H:\new\pluginstall\pdb\xadfilter.pdb
Static task
static1
1 signatures
General
-
Target
88cbeaab479ca6b2369b1b2b514bf6cc99b8b562c44d4a0dd641950ec0054151_NeikiAnalytics.exe
-
Size
446KB
-
MD5
536b3bfc58f2abebd987f73c773da990
-
SHA1
22520030408be207107a575c047521d065e23889
-
SHA256
88cbeaab479ca6b2369b1b2b514bf6cc99b8b562c44d4a0dd641950ec0054151
-
SHA512
303fecbe70bc2405cf56361a914e88fa60f3dac6bee63df9ae0422b5f708a5a4a1d9ed442b26f347ddbef18df280330427b1ba79b9d48f1cbad89efc0ab62e56
-
SSDEEP
12288:p99gFnvsO1ZJCVVJ/NttIK7zt+9pnExWotySoiBXkM:dgFnbZJCzJ/NtPzU9pnAWotpo+
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 88cbeaab479ca6b2369b1b2b514bf6cc99b8b562c44d4a0dd641950ec0054151_NeikiAnalytics.exe
Files
-
88cbeaab479ca6b2369b1b2b514bf6cc99b8b562c44d4a0dd641950ec0054151_NeikiAnalytics.exe.sys windows:5 windows x86 arch:x86
374bd107d8507369e1ae2f8bb9825b52
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExFreePoolWithTag
ExAllocatePool
RtlLookupElementGenericTable
RtlInitializeGenericTable
_wcsnicmp
wcsncpy
wcsstr
IoGetTopLevelIrp
_wcsupr
MmIsAddressValid
ExAllocatePoolWithTag
KeLeaveCriticalRegion
ExGetPreviousMode
KeEnterCriticalRegion
IoDriverObjectType
IofCompleteRequest
KeWaitForSingleObject
KeSetTimer
ObfDereferenceObject
ObReferenceObjectByName
KeInitializeTimerEx
KeSetEvent
IoFreeMdl
IoFreeIrp
IofCallDriver
ZwCreateKey
IoCreateFile
ZwSetValueKey
ZwSetInformationFile
KeQuerySystemTime
wcsrchr
_vsnwprintf
RtlAppendUnicodeStringToString
ObReferenceObjectByHandle
RtlCopyUnicodeString
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
MmHighestUserAddress
KeTickCount
RtlUnicodeStringToInteger
_wcsicmp
ZwReadFile
RtlUnicodeStringToAnsiString
ZwQueryValueKey
ZwQueryInformationFile
ZwWriteFile
KeSetTargetProcessorDpc
KeInitializeDpc
KeInsertQueueDpc
PsGetVersion
KeNumberProcessors
ExQueueWorkItem
ExAcquireResourceExclusiveLite
PsSetLoadImageNotifyRoutine
PsLookupProcessByProcessId
ZwQuerySystemInformation
PsSetCreateProcessNotifyRoutine
_wcslwr
KeDetachProcess
ExAcquireResourceSharedLite
ExReleaseResourceLite
PsRemoveLoadImageNotifyRoutine
KeAttachProcess
ZwQueryInformationProcess
ExInitializeResourceLite
ObOpenObjectByPointer
ZwAllocateVirtualMemory
RtlQueryRegistryValues
IoThreadToProcess
IoDeleteDevice
IoGetCurrentProcess
IoAttachDevice
IoCreateDevice
PsGetProcessId
ObQueryNameString
IoCreateSymbolicLink
DbgPrint
PsGetCurrentProcessId
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
ProbeForRead
_except_handler3
memcpy
memset
hal
KeRaiseIrqlToDpcLevel
KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock
KfLowerIrql
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 409KB - Virtual size: 412KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ