43b4ca99f4beaa1f6f754671f976d39a91e9da409be674de3e498213616cbac9_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

43b4ca99f4beaa1f6f754671f976d39a91e9da409be674de3e498213616cbac9_NeikiAnalytics.exe
Size

14KB
MD5

5f53469b8008455d878b418517321100
SHA1

8a29b8102d61e0dc4e5b5d7797e7af5ac196cfde
SHA256

43b4ca99f4beaa1f6f754671f976d39a91e9da409be674de3e498213616cbac9
SHA512

a095580c16cd94000c38b26d2826bf19508a88f891a12c0f865c24878e7e94bc86775f2aa7777eb91898d9e24b98765df71ad1a26a6b55c8bf20afa9dda1ade3
SSDEEP

192:PW7WFG/ipd3nS3c5EW8Pe6sv9qtJIq2EJEab0y6R3Zz48LA8IMWguGqQ:+7i1iMsu9+YRR3ZzNqMWguGJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43b4ca99f4beaa1f6f754671f976d39a91e9da409be674de3e498213616cbac9_NeikiAnalytics.exe

Files

43b4ca99f4beaa1f6f754671f976d39a91e9da409be674de3e498213616cbac9_NeikiAnalytics.exe
.sys windows:6 windows x86 arch:x86

3023f9dbc1b42a771f63ce0dae88379a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\usbmonitor\release\i386\usbfflt.pdb

Imports

ntoskrnl.exe

KeSetEvent
memset
RtlCompareUnicodeString
ZwClose
ZwOpenKey
RtlCompareMemory
memcpy
ExfInterlockedInsertTailList
InterlockedPopEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
RtlCopyUnicodeString
KeTickCount
KeBugCheckEx
ExfInterlockedRemoveHeadList
ExEventObjectType
KeResetEvent
ObReferenceObjectByHandle
RtlInitUnicodeString
PsGetCurrentProcessId
IoThreadToProcess
ExFreePoolWithTag
ExAllocatePoolWithTag
KeInitializeEvent
IoBuildDeviceIoControlRequest
IofCallDriver
KeWaitForSingleObject
ObfDereferenceObject
IoGetCurrentProcess
ZwQueryValueKey
InterlockedPushEntrySList
RtlUnwind

hal

KfReleaseSpinLock
KfAcquireSpinLock

fltmgr.sys

FltBuildDefaultSecurityDescriptor
FltCreateCommunicationPort
FltFreeSecurityDescriptor
FltStartFiltering
FltGetFileNameInformation
FltParseFileNameInformation
FltReleaseFileNameInformation
FltGetDiskDeviceObject
FltGetVolumeName
FltCloseCommunicationPort
FltUnregisterFilter
FltCloseClientPort
FltRegisterFilter

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 498B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 758B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3023f9dbc1b42a771f63ce0dae88379a

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

fltmgr.sys

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 768B - Virtual size: 644B

.data Size: 640B - Virtual size: 536B

PAGE Size: 512B - Virtual size: 498B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 896B - Virtual size: 840B

.reloc Size: 768B - Virtual size: 758B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 768B - Virtual size: 644B

.data
Size: 640B - Virtual size: 536B

PAGE
Size: 512B - Virtual size: 498B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 896B - Virtual size: 840B

.reloc
Size: 768B - Virtual size: 758B