA1
731e1fd99d5d7dcc16fa9fe9f23ad3103018b52c
-
SHA256
330e21ccccfabdce17d787ad644cf475c208daaf9e64309d1829c53c70d3be70
-
SHA512
eea8b827392ededd42e222319827c5a81d7229823515b941cef4f565428163f52ae9d14b0ce0981980a17c1e2e605b85f603daac3d3bdf8c5456ce3827e965b0
-
SSDEEP
768:22jFdKcLrdX7ihBj/E6JRxLj9tWP443aY+qGRREsOM2:2qLihBDVJXl0PEwGRRPOr
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 011e1cfb2c342837e9b34c0b60963500_NeikiAnalytics.exe
Files
-
011e1cfb2c342837e9b34c0b60963500_NeikiAnalytics.exe.sys windows:4 windows x86 arch:x86
0f5450e8e00a132b473b4a71b4746c7e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
ntoskrnl.exe
KeInitializeSpinLock
RtlEqualUnicodeString
KeSynchronizeExecution
KeCancelTimer
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
MmMapLockedPages
hal
KfAcquireSpinLock
KfReleaseSpinLock
WRITE_PORT_USHORT
READ_PORT_USHORT
KeStallExecutionProcessor
ndis.sys
NdisFreeMemory
NdisRemoveInterrupt
EthDeleteFilter
NdisCopyFromPacketToPacket
EthShouldAddressLoopBack
EthFilterAdjust
EthChangeFilterAddresses
NdisTerminateWrapper
NdisRegisterMac
NdisAllocateMemory
NdisInitializeWrapper
NdisCloseConfiguration
NdisReadNetworkAddress
NdisImmediateReadPortUlong
NdisReadConfiguration
NdisOpenConfiguration
NdisImmediateReadPortUshort
NdisImmediateWritePciSlotInformation
NdisImmediateReadPciSlotInformation
NdisPciAssignResources
NdisImmediateWritePortUshort
NdisImmediateReadPortUchar
NdisWriteErrorLogEntry
NdisDeregisterMac
NdisDeregisterAdapter
NdisRegisterAdapterShutdownHandler
EthQueryGlobalFilterAddresses
NdisAllocateSharedMemory
NdisInitializeTimer
NdisInitializeInterrupt
EthCreateFilter
NdisRegisterAdapter
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisSetTimer
EthFilterIndicateReceive
NdisDeregisterAdapterShutdownHandler
NdisCompleteQueryStatistics
NdisFreeSharedMemory
EthFilterIndicateReceiveComplete
NdisCompleteCloseAdapter
EthNumberOfOpenFilterAddresses
EthDeleteFilterOpenAdapter
NdisCompleteOpenAdapter
EthNoteFilterOpenAdapter
EthQueryOpenFilterAddresses
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 544B - Virtual size: 524B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 992B - Virtual size: 980B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ