a1198d3f11e9e2c007e539a943c0e6c809969e002188f4e4a5ee2693b351fa98_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a1198d3f11e9e2c007e539a943c0e6c809969e002188f4e4a5ee2693b351fa98_NeikiAnalytics.exe
Size

33KB
MD5

c9fe8118bf6d50941c51257c482877f0
SHA1

0e4778a091648e7d48d075f030f16b52a9730355
SHA256

a1198d3f11e9e2c007e539a943c0e6c809969e002188f4e4a5ee2693b351fa98
SHA512

3637ce7cfb1c87caec553da81bed1ca2c5559ebd7f9c2e5c35fec73cbb6e473d3eaafb3f693bbe9156a52c6c35792b9af0e9e4a9b5866ac26d32f281e9d0e027
SSDEEP

768:mSZL0VXHmbcJpSg7lPObFBbjYtbHm3fIoC4:mSJcJpNMFBwtbT4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1198d3f11e9e2c007e539a943c0e6c809969e002188f4e4a5ee2693b351fa98_NeikiAnalytics.exe

Files

a1198d3f11e9e2c007e539a943c0e6c809969e002188f4e4a5ee2693b351fa98_NeikiAnalytics.exe
.sys windows:4 windows x86 arch:x86

473ae2e2dd153fa99526f865e2e169ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
KeInitializeSpinLock
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
KeInitializeEvent
ExFreePool
IoSetDeviceInterfaceState
KeSetEvent
KeClearEvent
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
IoCreateDevice
IofCompleteRequest
IofCallDriver
PoCallDriver
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoDeleteDevice
IoDeleteSymbolicLink
RtlFreeUnicodeString
IoDetachDevice
ObfDereferenceObject
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
RtlCompareMemory
PsTerminateSystemThread
IoFreeIrp
IoCancelIrp
KeWaitForMultipleObjects
IoAllocateIrp
InterlockedExchange
RtlQueryRegistryValues
memmove
IoBuildDeviceIoControlRequest
PoRequestPowerIrp
PoStartNextPowerIrp
KeDelayExecutionThread
PoSetPowerState
RtlUnwind
IoRegisterDeviceInterface

hal

KfReleaseSpinLock
KfAcquireSpinLock

smclib.sys

SmartcardCreateLink
SmartcardLogError
SmartcardInitialize
SmartcardDeviceControl
SmartcardReleaseRemoveLock
SmartcardAcquireRemoveLock
SmartcardExit
SmartcardReleaseRemoveLockAndWait
SmartcardUpdateCardCapabilities
SmartcardT0Reply
SmartcardT1Reply
SmartcardRawReply
SmartcardT0Request
SmartcardT1Request
SmartcardRawRequest

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEABLE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 864B - Virtual size: 858B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

473ae2e2dd153fa99526f865e2e169ef

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

smclib.sys

usbd.sys

Sections

.text Size: 12KB - Virtual size: 12KB

PAGEABLE Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 864B - Virtual size: 858B

.text
Size: 12KB - Virtual size: 12KB

PAGEABLE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 864B - Virtual size: 858B