40e6673a7e33bd3e022457ba643aa65ece25b0ad23f64df6598ced33a209e182_NeikiAnalytics[.]exe

General

Target

40e6673a7e33bd3e022457ba643aa65ece25b0ad23f64df6598ced33a209e182_NeikiAnalytics.exe
Size

13KB
MD5

651419ea817599feeeba39ad1f6822e0
SHA1

0e577982acbf6c5863729f34e6778ae29b88be2f
SHA256

40e6673a7e33bd3e022457ba643aa65ece25b0ad23f64df6598ced33a209e182
SHA512

0c5c01221d06c91f18dfc9e46fe09f539f1fa45466421ddbeceacf456ba3607b311cd501a87f2286377e4aede272ef87b1d7dadf8a8c07584d5a5bd04882dd3a
SSDEEP

384:9RaMwJcLWNjRycgop6VBxwS2hDb3y+P+wZ:nHL+AcwT0+Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40e6673a7e33bd3e022457ba643aa65ece25b0ad23f64df6598ced33a209e182_NeikiAnalytics.exe

Files

40e6673a7e33bd3e022457ba643aa65ece25b0ad23f64df6598ced33a209e182_NeikiAnalytics.exe
.sys windows:5 windows x86 arch:x86

45d71ba540f64933ef8cfd925d5dc724

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoRegisterShutdownNotification
IoCreateSymbolicLink
KeInitializeDpc
KeInitializeTimer
KeInitializeSpinLock
KeInitializeSemaphore
IoCreateDevice
ExFreePool
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
RtlAppendUnicodeToString
ExAllocatePoolWithTag
RtlInitUnicodeString
IoDeleteSymbolicLink
ZwClose
IoUnregisterShutdownNotification
ObfDereferenceObject
PsCreateSystemThread
IoDeleteDevice
ObReferenceObjectByHandle
IofCompleteRequest
ExfInterlockedInsertTailList
KeResetEvent
ZwUnmapViewOfSection
ExfInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
KeSetTimer
KeCancelTimer
KeDelayExecutionThread
KeSetEvent
ZwMapViewOfSection
ZwOpenSection
IoCreateNotificationEvent
KeInitializeEvent
KeWaitForSingleObject
KeReleaseSemaphore

hal

WRITE_PORT_UCHAR
READ_PORT_UCHAR
HalTranslateBusAddress

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 608B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 448B - Virtual size: 426B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45d71ba540f64933ef8cfd925d5dc724

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 288B - Virtual size: 260B

.data Size: 608B - Virtual size: 600B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 448B - Virtual size: 426B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 288B - Virtual size: 260B

.data
Size: 608B - Virtual size: 600B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 448B - Virtual size: 426B