H:\window\Squirrel\plugs\驱动插件\驱动插件\驱动功能\驱动功能\x64\Release\驱动功能.pdb
Static task
static1
1 signatures
General
-
Target
02bca41d4ceaacc2361eebdf25e18cd7e4b780540d178797809fd0eeec5735fe_NeikiAnalytics.exe
-
Size
85KB
-
MD5
189496d3ca8a71c739a5b5ee22aca020
-
SHA1
7ae77f57cf05de5a49ac7dcf30507a17f4ca97a2
-
SHA256
02bca41d4ceaacc2361eebdf25e18cd7e4b780540d178797809fd0eeec5735fe
-
SHA512
6d1b520c80e8c42fdcdf4108190ba1136a433251e046143a1a52d0f0bbc885c76ae26bb5914114218713636e2e2bd45b38f0065096100a711185c4e1845ea948
-
SSDEEP
1536:yyJW8OkD5AOMBZFhwsNVYrtSk3peURe2YsaAthZ45NknBrJh2yHWoZv8qSTtLb/k:O8OkDAwvX3peue2YsaAthZ45NkV2yHW6
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 02bca41d4ceaacc2361eebdf25e18cd7e4b780540d178797809fd0eeec5735fe_NeikiAnalytics.exe
Files
-
02bca41d4ceaacc2361eebdf25e18cd7e4b780540d178797809fd0eeec5735fe_NeikiAnalytics.exe.sys windows:10 windows x64 arch:x64
ccf63536e12be7db70d48719ad10cd45
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
fltmgr.sys
FltUnregisterFilter
FltStartFiltering
FltGetFileNameInformation
FltReleaseFileNameInformation
FltRegisterFilter
ntoskrnl.exe
strstr
RtlInitUnicodeString
RtlEqualUnicodeString
RtlAppendUnicodeStringToString
DbgPrint
DbgPrintEx
RtlGetVersion
KeDelayExecutionThread
ExAllocatePoolWithTag
ExFreePoolWithTag
MmGetSystemRoutineAddress
ObCloseHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlPrefixUnicodeString
PsGetCurrentProcessId
PsGetCurrentThreadId
PsGetProcessId
PsLookupThreadByThreadId
_vsnwprintf
ZwQuerySystemInformation
ZwQueryInformationProcess
PsGetProcessWow64Process
PsIsProtectedProcess
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
IoAllocateIrp
IofCallDriver
IoFreeIrp
IoFreeMdl
ExInitializeRundownProtection
ExAcquireRundownProtection
ExReleaseRundownProtection
MmProbeAndLockPages
MmUnlockPages
MmProtectMdlSystemAddress
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
PsCreateSystemThread
IoAllocateMdl
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
KeInitializeApc
KeInsertQueueApc
KeTestAlertThread
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
wcsrchr
RtlWriteRegistryValue
RtlCreateRegistryKey
MmIsAddressValid
swprintf
__C_specific_handler
CmUnRegisterCallback
PsTerminateSystemThread
PsSetCreateProcessNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
PsRemoveLoadImageNotifyRoutine
wcsstr
RtlCompareUnicodeString
KeInitializeGuardedMutex
ExAcquireFastMutex
ExReleaseFastMutex
ObRegisterCallbacks
ObUnRegisterCallbacks
PsSetCreateProcessNotifyRoutineEx
PsSetLoadImageNotifyRoutine
PsGetThreadId
PsGetThreadProcessId
ZwOpenProcess
PsProcessType
PsThreadType
RtlCopyUnicodeString
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
ObfReferenceObject
RtlLookupElementGenericTableAvl
CmRegisterCallbackEx
CmCallbackGetKeyObjectID
ZwEnumerateKey
ZwEnumerateValueKey
ObOpenObjectByPointer
_local_unwind
CmKeyObjectType
_wcsnicmp
ExAllocatePoolWithQuotaTag
KeBugCheckEx
Sections
.text Size: 61KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 568B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ