H:\new\pluginstall\pdb\xadfilter.pdb
Static task
static1
1 signatures
General
-
Target
926d027431c3370500081ceed69016fc73e3ce0aebe282ea4ad4ca8898d15aa2_NeikiAnalytics.exe
-
Size
446KB
-
MD5
68d70b868bf66db38ad3681fde9fb8f0
-
SHA1
418b5c21dd13beb85e9e92f8237a8cc9df9fa07d
-
SHA256
926d027431c3370500081ceed69016fc73e3ce0aebe282ea4ad4ca8898d15aa2
-
SHA512
887fbe0ba6fc4be30f05c3ad4c784990c8ec7b6bff4a14eba5f06efecc311451309a9a947ad1cbaca0249f2c775ad5c332abf9ddc8ac52af79ae16b65b5db92d
-
SSDEEP
12288:O99gFEvsO1ZJCVVJ/NttIK7zt+9pnExWotySoiBXkM:AgFEbZJCzJ/NtPzU9pnAWotpo+
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 926d027431c3370500081ceed69016fc73e3ce0aebe282ea4ad4ca8898d15aa2_NeikiAnalytics.exe
Files
-
926d027431c3370500081ceed69016fc73e3ce0aebe282ea4ad4ca8898d15aa2_NeikiAnalytics.exe.sys windows:5 windows x86 arch:x86
374bd107d8507369e1ae2f8bb9825b52
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExFreePoolWithTag
ExAllocatePool
RtlLookupElementGenericTable
RtlInitializeGenericTable
_wcsnicmp
wcsncpy
wcsstr
IoGetTopLevelIrp
_wcsupr
MmIsAddressValid
ExAllocatePoolWithTag
KeLeaveCriticalRegion
ExGetPreviousMode
KeEnterCriticalRegion
IoDriverObjectType
IofCompleteRequest
KeWaitForSingleObject
KeSetTimer
ObfDereferenceObject
ObReferenceObjectByName
KeInitializeTimerEx
KeSetEvent
IoFreeMdl
IoFreeIrp
IofCallDriver
ZwCreateKey
IoCreateFile
ZwSetValueKey
ZwSetInformationFile
KeQuerySystemTime
wcsrchr
_vsnwprintf
RtlAppendUnicodeStringToString
ObReferenceObjectByHandle
RtlCopyUnicodeString
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
MmHighestUserAddress
KeTickCount
RtlUnicodeStringToInteger
_wcsicmp
ZwReadFile
RtlUnicodeStringToAnsiString
ZwQueryValueKey
ZwQueryInformationFile
ZwWriteFile
KeSetTargetProcessorDpc
KeInitializeDpc
KeInsertQueueDpc
PsGetVersion
KeNumberProcessors
ExQueueWorkItem
ExAcquireResourceExclusiveLite
PsSetLoadImageNotifyRoutine
PsLookupProcessByProcessId
ZwQuerySystemInformation
PsSetCreateProcessNotifyRoutine
_wcslwr
KeDetachProcess
ExAcquireResourceSharedLite
ExReleaseResourceLite
PsRemoveLoadImageNotifyRoutine
KeAttachProcess
ZwQueryInformationProcess
ExInitializeResourceLite
ObOpenObjectByPointer
ZwAllocateVirtualMemory
RtlQueryRegistryValues
IoThreadToProcess
IoDeleteDevice
IoGetCurrentProcess
IoAttachDevice
IoCreateDevice
PsGetProcessId
ObQueryNameString
IoCreateSymbolicLink
DbgPrint
PsGetCurrentProcessId
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
ProbeForRead
_except_handler3
memcpy
memset
hal
KeRaiseIrqlToDpcLevel
KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock
KfLowerIrql
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 409KB - Virtual size: 412KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ