H:\new\pluginstall\pdb\xadfilter.pdb
Static task
static1
1 signatures
General
-
Target
a280fe8b322eb65f1214129bdf7f163c674cb2a208c63bbd5bf17bba9528d46f_NeikiAnalytics.exe
-
Size
446KB
-
MD5
b1c0882935ec0a2042ab13915286a3c0
-
SHA1
1180f87a0c7f606d1fdbede615f931eaf5346017
-
SHA256
a280fe8b322eb65f1214129bdf7f163c674cb2a208c63bbd5bf17bba9528d46f
-
SHA512
75dec59866c7eaa665c83143331dfccb4a73b633e06cfaf5f942aa1d872a05dc16c8fa7d716bc45df0492fcc279f1d52fb37a3b0e720ccb00e954ca6cbf1bf28
-
SSDEEP
12288:699gFzvsO1ZJCVVJ/NttIK7zt+9pnExWotySoiBXkM:MgFzbZJCzJ/NtPzU9pnAWotpo+
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a280fe8b322eb65f1214129bdf7f163c674cb2a208c63bbd5bf17bba9528d46f_NeikiAnalytics.exe
Files
-
a280fe8b322eb65f1214129bdf7f163c674cb2a208c63bbd5bf17bba9528d46f_NeikiAnalytics.exe.sys windows:5 windows x86 arch:x86
374bd107d8507369e1ae2f8bb9825b52
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExFreePoolWithTag
ExAllocatePool
RtlLookupElementGenericTable
RtlInitializeGenericTable
_wcsnicmp
wcsncpy
wcsstr
IoGetTopLevelIrp
_wcsupr
MmIsAddressValid
ExAllocatePoolWithTag
KeLeaveCriticalRegion
ExGetPreviousMode
KeEnterCriticalRegion
IoDriverObjectType
IofCompleteRequest
KeWaitForSingleObject
KeSetTimer
ObfDereferenceObject
ObReferenceObjectByName
KeInitializeTimerEx
KeSetEvent
IoFreeMdl
IoFreeIrp
IofCallDriver
ZwCreateKey
IoCreateFile
ZwSetValueKey
ZwSetInformationFile
KeQuerySystemTime
wcsrchr
_vsnwprintf
RtlAppendUnicodeStringToString
ObReferenceObjectByHandle
RtlCopyUnicodeString
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
MmHighestUserAddress
KeTickCount
RtlUnicodeStringToInteger
_wcsicmp
ZwReadFile
RtlUnicodeStringToAnsiString
ZwQueryValueKey
ZwQueryInformationFile
ZwWriteFile
KeSetTargetProcessorDpc
KeInitializeDpc
KeInsertQueueDpc
PsGetVersion
KeNumberProcessors
ExQueueWorkItem
ExAcquireResourceExclusiveLite
PsSetLoadImageNotifyRoutine
PsLookupProcessByProcessId
ZwQuerySystemInformation
PsSetCreateProcessNotifyRoutine
_wcslwr
KeDetachProcess
ExAcquireResourceSharedLite
ExReleaseResourceLite
PsRemoveLoadImageNotifyRoutine
KeAttachProcess
ZwQueryInformationProcess
ExInitializeResourceLite
ObOpenObjectByPointer
ZwAllocateVirtualMemory
RtlQueryRegistryValues
IoThreadToProcess
IoDeleteDevice
IoGetCurrentProcess
IoAttachDevice
IoCreateDevice
PsGetProcessId
ObQueryNameString
IoCreateSymbolicLink
DbgPrint
PsGetCurrentProcessId
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
ProbeForRead
_except_handler3
memcpy
memset
hal
KeRaiseIrqlToDpcLevel
KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock
KfLowerIrql
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 409KB - Virtual size: 412KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ