41471dd79ce2f50a9c69a04f449884584106f796d846fc8ceec103e931cb2640_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

41471dd79ce2f50a9c69a04f449884584106f796d846fc8ceec103e931cb2640_NeikiAnalytics.exe
Size

81KB
MD5

5575faf219a9a829b9a20481c3f133a0
SHA1

a91d5910c9c926521f8d70317c2a883ee0218c2e
SHA256

41471dd79ce2f50a9c69a04f449884584106f796d846fc8ceec103e931cb2640
SHA512

010890d88f9fe56203e387482dc919f7ba33aa1c1e382f189bafeac733f5bc8c8d31d213111f219e4f723542c581651bb91e5df24c83a85de64d4f8f025f924f
SSDEEP

768:DHH7kFB1f3evPPmyhNIIcb61dVsxdmCa4+sWGoRjONeYM8YQpEg88Mk7f8f/KSqp:D7MB1fefzMaIksmpOYT8x6og/KjhuDC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41471dd79ce2f50a9c69a04f449884584106f796d846fc8ceec103e931cb2640_NeikiAnalytics.exe

Files

41471dd79ce2f50a9c69a04f449884584106f796d846fc8ceec103e931cb2640_NeikiAnalytics.exe
.sys windows:4 windows x86 arch:x86

9a8e5c7ed852c87b0dacb2f9045dc0e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAttachDeviceToDeviceStack
memcpy
memset
IoAllocateErrorLogEntry
IoAllocateWorkItem
IoFreeWorkItem
KeInsertQueueDpc
KeInitializeDpc
IoQueueWorkItem
KeRemoveQueueDpc
KeDelayExecutionThread
_allmul
KeSetEvent
IoWriteErrorLogEntry
IoCreateDevice
IoDetachDevice
strlen
sprintf
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoReleaseRemoveLockAndWaitEx
swprintf
IofCompleteRequest
wcsncmp
IoGetDeviceProperty
KeInitializeSpinLock
IoDeleteDevice
ZwOpenKey
ZwClose
IoAllocateIrp
RtlUnicodeStringToAnsiString
ZwEnumerateValueKey
ZwEnumerateKey
ZwQueryKey
IoInvalidateDeviceState
PoCallDriver
PoStartNextPowerIrp
PoSetPowerState
IoCancelIrp
memmove
isdigit
toupper
strcmp
_stricmp
strcpy
vsprintf
KeInitializeTimer
KeSetTimer
KeTickCount
KeCancelTimer
IoBuildDeviceIoControlRequest
IoInitializeIrp
KeInitializeEvent
IofCallDriver
KeWaitForSingleObject
IoFreeIrp
ObfDereferenceObject
RtlInitUnicodeString
ExAllocatePoolWithTag
IoGetDeviceObjectPointer
ExFreePool

hal

KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a8e5c7ed852c87b0dacb2f9045dc0e5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

usbd.sys

Sections

.text Size: 65KB - Virtual size: 65KB

.data Size: 7KB - Virtual size: 7KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 65KB - Virtual size: 65KB

.data
Size: 7KB - Virtual size: 7KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB