21b42b7b12e3f3aa7bdb1424f4a88468d3897e2d4c562b0f0a0a67f345c18d32_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

21b42b7b12e3f3aa7bdb1424f4a88468d3897e2d4c562b0f0a0a67f345c18d32_NeikiAnalytics.exe
Size

762KB
MD5

b955cfaa9fa2244c2d0d2ca4bc48bdf0
SHA1

ce9c67b433b5882b184a8daa84c6c78835c283dd
SHA256

21b42b7b12e3f3aa7bdb1424f4a88468d3897e2d4c562b0f0a0a67f345c18d32
SHA512

89b3789a86eca24be35a7d2adb6f00a21b943bfadae7c929ac02b73da852773e57f5b047d6af249ff01841e864cdf4889eb359262283f0887b4b0a8735a8bb14
SSDEEP

6144:qXR0E4d4NG3L3KQ0EDQE/P3NBmHGNLKhvv4jGdhpK:0R0EwZHVQvv4jGdhpK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21b42b7b12e3f3aa7bdb1424f4a88468d3897e2d4c562b0f0a0a67f345c18d32_NeikiAnalytics.exe

Files

21b42b7b12e3f3aa7bdb1424f4a88468d3897e2d4c562b0f0a0a67f345c18d32_NeikiAnalytics.exe
.sys windows:5 windows x86 arch:x86

6e15bb595c2bad9a074640fe8f1178cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dmboot.pdb

Imports

ntoskrnl.exe

ExRaiseStatus
ZwClose
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
IofCompleteRequest
RtlWriteRegistryValue
IoRegisterShutdownNotification
IoCreateDevice
IoRegisterBootDriverReinitialization
MmPageEntireDriver
strchr
_stricmp
RtlCheckRegistryKey
strrchr
_allshr
sprintf
ZwSetValueKey
wcslen
ZwDeleteKey
swprintf
_alldiv
_allrem
_allmul
wcscpy
strncpy
atoi
KeDelayExecutionThread
wcsstr
RtlFreeUnicodeString
IoCreateSymbolicLink
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoDeleteSymbolicLink
RtlCopyUnicodeString
ExAllocatePool
_aulldvrm
ZwDeviceIoControlFile
ZwOpenFile
_except_handler3
ZwCreateKey
ZwEnumerateKey
ExUuidCreate
ZwWriteFile
tolower
isupper
wcscat
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwDisplayString
isdigit
_strnicmp
_wcsnicmp
_wcsicmp
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
strncat
vsprintf
_alldvrm
KeQueryActiveProcessors
rand
qsort
wcscmp
KeQuerySystemTime
isspace

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e15bb595c2bad9a074640fe8f1178cf

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 196KB - Virtual size: 196KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 526KB - Virtual size: 526KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 526KB - Virtual size: 526KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 6KB