1c5141bce7f84c296d537c63054ccd078a2b2387c66b523c897c8a2dee5b364f_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1c5141bce7f84c296d537c63054ccd078a2b2387c66b523c897c8a2dee5b364f_NeikiAnalytics.exe
Size

19KB
MD5

ff99ac34ffabf8bf6d7faa794ee7c890
SHA1

c48b7e75fb9480c63c609034b8465686255db273
SHA256

1c5141bce7f84c296d537c63054ccd078a2b2387c66b523c897c8a2dee5b364f
SHA512

1564091983c8c6e625d610daa17822aa322a0bff5d51a36c5e22adef5d607b739bd3d06a650025a8b177019d406be3d96c3d067a50acaed4cef4af8f24d11b93
SSDEEP

384:VzyK2DLHuHS85l6E9xyxHjZNSga+P1TMd33WSY2RWo6W7:KDQ5cC+HNNJ14dU2aW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c5141bce7f84c296d537c63054ccd078a2b2387c66b523c897c8a2dee5b364f_NeikiAnalytics.exe

Files

1c5141bce7f84c296d537c63054ccd078a2b2387c66b523c897c8a2dee5b364f_NeikiAnalytics.exe
.sys windows:6 windows x86 arch:x86

de797ab530f76682c9ece9bc544abe3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

usbprint.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
KeSetEvent
IoFreeIrp
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoAllocateIrp
IofCompleteRequest
PoStartNextPowerIrp
ObfReferenceObject
RtlFreeUnicodeString
ZwSetValueKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoSetDeviceInterfaceState
IoCreateDevice
IoCancelIrp
memcpy
InterlockedDecrement
KeClearEvent
InterlockedIncrement
ZwDeleteValueKey
ZwOpenKey
PoCallDriver
IoOpenDeviceInterfaceRegistryKey
IoGetDeviceInterfaces
memset
IoOpenDeviceRegistryKey
strncmp
IoDetachDevice
IoDeleteDevice
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
IoBuildDeviceIoControlRequest
InterlockedExchange
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
InterlockedCompareExchange
RtlCompareMemory
KeTickCount
KeBugCheckEx
ExAllocatePoolWithTag
ZwClose
ZwQueryValueKey
ExFreePool
_vsnwprintf
PoRequestPowerIrp
_vsnprintf

hal

KfAcquireSpinLock
KfReleaseSpinLock

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx
USBD_GetUSBDIVersion

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 385B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 241B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 778B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de797ab530f76682c9ece9bc544abe3f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

usbd.sys

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 512B - Virtual size: 385B

.data Size: 512B - Virtual size: 24B

PAGE Size: 512B - Virtual size: 241B

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 1024B - Virtual size: 778B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 512B - Virtual size: 385B

.data
Size: 512B - Virtual size: 24B

PAGE
Size: 512B - Virtual size: 241B

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 1024B - Virtual size: 778B