d:\nt\base\ntos\init\mp\obj\amd64\ntkrnlmp.pdb
Static task
static1
1 signatures
General
-
Target
044d93da2312ad90c275ef60aba9249d99212d7147834096c6fe93b67b206035_NeikiAnalytics.exe
-
Size
3.2MB
-
MD5
c4ce3064b939e8e075847e86095531f0
-
SHA1
33e0e7bbfe1b1f59bd80f4c3c5f19a1fd49665a6
-
SHA256
044d93da2312ad90c275ef60aba9249d99212d7147834096c6fe93b67b206035
-
SHA512
0b2f002f28dd32f69549f10cc2a35784e290117c90ef92df2671129446c8a24afb9395b16764568d27fd6ed747f634240fed2584eeae33402e9512859de660d4
-
SSDEEP
49152:PTWjtRYwu8VHyhR8xV7RkXyeGRA5cuKc2gJOOIVsCxF7CBKguZAWaE2yIIyrE:EtjuWCyYuc2zBD84
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 044d93da2312ad90c275ef60aba9249d99212d7147834096c6fe93b67b206035_NeikiAnalytics.exe
Files
-
044d93da2312ad90c275ef60aba9249d99212d7147834096c6fe93b67b206035_NeikiAnalytics.exe.sys windows:5 windows x64 arch:x64
e9044ecf9101cea95aeeb22403101a8a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
hal
HalSetBusDataByOffset
HalCalibratePerformanceCounter
HalSetRealTimeClock
HalRequestSoftwareInterrupt
HalEnableSystemInterrupt
HalDisableSystemInterrupt
HalSendNMI
HalSendSoftwareInterrupt
HalGetBusDataByOffset
HalHandleNMI
HalStartNextProcessor
HalRequestIpi
HalHandleMcheck
KeFlushWriteBuffer
HalAllocateCrashDumpRegisters
HalSetTimeIncrement
HalGetEnvironmentVariable
KeQueryPerformanceCounter
HalTranslateBusAddress
KeStallExecutionProcessor
HalQueryRealTimeClock
HalAllProcessorsStarted
HalReportResourceUsage
HalInitSystem
HalInitializeBios
HalSetEnvironmentVariable
HalInitializeProcessor
HalReturnToFirmware
HalStopProfileInterrupt
HalSetProfileInterval
HalStartProfileInterrupt
bootvid
VidInitialize
VidDisplayString
VidSetTextColor
VidSolidColorFill
VidBitBlt
VidBufferToScreenBlt
VidScreenToBufferBlt
VidResetDisplay
VidCleanUp
VidSetScrollRegion
kdcom
KdD0Transition
KdD3Transition
KdSave
KdReceivePacket
KdDebuggerInitialize0
KdRestore
KdDebuggerInitialize1
KdSendPacket
Exports
Exports
CcCanIWrite
CcCopyRead
CcCopyWrite
CcDeferWrite
CcFastCopyRead
CcFastCopyWrite
CcFastMdlReadWait
CcFastReadNotPossible
CcFastReadWait
CcFlushCache
CcGetDirtyPages
CcGetFileObjectFromBcb
CcGetFileObjectFromSectionPtrs
CcGetFileObjectFromSectionPtrsRef
CcGetFlushedValidData
CcGetLsnForFileObject
CcInitializeCacheMap
CcIsThereDirtyData
CcMapData
CcMdlRead
CcMdlReadComplete
CcMdlWriteAbort
CcMdlWriteComplete
CcPinMappedData
CcPinRead
CcPrepareMdlWrite
CcPreparePinWrite
CcPurgeCacheSection
CcRemapBcb
CcRepinBcb
CcScheduleReadAhead
CcSetAdditionalCacheAttributes
CcSetBcbOwnerPointer
CcSetDirtyPageThreshold
CcSetDirtyPinnedData
CcSetFileSizes
CcSetFileSizesEx
CcSetLogHandleForFile
CcSetReadAheadGranularity
CcUninitializeCacheMap
CcUnpinData
CcUnpinDataForThread
CcUnpinRepinnedBcb
CcWaitForCurrentLazyWriterActivity
CcZeroData
CmRegisterCallback
CmUnRegisterCallback
DbgBreakPoint
DbgBreakPointWithStatus
DbgCommandString
DbgLoadImageSymbols
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
DbgkLkmdRegisterCallback
EmClientQueryRuleState
EmProviderDeregister
EmProviderRegister
EtwActivityIdControl
EtwEventEnabled
EtwProviderEnabled
EtwRegister
EtwRegisterClassicProvider
EtwUnregister
EtwWrite
EtwWriteString
EtwWriteTransfer
ExAcquireFastMutex
ExAcquireFastMutexUnsafe
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExAcquireRundownProtection
ExAcquireRundownProtectionCacheAware
ExAcquireRundownProtectionCacheAwareEx
ExAcquireRundownProtectionEx
ExAcquireSharedStarveExclusive
ExAcquireSharedWaitForExclusive
ExAcquireSpinLockExclusive
ExAcquireSpinLockShared
ExAllocateCacheAwarePushLock
ExAllocateCacheAwareRundownProtection
ExAllocateFromPagedLookasideList
ExAllocatePool
ExAllocatePoolEx
ExAllocatePoolWithQuota
ExAllocatePoolWithQuotaTag
ExAllocatePoolWithTag
ExAllocatePoolWithTagPriority
ExConvertExclusiveToSharedLite
ExCreateCallback
ExDeleteLookasideListEx
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
ExDeleteResourceLite
ExDesktopObjectType
ExDisableResourceBoostLite
ExEnterCriticalRegionAndAcquireFastMutexUnsafe
ExEnterCriticalRegionAndAcquireResourceExclusive
ExEnterCriticalRegionAndAcquireResourceShared
ExEnterCriticalRegionAndAcquireSharedWaitForExclusive
ExEnterPriorityRegionAndAcquireResourceExclusive
ExEnterPriorityRegionAndAcquireResourceShared
ExEnumHandleTable
ExEventObjectType
ExExtendZone
ExFreeCacheAwareRundownProtection
ExFreePool
ExFreePoolEx
ExFreePoolWithTag
ExFreeToPagedLookasideList
ExGetCurrentProcessorCounts
ExGetCurrentProcessorCpuUsage
ExGetExclusiveWaiterCount
ExGetFirmwareEnvironmentVariable
ExGetPreviousMode
ExGetSharedWaiterCount
ExInitializeLookasideListEx
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExInitializePushLock
ExInitializeResourceLite
ExInitializeRundownProtection
ExInitializeRundownProtectionCacheAware
ExInitializeZone
ExInterlockedAddLargeInteger
ExInterlockedAddUlong
ExInterlockedExtendZone
ExInterlockedInsertHeadList
ExInterlockedInsertTailList
ExInterlockedPopEntryList
ExInterlockedPushEntryList
ExInterlockedRemoveHeadList
ExIsProcessorFeaturePresent
ExIsResourceAcquiredExclusiveLite
ExIsResourceAcquiredSharedLite
ExLocalTimeToSystemTime
ExNotifyCallback
ExQueryDepthSList
ExQueryPoolBlockSize
ExQueueWorkItem
ExRaiseAccessViolation
ExRaiseDatatypeMisalignment
ExRaiseException
ExRaiseHardError
ExRaiseStatus
ExReInitializeRundownProtection
ExReInitializeRundownProtectionCacheAware
ExRegisterCallback
ExReinitializeResourceLite
ExReleaseFastMutex
ExReleaseFastMutexUnsafe
ExReleaseFastMutexUnsafeAndLeaveCriticalRegion
ExReleaseResourceAndLeaveCriticalRegion
ExReleaseResourceAndLeavePriorityRegion
ExReleaseResourceForThreadLite
ExReleaseResourceLite
ExReleaseRundownProtection
ExReleaseRundownProtectionCacheAware
ExReleaseRundownProtectionCacheAwareEx
ExReleaseRundownProtectionEx
ExReleaseSpinLockExclusive
ExReleaseSpinLockShared
ExRundownCompleted
ExRundownCompletedCacheAware
ExSemaphoreObjectType
ExSetFirmwareEnvironmentVariable
ExSetResourceOwnerPointer
ExSetTimerResolution
ExSizeOfRundownProtectionCacheAware
ExSystemExceptionFilter
ExSystemTimeToLocalTime
ExTryToAcquireFastMutex
ExUnregisterCallback
ExUuidCreate
ExVerifySuite
ExWaitForRundownProtectionRelease
ExWaitForRundownProtectionReleaseCacheAware
ExWindowStationObjectType
ExfAcquirePushLockExclusive
ExfAcquirePushLockShared
ExfReleasePushLock
ExfReleasePushLockExclusive
ExfReleasePushLockShared
ExfTryAcquirePushLockShared
ExfTryToWakePushLock
ExfUnblockPushLock
ExpInterlockedFlushSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
FirstEntrySList
FsRtlAcquireFileExclusive
FsRtlAddBaseMcbEntry
FsRtlAddLargeMcbEntry
FsRtlAddMcbEntry
FsRtlAddToTunnelCache
FsRtlAllocateFileLock
FsRtlAllocatePool
FsRtlAllocatePoolWithQuota
FsRtlAllocatePoolWithQuotaTag
FsRtlAllocatePoolWithTag
FsRtlAllocateResource
FsRtlAreNamesEqual
FsRtlBalanceReads
FsRtlCheckLockForReadAccess
FsRtlCheckLockForWriteAccess
FsRtlCheckOplock
FsRtlCopyRead
FsRtlCopyWrite
FsRtlCreateSectionForDataScan
FsRtlCurrentBatchOplock
FsRtlDeleteKeyFromTunnelCache
FsRtlDeleteTunnelCache
FsRtlDeregisterUncProvider
FsRtlDissectDbcs
FsRtlDissectName
FsRtlDoesDbcsContainWildCards
FsRtlDoesNameContainWildCards
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlFastUnlockAll
FsRtlFastUnlockAllByKey
FsRtlFastUnlockSingle
FsRtlFindInTunnelCache
FsRtlFreeFileLock
FsRtlGetEcpListFromIrp
FsRtlGetFileSize
FsRtlGetNextBaseMcbEntry
FsRtlGetNextExtraCreateParameter
FsRtlGetNextFileLock
FsRtlGetNextLargeMcbEntry
FsRtlGetNextMcbEntry
FsRtlIncrementCcFastReadNoWait
FsRtlIncrementCcFastReadNotPossible
FsRtlIncrementCcFastReadResourceMiss
FsRtlIncrementCcFastReadWait
FsRtlInitializeBaseMcb
FsRtlInitializeFileLock
FsRtlInitializeLargeMcb
FsRtlInitializeMcb
FsRtlInitializeOplock
FsRtlInitializeTunnelCache
FsRtlInsertPerFileObjectContext
FsRtlInsertPerStreamContext
FsRtlIsDbcsInExpression
FsRtlIsFatDbcsLegal
FsRtlIsHpfsDbcsLegal
FsRtlIsNameInExpression
FsRtlIsNtstatusExpected
FsRtlIsPagingFile
FsRtlIsTotalDeviceFailure
FsRtlLegalAnsiCharacterArray
FsRtlLookupBaseMcbEntry
FsRtlLookupLargeMcbEntry
FsRtlLookupLastBaseMcbEntry
FsRtlLookupLastBaseMcbEntryAndIndex
FsRtlLookupLastLargeMcbEntry
FsRtlLookupLastLargeMcbEntryAndIndex
FsRtlLookupLastMcbEntry
FsRtlLookupMcbEntry
FsRtlLookupPerFileObjectContext
FsRtlLookupPerStreamContextInternal
FsRtlMdlRead
FsRtlMdlReadComplete
FsRtlMdlReadCompleteDev
FsRtlMdlReadDev
FsRtlMdlWriteComplete
FsRtlMdlWriteCompleteDev
FsRtlNormalizeNtstatus
FsRtlNotifyChangeDirectory
FsRtlNotifyCleanup
FsRtlNotifyFilterChangeDirectory
FsRtlNotifyFilterReportChange
FsRtlNotifyFullChangeDirectory
FsRtlNotifyFullReportChange
FsRtlNotifyInitializeSync
FsRtlNotifyReportChange
FsRtlNotifyUninitializeSync
FsRtlNotifyVolumeEvent
FsRtlNumberOfRunsInBaseMcb
FsRtlNumberOfRunsInLargeMcb
FsRtlNumberOfRunsInMcb
FsRtlOplockFsctrl
FsRtlOplockIsFastIoPossible
FsRtlPostPagingFileStackOverflow
FsRtlPostStackOverflow
FsRtlPrepareMdlWrite
FsRtlPrepareMdlWriteDev
FsRtlPrivateLock
FsRtlProcessFileLock
FsRtlRegisterFileSystemFilterCallbacks
FsRtlRegisterUncProvider
FsRtlReleaseFile
FsRtlRemoveBaseMcbEntry
FsRtlRemoveDotsFromPath
FsRtlRemoveLargeMcbEntry
FsRtlRemoveMcbEntry
FsRtlRemovePerFileObjectContext
FsRtlRemovePerStreamContext
FsRtlResetBaseMcb
FsRtlResetLargeMcb
FsRtlSplitBaseMcb
FsRtlSplitLargeMcb
FsRtlSyncVolumes
FsRtlTeardownPerStreamContexts
FsRtlTruncateBaseMcb
FsRtlTruncateLargeMcb
FsRtlTruncateMcb
FsRtlUninitializeBaseMcb
FsRtlUninitializeFileLock
FsRtlUninitializeLargeMcb
FsRtlUninitializeMcb
FsRtlUninitializeOplock
FsRtlValidateReparsePointBuffer
HalDispatchTable
HalExamineMBR
HalPrivateDispatchTable
HeadlessDispatch
InbvAcquireDisplayOwnership
InbvCheckDisplayOwnership
InbvDisplayString
InbvEnableBootDriver
InbvEnableDisplayString
InbvInstallDisplayStringFilter
InbvIsBootDriverInstalled
InbvNotifyDisplayOwnershipLost
InbvResetDisplay
InbvSetScrollRegion
InbvSetTextColor
InbvSolidColorFill
InitSafeBootMode
InitializeSListHead
IoAcquireCancelSpinLock
IoAcquireRemoveLockEx
IoAcquireVpbSpinLock
IoAdapterObjectType
IoAllocateAdapterChannel
IoAllocateController
IoAllocateDriverObjectExtension
IoAllocateErrorLogEntry
IoAllocateIrp
IoAllocateMdl
IoAllocateSfioStreamIdentifier
IoAllocateWorkItem
IoAssignDriveLetters
IoAssignResources
IoAttachDevice
IoAttachDeviceByPointer
IoAttachDeviceToDeviceStack
IoAttachDeviceToDeviceStackSafe
IoBuildAsynchronousFsdRequest
IoBuildDeviceIoControlRequest
IoBuildPartialMdl
IoBuildSynchronousFsdRequest
IoCallDriver
IoCancelFileOpen
IoCancelIrp
IoCheckDesiredAccess
IoCheckEaBufferValidity
IoCheckFunctionAccess
IoCheckQuerySetFileInformation
IoCheckQuerySetVolumeInformation
IoCheckQuotaBufferValidity
IoCheckShareAccess
IoCompleteRequest
IoConnectInterrupt
IoConnectInterruptEx
IoCreateController
IoCreateDevice
IoCreateDisk
IoCreateDriver
IoCreateFile
IoCreateFileSpecifyDeviceObjectHint
IoCreateNotificationEvent
IoCreateStreamFileObject
IoCreateStreamFileObjectEx
IoCreateStreamFileObjectLite
IoCreateSymbolicLink
IoCreateSynchronizationEvent
IoCreateUnprotectedSymbolicLink
IoCsqInitialize
IoCsqInitializeEx
IoCsqInsertIrp
IoCsqInsertIrpEx
IoCsqRemoveIrp
IoCsqRemoveNextIrp
IoDeleteController
IoDeleteDevice
IoDeleteDriver
IoDeleteSymbolicLink
IoDetachDevice
IoDeviceHandlerObjectSize
IoDeviceHandlerObjectType
IoDeviceObjectType
IoDisconnectInterrupt
IoDisconnectInterruptEx
IoDriverObjectType
IoEnqueueIrp
IoEnumerateDeviceObjectList
IoEnumerateRegisteredFiltersList
IoFastQueryNetworkAttributes
IoFileObjectType
IoForwardAndCatchIrp
IoForwardIrpSynchronously
IoFreeController
IoFreeErrorLogEntry
IoFreeIrp
IoFreeMdl
IoFreeSfioStreamIdentifier
IoFreeWorkItem
IoGetActivityIdIrp
IoGetAffinityInterrupt
IoGetAttachedDevice
IoGetAttachedDeviceReference
IoGetBaseFileSystemDeviceObject
IoGetBootDiskInformation
IoGetConfigurationInformation
IoGetCurrentProcess
IoGetDeviceAttachmentBaseRef
IoGetDeviceInterfaceAlias
IoGetDeviceInterfaces
IoGetDeviceNumaNode
IoGetDeviceObjectPointer
IoGetDeviceProperty
IoGetDevicePropertyData
IoGetDeviceToVerify
IoGetDiskDeviceObject
IoGetDmaAdapter
IoGetDriverObjectExtension
IoGetFileObjectGenericMapping
IoGetInitialStack
IoGetIoPriorityHint
IoGetIrpExtraCreateParameter
IoGetLowerDeviceObject
IoGetPagingIoPriority
IoGetRelatedDeviceObject
IoGetRequestorProcess
IoGetRequestorProcessId
IoGetRequestorSessionId
IoGetSfioStreamIdentifier
IoGetStackLimits
IoGetTopLevelIrp
IoInitializeIrp
IoInitializeRemoveLockEx
IoInitializeTimer
IoInitializeWorkItem
IoInvalidateDeviceRelations
IoInvalidateDeviceState
IoIs32bitProcess
IoIsFileOriginRemote
IoIsOperationSynchronous
IoIsSystemThread
IoIsValidNameGraftingBuffer
IoIsWdmVersionAvailable
IoMakeAssociatedIrp
IoOpenDeviceInterfaceRegistryKey
IoOpenDeviceRegistryKey
IoPageRead
IoPnPDeliverServicePowerNotification
IoQueryDeviceDescription
IoQueryFileDosDeviceName
IoQueryFileInformation
IoQueryVolumeInformation
IoQueueThreadIrp
IoQueueWorkItem
IoQueueWorkItemEx
IoRaiseHardError
IoRaiseInformationalHardError
IoReadDiskSignature
IoReadOperationCount
IoReadPartitionTable
IoReadPartitionTableEx
IoReadTransferCount
IoRegisterBootDriverReinitialization
IoRegisterDeviceInterface
IoRegisterDriverReinitialization
IoRegisterFileSystem
IoRegisterFsRegistrationChange
IoRegisterLastChanceShutdownNotification
IoRegisterPlugPlayNotification
IoRegisterShutdownNotification
IoReleaseCancelSpinLock
IoReleaseRemoveLockAndWaitEx
IoReleaseRemoveLockEx
IoReleaseVpbSpinLock
IoRemoveShareAccess
IoReportDetectedDevice
IoReportHalResourceUsage
IoReportResourceForDetection
IoReportResourceUsage
IoReportTargetDeviceChange
IoReportTargetDeviceChangeAsynchronous
IoRequestDeviceEject
IoReuseIrp
IoSetActivityIdIrp
IoSetCompletionRoutineEx
IoSetDeviceInterfaceState
IoSetDevicePropertyData
Sections
.text Size: 1022KB - Virtual size: 1022KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
MISYSPTE Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
POOLMI Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
POOLCODE Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 204KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 133KB - Virtual size: 132KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SPINLOCK Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGELK Size: 81KB - Virtual size: 80KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEVRFY Size: 155KB - Virtual size: 155KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEKD Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESPEC Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEHDLS Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.edata Size: 52KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGEDATA Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEVRFC Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGEVRFD Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 235KB - Virtual size: 234KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 83KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ