AgileVpn.pdb
Static task
static1
1 signatures
General
-
Target
303c113f985b6643d46484ae1d0f62c995423c345599c738c5979801eaf7128b_NeikiAnalytics.exe
-
Size
91KB
-
MD5
bc69be860b9580c98616013503a1bbb0
-
SHA1
45d1ab084c2ef7b9764adf17406d1ff459c05c45
-
SHA256
303c113f985b6643d46484ae1d0f62c995423c345599c738c5979801eaf7128b
-
SHA512
401de8d75ac742b038f1d9b5def7bb7246a17a5b8c881eb66a6dc75eb62c788b1f3f92c4ed362c1b5a88b1ffe71421c52200df80a48dafe3fb70af981bfe2f5f
-
SSDEEP
1536:XYdEVTPXexKPoPwgLr4i/nVTl8CwvHpIrjtRCMj+FzJhiHMeTv3DnQ8Q09I:XYMjXefQi/nVaCaaOMy8HMejDnQ8
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 303c113f985b6643d46484ae1d0f62c995423c345599c738c5979801eaf7128b_NeikiAnalytics.exe
Files
-
303c113f985b6643d46484ae1d0f62c995423c345599c738c5979801eaf7128b_NeikiAnalytics.exe.sys windows:10 windows x86 arch:x86
d887b39b4df2d090c78e89e5f3cdf39d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
InterlockedPushEntrySList
PsTerminateSystemThread
InterlockedPopEntrySList
RtlIpv6StringToAddressW
ExDeleteResourceLite
MmLockPagableDataSection
RtlIpv4AddressToStringW
ExFreePool
RtlIpv4StringToAddressW
ExAllocatePoolWithTag
KeClearEvent
KeInitializeDpc
KeInitializeTimerEx
KeQueryMaximumProcessorCountEx
KeSetTimerEx
KeSetTargetProcessorDpcEx
KeCancelTimer
ZwQueryValueKey
ExFreePoolWithTag
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLockFromDpcLevel
ZwOpenKey
ExAllocatePoolWithTagPriority
KeQueryTimeIncrement
KeQueryInterruptTime
KeSetEvent
KeRevertToUserGroupAffinityThread
KeSetSystemGroupAffinityThread
KeGetProcessorNumberFromIndex
KeGetCurrentProcessorNumberEx
ExInitializeResourceLite
KeQueryActiveProcessorCountEx
ZwClose
KeWaitForSingleObject
KeInitializeEvent
ExInitializeNPagedLookasideList
ObReferenceObjectByHandle
EtwWriteTransfer
KeInitializeSpinLock
RtlInitUnicodeString
PsCreateSystemThread
ObfDereferenceObject
ExDeleteNPagedLookasideList
RtlIpv6AddressToStringW
IofCompleteRequest
RtlIpv4AddressToStringA
IoReleaseCancelSpinLock
RtlIpv6AddressToStringA
RtlCompareMemory
KeInitializeMutex
KeReleaseMutex
MmMapLockedPagesSpecifyCache
KeEnterCriticalRegion
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
KeLeaveCriticalRegion
EtwUnregister
EtwRegister
memcpy
_alldiv
_allmul
_allshl
_aulldiv
_aulldvrm
_aullrem
memset
hal
KfRaiseIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeAcquireInStackQueuedSpinLock
KeQueryPerformanceCounter
KeReleaseInStackQueuedSpinLock
KfLowerIrql
ndis.sys
NdisReleaseReadWriteLock
NdisReleaseRWLock
NdisFreeGenericObject
NdisAcquireRWLockWrite
NdisAllocateGenericObject
NdisFreeRWLock
NdisInitializeReadWriteLock
NdisAllocateRWLock
NdisAcquireReadWriteLock
NdisMSleep
NdisRetreatNetBufferDataStart
NdisAdvanceNetBufferDataStart
NdisAllocateCloneNetBufferList
NdisFreeNetBufferListPool
NdisGetDataBuffer
NdisIfGetNetLuidFromInterfaceIndex
NdisFreeCloneNetBufferList
NdisAllocateNetBufferListPool
NdisFreeNetBufferListContext
NdisAdvanceNetBufferListDataStart
NdisAllocateNetBufferListContext
NdisMCmCreateVc
NdisCmDispatchIncomingCall
NdisMCoIndicateStatusEx
NdisMCmActivateVc
NdisCmDispatchCallConnected
NdisMCmDeactivateVc
NdisCmMakeCallComplete
NdisMCmDeleteVc
NdisCmCloseCallComplete
NdisFreeIoWorkItem
NdisCmRegisterSapComplete
NdisCmDispatchIncomingCloseCall
NdisCmDeregisterSapComplete
NdisWaitEvent
NdisSetOptionalHandlers
NdisFreeNetBufferList
NdisCopySendNetBufferListInfo
NdisAllocateNetBufferList
NdisRetreatNetBufferListDataStart
NdisAllocateNetBufferPool
NdisMRegisterMiniportDriver
NdisInitializeEvent
NdisDeregisterDeviceEx
NdisMDeregisterMiniportDriver
NdisAllocateIoWorkItem
NdisGetVersion
NdisSetEvent
NdisRegisterDeviceEx
NdisAllocateMemoryWithTagPriority
NdisFreeMemoryWithTagPriority
NdisQueueIoWorkItem
NdisMSetMiniportAttributes
NdisMCoIndicateReceiveNetBufferLists
NdisResetEvent
NdisMCoSendNetBufferListsComplete
NdisMCmRegisterAddressFamilyEx
netio.sys
NmrWaitForClientDeregisterComplete
NmrClientAttachProvider
NmrDeregisterClient
RtlSuspendTimerWheel
RtlInitializeTimerWheel
RtlReturnTimerWheelEntry
RtlIsTimerWheelSuspended
RtlIndicateTimerWheelEntryTimerStart
RtlGetNextExpirationTimerWheelTick
RtlInitializeTimerWheelEntry
RtlCleanupTimerWheelEntry
RtlCleanupTimerWheel
RtlResumeTimerWheel
RtlUpdateCurrentTimerWheelTick
RtlGetNextExpiredTimerWheelEntry
NetioAllocateMdl
AgileVPNDispatchTableInit
WfpNblInfoClone
RtlCopyBufferToMdl
NetioAllocateAndReferenceCloneNetBufferList
NetioDereferenceNetBufferList
NmrRegisterClient
fwpkclnt.sys
FwpsFreeNetBufferList0
FwpiCalloutUnregisterAndDeleteByKey0
FwpsVirtualIfTunnelInfoGet0
FwpsVirtualIfTunnelInfoSet0
FwpsInjectionHandleCreate0
FwpmProviderDeleteByKey0
FwpmTransactionBegin0
FwpmFilterDeleteById0
FwpsSignalIPsecDecryptCompleteIkeV20
FwpmEngineClose0
FwpmFilterAdd0
FwpiCalloutRegisterAndAddWithoutDevice0
FwpmProviderAdd0
FwpmTransactionCommit0
FwpmSubLayerAdd0
FwpmSubLayerDeleteByKey0
FwpsAllocateNetBufferAndNetBufferList0
FwpsInjectionHandleDestroy0
FwpsInjectNetworkSendAsync0
FwpmEngineOpen0
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEAVpn Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ