f4d08de21892bd39694b84313844e890_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

f4d08de21892bd39694b84313844e890_NEIKI
Size

514KB
MD5

f4d08de21892bd39694b84313844e890
SHA1

0bb7e5f84b34a1ea622613c651384af87f015c09
SHA256

3a5ea9067b1a76da73b6dc767087b7c9f182bddc9847d25589e2883d91f50ea4
SHA512

4180c26be37e8bb5eb158718c20a75f8b2360adbc92363ea1d88e324464a22593828b65e665cd1615cfd31a5ad52f914d7af0d83f6d3ce214cc231fba7f71a4f
SSDEEP

12288:JMjrjX6A+atPLrLrLrLFiihgqy3jMV63dfrOyEa:ejrZ+cLrLrLrLFiihgqAIV6NjOyr

Score

1^/10

Malware Config

Signatures

Files

f4d08de21892bd39694b84313844e890_NEIKI
.dll windows:6 windows x64 arch:x64

11e58e8d0a39a00edd87f97619613470

Code Sign

4a:53:8c:28
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/07/2009, 17:25

Not After

07/12/2030, 17:55

Subject

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:a4:66:cd:fc:68:ed:79:2a:d9:33:e5:6e:a2:d9:d9
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

18/11/2022, 07:19

Not After

01/12/2025, 07:19

Subject

SERIALNUMBER=2637805-2,CN=The Qt Company Oy,O=The Qt Company Oy,L=Espoo,C=FI,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024649

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

04/10/2022, 17:21

Not After

01/01/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

83:b0:5e:bc:6a:55:00:37:df:30:a7:7a:22:b4:92:be:72:d4:30:66:60:a7:03:e9:cd:6c:87:47:65:0b:db:74
Signer

Actual PE Digest

83:b0:5e:bc:6a:55:00:37:df:30:a7:7a:22:b4:92:be:72:d4:30:66:60:a7:03:e9:cd:6c:87:47:65:0b:db:74

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb

Imports

qt5gui

?paintEngine@QImage@@UEBAPEAVQPaintEngine@@XZ
?name@QImageIOHandler@@UEBA?AVQByteArray@@XZ
?metric@QImage@@MEBAHW4PaintDeviceMetric@QPaintDevice@@@Z
?jumpToNextImage@QImageIOHandler@@UEAA_NXZ
?jumpToImage@QImageIOHandler@@UEAA_NH@Z
?initPainter@QPaintDevice@@MEBAXPEAVQPainter@@@Z
?devType@QImage@@UEBAHXZ
?fillRect@QPainter@@QEAAXAEBVQRect@@AEBVQColor@@@Z
?drawImage@QPainter@@QEAAXAEBVQRect@@AEBVQImage@@@Z
?setCompositionMode@QPainter@@QEAAXW4CompositionMode@1@@Z
??1QPainter@@QEAA@XZ
??0QPainter@@QEAA@PEAVQPaintDevice@@@Z
?setOption@QImageIOHandler@@UEAAXW4ImageOption@1@AEBVQVariant@@@Z
?setFormat@QImageIOHandler@@QEBAXAEBVQByteArray@@@Z
?device@QImageIOHandler@@QEBAPEAVQIODevice@@XZ
??1QImageIOHandler@@UEAA@XZ
?staticMetaObject@QImageIOPlugin@@2UQMetaObject@@B
??0QImageIOHandler@@QEAA@XZ
?convertToFormat_helper@QImage@@IEBA?AV1@W4Format@1@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?setColorSpace@QImage@@QEAAXAEBVQColorSpace@@@Z
?colorSpace@QImage@@QEBA?AVQColorSpace@@XZ
?hasAlphaChannel@QImage@@QEBA_NXZ
?fill@QImage@@QEAAXW4GlobalColor@Qt@@@Z
?bytesPerLine@QImage@@QEBAHXZ
?sizeInBytes@QImage@@QEBA_JXZ
?bits@QImage@@QEAAPEAEXZ
?redirected@QPaintDevice@@MEBAPEAV1@PEAVQPoint@@@Z
?size@QImage@@QEBA?AVQSize@@XZ
?height@QImage@@QEBAHXZ
?width@QImage@@QEBAHXZ
?format@QImage@@QEBA?AW4Format@1@XZ
?isNull@QImage@@QEBA_NXZ
??4QImage@@QEAAAEAV0@$$QEAV0@@Z
??4QImage@@QEAAAEAV0@AEBV0@@Z
??1QImage@@UEAA@XZ
??0QImage@@QEAA@AEBV0@@Z
??0QImage@@QEAA@HHW4Format@0@@Z
?iccProfile@QColorSpace@@QEBA?AVQByteArray@@XZ
?fromIccProfile@QColorSpace@@SA?AV1@AEBVQByteArray@@@Z
?isValid@QColorSpace@@QEBA_NXZ
??4QColorSpace@@QEAAAEAV0@$$QEAV0@@Z
??1QColorSpace@@QEAA@XZ
??0QColorSpace@@QEAA@XZ
??BQColor@@QEBA?AVQVariant@@XZ
?fromRgba@QColor@@SA?AV1@I@Z
??0QColor@@QEAA@W4GlobalColor@Qt@@@Z
??0QColor@@QEAA@XZ
??1QImageIOPlugin@@UEAA@XZ
??0QImageIOPlugin@@QEAA@PEAVQObject@@@Z
?qt_metacall@QImageIOPlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QImageIOPlugin@@UEAAPEAXPEBD@Z
?setFormat@QImageIOHandler@@QEAAXAEBVQByteArray@@@Z
?setDevice@QImageIOHandler@@QEAAXPEAVQIODevice@@@Z
?sharedPainter@QPaintDevice@@MEBAPEAVQPainter@@XZ

qt5core

??6QDebug@@QEAAAEAV0@H@Z
??1QDebug@@QEAA@XZ
?peek@QIODevice@@QEAA?AVQByteArray@@_J@Z
?write@QIODevice@@QEAA_JPEBD_J@Z
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ
??6@YA?AVQDebug@@V0@AEBVQSize@@@Z
?toInt@QVariant@@QEBAHPEA_N@Z
??0QVariant@@QEAA@AEBVQSize@@@Z
??0QVariant@@QEAA@XZ
?fromRawData@QByteArray@@SA?AV1@PEBDH@Z
?endsWith@QByteArray@@QEBA_NPEBD@Z
?startsWith@QByteArray@@QEBA_NPEBD@Z
?detach@QByteArray@@QEAAXXZ
?constData@QByteArray@@QEBAPEBDXZ
??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z
??1QByteArray@@QEAA@XZ
??0QByteArray@@QEAA@XZ
?warning@QMessageLogger@@QEBA?AVQDebug@@XZ
?warning@QMessageLogger@@QEBAXPEBDZZ
??0QMessageLogger@@QEAA@PEBDH0@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
??6QDebug@@QEAAAEAV0@PEBD@Z
?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?isOpen@QIODevice@@QEBA_NXZ
?isReadable@QIODevice@@QEBA_NXZ
?isWritable@QIODevice@@QEBA_NXZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
??0QVariant@@QEAA@H@Z

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle

vcruntime140

memcpy
memset
memmove
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
calloc

api-ms-win-crt-math-l1-1-0

log10
log
pow

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initialize_onexit_table
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initterm
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11e58e8d0a39a00edd87f97619613470

Code Sign

4a:53:8c:28Certificate

Key Usages

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

61:a4:66:cd:fc:68:ed:79:2a:d9:33:e5:6e:a2:d9:d9Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1fCertificate

Extended Key Usages

Key Usages

83:b0:5e:bc:6a:55:00:37:df:30:a7:7a:22:b4:92:be:72:d4:30:66:60:a7:03:e9:cd:6c:87:47:65:0b:db:74Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt5gui

qt5core

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 410KB - Virtual size: 409KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 1024B - Virtual size: 11KB

.pdata Size: 18KB - Virtual size: 18KB

.qtmetad Size: 512B - Virtual size: 118B

.rsrc Size: 1024B - Virtual size: 832B

.reloc Size: 512B - Virtual size: 288B

4a:53:8c:28
Certificate

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

61:a4:66:cd:fc:68:ed:79:2a:d9:33:e5:6e:a2:d9:d9
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

83:b0:5e:bc:6a:55:00:37:df:30:a7:7a:22:b4:92:be:72:d4:30:66:60:a7:03:e9:cd:6c:87:47:65:0b:db:74
Signer

.text
Size: 410KB - Virtual size: 409KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 1024B - Virtual size: 11KB

.pdata
Size: 18KB - Virtual size: 18KB

.qtmetad
Size: 512B - Virtual size: 118B

.rsrc
Size: 1024B - Virtual size: 832B

.reloc
Size: 512B - Virtual size: 288B