H:\new\pluginstall\pdb\xadfilter.pdb
Static task
static1
1 signatures
General
-
Target
b641597cbd3bacf151e1bfbe23c49c7e7e70d752b219436b9344648b91a9c8e9_NeikiAnalytics.exe
-
Size
446KB
-
MD5
234e169f56cb4328542c41af3156dc70
-
SHA1
6f9d9f23313dc6b0b6112d2fb8fc8a8904c52daf
-
SHA256
b641597cbd3bacf151e1bfbe23c49c7e7e70d752b219436b9344648b91a9c8e9
-
SHA512
9c4db8f62dcd60aab844e293820ab01158dd6f9836f77f51f0655599321fa39bd03fd58dc91d19654b85cf9d19211d3f48a04751f284babbe1c8823004662191
-
SSDEEP
12288:399gFLvsO1ZJCVVJ/NttIK7zt+9pnExWotySoiBXkM:LgFLbZJCzJ/NtPzU9pnAWotpo+
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b641597cbd3bacf151e1bfbe23c49c7e7e70d752b219436b9344648b91a9c8e9_NeikiAnalytics.exe
Files
-
b641597cbd3bacf151e1bfbe23c49c7e7e70d752b219436b9344648b91a9c8e9_NeikiAnalytics.exe.sys windows:5 windows x86 arch:x86
374bd107d8507369e1ae2f8bb9825b52
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExFreePoolWithTag
ExAllocatePool
RtlLookupElementGenericTable
RtlInitializeGenericTable
_wcsnicmp
wcsncpy
wcsstr
IoGetTopLevelIrp
_wcsupr
MmIsAddressValid
ExAllocatePoolWithTag
KeLeaveCriticalRegion
ExGetPreviousMode
KeEnterCriticalRegion
IoDriverObjectType
IofCompleteRequest
KeWaitForSingleObject
KeSetTimer
ObfDereferenceObject
ObReferenceObjectByName
KeInitializeTimerEx
KeSetEvent
IoFreeMdl
IoFreeIrp
IofCallDriver
ZwCreateKey
IoCreateFile
ZwSetValueKey
ZwSetInformationFile
KeQuerySystemTime
wcsrchr
_vsnwprintf
RtlAppendUnicodeStringToString
ObReferenceObjectByHandle
RtlCopyUnicodeString
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
MmHighestUserAddress
KeTickCount
RtlUnicodeStringToInteger
_wcsicmp
ZwReadFile
RtlUnicodeStringToAnsiString
ZwQueryValueKey
ZwQueryInformationFile
ZwWriteFile
KeSetTargetProcessorDpc
KeInitializeDpc
KeInsertQueueDpc
PsGetVersion
KeNumberProcessors
ExQueueWorkItem
ExAcquireResourceExclusiveLite
PsSetLoadImageNotifyRoutine
PsLookupProcessByProcessId
ZwQuerySystemInformation
PsSetCreateProcessNotifyRoutine
_wcslwr
KeDetachProcess
ExAcquireResourceSharedLite
ExReleaseResourceLite
PsRemoveLoadImageNotifyRoutine
KeAttachProcess
ZwQueryInformationProcess
ExInitializeResourceLite
ObOpenObjectByPointer
ZwAllocateVirtualMemory
RtlQueryRegistryValues
IoThreadToProcess
IoDeleteDevice
IoGetCurrentProcess
IoAttachDevice
IoCreateDevice
PsGetProcessId
ObQueryNameString
IoCreateSymbolicLink
DbgPrint
PsGetCurrentProcessId
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
ProbeForRead
_except_handler3
memcpy
memset
hal
KeRaiseIrqlToDpcLevel
KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock
KfLowerIrql
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 409KB - Virtual size: 412KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ