4fd8e10e39124875a1a73ea36005b3a9a464d3930c3a26ce780ae57dffd80651_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4fd8e10e39124875a1a73ea36005b3a9a464d3930c3a26ce780ae57dffd80651_NeikiAnalytics.exe
Size

7.4MB
MD5

efbc55539471851fea1c4ec7c762beb0
SHA1

12580201e9a319434f53f9c7a505eeffbd8dd6bc
SHA256

4fd8e10e39124875a1a73ea36005b3a9a464d3930c3a26ce780ae57dffd80651
SHA512

a3d22c1427b99775a16e82ca696211d594ce048b95ad50fa1428aea180187a2e6381f36edb39d4bf9a2ce26746006e5a7d71ea42c42ac4b575066d2c4cff81ed
SSDEEP

196608:RYqcB8TGKZmeyPqLq/29Tvjqj8pT3vYs8xv5sBLt3p:uoLmeXpT/4sht5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4fd8e10e39124875a1a73ea36005b3a9a464d3930c3a26ce780ae57dffd80651_NeikiAnalytics.exe

Files

4fd8e10e39124875a1a73ea36005b3a9a464d3930c3a26ce780ae57dffd80651_NeikiAnalytics.exe
.sys windows:6 windows x86 arch:x86

1efa5ed851cccc786e14b520f66a6ba4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workarea\8.831.3.1\drivers\kmd\build\w7\B_rel\atikmdag.pdb

Imports

ntoskrnl.exe

_purecall
RtlWriteRegistryValue
wcstombs
KeSaveFloatingPointState
KeRestoreFloatingPointState
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
ZwClose
ZwCreateKey
RtlInitUnicodeString
IoOpenDeviceRegistryKey
KeBugCheckEx
_allshr
InterlockedPopEntrySList
InterlockedPushEntrySList
MmGetPhysicalAddress
MmAllocateContiguousMemory
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
KeGetCurrentThread
PsGetCurrentProcessId
MmMapLockedPagesSpecifyCache
MmFreePagesFromMdl
MmAllocatePagesForMdl
MmUnmapLockedPages
MmLockPagableDataSection
MmUnlockPagableImageSection
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLockFromDpcLevel
ExfInterlockedRemoveHeadList
ExfInterlockedInsertHeadList
ExfInterlockedInsertTailList
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExDeletePagedLookasideList
ExDeleteNPagedLookasideList
KeSetEvent
KeClearEvent
KeInitializeMutex
KeReleaseMutex
KeInitializeDpc
KeInsertQueueDpc
KeRemoveQueueDpc
ObReferenceObjectByHandle
PsCreateSystemThread
PsTerminateSystemThread
KeQueryInterruptTime
MmIsAddressValid
RtlQueryRegistryValues
RtlFreeUnicodeString
ZwCreateFile
RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
ZwSetInformationFile
PoRegisterPowerSettingCallback
PoUnregisterPowerSettingCallback
IoCreateSynchronizationEvent
IoCreateNotificationEvent
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
ProbeForRead
ZwInitiatePowerAction
ZwPowerInformation
_alldiv
ZwSetValueKey
RtlUnicodeStringToInteger
ZwQueryValueKey
RtlGetVersion
ZwEnumerateKey
ZwOpenKey
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeTryToAcquireSpinLockAtDpcLevel
_itow
KeWaitForMultipleObjects
strstr
READ_REGISTER_ULONG
WRITE_REGISTER_ULONG
_allshl
RtlCaptureStackBackTrace
KeInitializeTimerEx
KeCancelTimer
KeSetTimer
KeLeaveGuardedRegion
KeEnterGuardedRegion
ProbeForWrite
RtlUnwind
_aulldiv
KeNumberProcessors
RtlCompareMemory
_allmul
memcpy
memmove
_vsnprintf
DbgPrintEx
ObfDereferenceObject
IoGetLowerDeviceObject
IofCompleteRequest
IoUnregisterShutdownNotification
ExFreePoolWithTag
memset
IoGetDeviceProperty
ExAllocatePoolWithTag
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
_aullrem
_aullshr
RtlZeroMemory
RtlMoveMemory
READ_REGISTER_BUFFER_UCHAR
READ_REGISTER_UCHAR
rand
IoFreeWorkItem
RtlAppendUnicodeToString
IoQueueWorkItem
IoAllocateWorkItem
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwSetInformationThread
KeQueryActiveProcessors
_except_handler3
KeQueryPriorityThread
KeDelayExecutionThread
vsprintf
_snprintf
KeAcquireGuardedMutex
KeReleaseGuardedMutex
PsGetProcessId
KeInitializeGuardedMutex
MmBuildMdlForNonPagedPool
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
MmUnmapIoSpace
MmMapIoSpace
_allrem
ExEventObjectType
_CIsqrt
DbgPrint
IoDeleteDevice
RtlCopyUnicodeString
ZwUnloadDriver
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ZwLoadDriver
ExUuidCreate
IoRegisterShutdownNotification
RtlRaiseException
MmGetSystemRoutineAddress
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor

hal

KeReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
KfRaiseIrql
KfLowerIrql
KeQueryPerformanceCounter
WRITE_PORT_UCHAR
READ_PORT_ULONG
WRITE_PORT_ULONG
KeStallExecutionProcessor
HalGetBusDataByOffset
KeGetCurrentIrql
KeAcquireSpinLock

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_wtext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 708KB - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.5MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE_COM
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE_INI
Size: 512B - Virtual size: 490B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE_DDC
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1efa5ed851cccc786e14b520f66a6ba4

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

_wtext Size: 2KB - Virtual size: 1KB

.rdata Size: 708KB - Virtual size: 708KB

.data Size: 2.5MB - Virtual size: 2.8MB

PAGE_COM Size: 48KB - Virtual size: 48KB

PAGE_INI Size: 512B - Virtual size: 490B

PAGE_DDC Size: 3KB - Virtual size: 3KB

PAGE Size: 5KB - Virtual size: 5KB

PAGE Size: 432KB - Virtual size: 431KB

INIT Size: 5KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 154KB - Virtual size: 154KB

.text
Size: 3.5MB - Virtual size: 3.5MB

_wtext
Size: 2KB - Virtual size: 1KB

.rdata
Size: 708KB - Virtual size: 708KB

.data
Size: 2.5MB - Virtual size: 2.8MB

PAGE_COM
Size: 48KB - Virtual size: 48KB

PAGE_INI
Size: 512B - Virtual size: 490B

PAGE_DDC
Size: 3KB - Virtual size: 3KB

PAGE
Size: 5KB - Virtual size: 5KB

PAGE
Size: 432KB - Virtual size: 431KB

INIT
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 154KB - Virtual size: 154KB