2dbc990921b55999faaf37fcd8e87630_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

2dbc990921b55999faaf37fcd8e87630_NeikiAnalytics
Size

88KB
MD5

2dbc990921b55999faaf37fcd8e87630
SHA1

9ec61ccd3c75430dd54d85322d6a934717a366b1
SHA256

b12dc13b966a1c6e030c21897cbf578509a5f21e02818b219685826e1b7c909b
SHA512

c9feeb2c14c2fb3b93376d92f5edfd6c3ae9d70afcdf59963673500d1d34dd04e3097f1c86537870b425280f71c461daa21de4b0924f2515bc996e4fbcbcd1d9
SSDEEP

1536:6qnKM6/f71ExNs4PtYrVfslZNtxFbJ2yN6+XiR9sP8V:6qKT/zWDVUE/J2O/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dbc990921b55999faaf37fcd8e87630_NeikiAnalytics

Files

2dbc990921b55999faaf37fcd8e87630_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

c08e7645cf9cfada7bd1369a54661eaf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

qt6websockets

?isValid@QWebSocket@@QEBA_NXZ
?localAddress@QWebSocket@@QEBA?AVQHostAddress@@XZ
?localPort@QWebSocket@@QEBAGXZ
?pauseMode@QWebSocket@@QEBA?AV?$QFlags@W4PauseMode@QAbstractSocket@@@@XZ
?peerAddress@QWebSocket@@QEBA?AVQHostAddress@@XZ
?peerName@QWebSocket@@QEBA?AVQString@@XZ
?peerPort@QWebSocket@@QEBAGXZ
?proxy@QWebSocket@@QEBA?AVQNetworkProxy@@XZ
?setProxy@QWebSocket@@QEAAXAEBVQNetworkProxy@@@Z
?setMaskGenerator@QWebSocket@@QEAAXPEBVQMaskGenerator@@@Z
?maskGenerator@QWebSocket@@QEBAPEBVQMaskGenerator@@XZ
?readBufferSize@QWebSocket@@QEBA_JXZ
?setReadBufferSize@QWebSocket@@QEAAX_J@Z
?resume@QWebSocket@@QEAAXXZ
?setPauseMode@QWebSocket@@QEAAXV?$QFlags@W4PauseMode@QAbstractSocket@@@@@Z
?state@QWebSocket@@QEBA?AW4SocketState@QAbstractSocket@@XZ
?version@QWebSocket@@QEBA?AW4Version@QWebSocketProtocol@@XZ
?resourceName@QWebSocket@@QEBA?AVQString@@XZ
?requestUrl@QWebSocket@@QEBA?AVQUrl@@XZ
?request@QWebSocket@@QEBA?AVQNetworkRequest@@XZ
?handshakeOptions@QWebSocket@@QEBA?AVQWebSocketHandshakeOptions@@XZ
?origin@QWebSocket@@QEBA?AVQString@@XZ
?subprotocol@QWebSocket@@QEBA?AVQString@@XZ
?closeCode@QWebSocket@@QEBA?AW4CloseCode@QWebSocketProtocol@@XZ
?closeReason@QWebSocket@@QEBA?AVQString@@XZ
??1QWebSocket@@UEAA@XZ
?sendBinaryMessage@QWebSocket@@QEAA_JAEBVQByteArray@@@Z
?ignoreSslErrors@QWebSocket@@QEAAXAEBV?$QList@VQSslError@@@@@Z
?continueInterruptedHandshake@QWebSocket@@QEAAXXZ
?setSslConfiguration@QWebSocket@@QEAAXAEBVQSslConfiguration@@@Z
?sslConfiguration@QWebSocket@@QEBA?AVQSslConfiguration@@XZ
?bytesToWrite@QWebSocket@@QEBA_JXZ
?setMaxAllowedIncomingFrameSize@QWebSocket@@QEAAX_K@Z
?maxAllowedIncomingFrameSize@QWebSocket@@QEBA_KXZ
?setMaxAllowedIncomingMessageSize@QWebSocket@@QEAAX_K@Z
?maxAllowedIncomingMessageSize@QWebSocket@@QEBA_KXZ
?maxIncomingMessageSize@QWebSocket@@SA_KXZ
?maxIncomingFrameSize@QWebSocket@@SA_KXZ
?setOutgoingFrameSize@QWebSocket@@QEAAX_K@Z
?outgoingFrameSize@QWebSocket@@QEBA_KXZ
?maxOutgoingFrameSize@QWebSocket@@SA_KXZ
?close@QWebSocket@@QEAAXW4CloseCode@QWebSocketProtocol@@AEBVQString@@@Z
?open@QWebSocket@@QEAAXAEBVQUrl@@@Z
?open@QWebSocket@@QEAAXAEBVQNetworkRequest@@@Z
?open@QWebSocket@@QEAAXAEBVQUrl@@AEBVQWebSocketHandshakeOptions@@@Z
?open@QWebSocket@@QEAAXAEBVQNetworkRequest@@AEBVQWebSocketHandshakeOptions@@@Z
?flush@QWebSocket@@QEAA_NXZ
?ignoreSslErrors@QWebSocket@@QEAAXXZ
??0QMaskGenerator@@QEAA@PEAVQObject@@@Z
??1QMaskGenerator@@UEAA@XZ
??0QWebSocket@@QEAA@AEBVQString@@W4Version@QWebSocketProtocol@@PEAVQObject@@@Z
?errorString@QWebSocket@@QEBA?AVQString@@XZ
?error@QWebSocket@@QEBA?AW4SocketError@QAbstractSocket@@XZ
?abort@QWebSocket@@QEAAXXZ
?allowed@QWebSocketCorsAuthenticator@@QEBA_NXZ
?staticMetaObject@QWebSocketServer@@2UQMetaObject@@B
?setAllowed@QWebSocketCorsAuthenticator@@QEAAX_N@Z
?origin@QWebSocketCorsAuthenticator@@QEBA?AVQString@@XZ
??4QWebSocketCorsAuthenticator@@QEAAAEAV0@AEBV0@@Z
?swap@QWebSocketCorsAuthenticator@@QEAAXAEAV1@@Z
??0QWebSocketCorsAuthenticator@@QEAA@AEBV0@@Z
??1QWebSocketCorsAuthenticator@@QEAA@XZ
??0QWebSocketCorsAuthenticator@@QEAA@AEBVQString@@@Z
?equals@QWebSocketHandshakeOptions@@AEBA_NAEBV1@@Z
?setSubprotocols@QWebSocketHandshakeOptions@@QEAAXAEBV?$QList@VQString@@@@@Z
?subprotocols@QWebSocketHandshakeOptions@@QEBA?AV?$QList@VQString@@@@XZ
?swap@QWebSocketHandshakeOptions@@QEAAXAEAV1@@Z
??4QWebSocketHandshakeOptions@@QEAAAEAV0@AEBV0@@Z
??1QWebSocketHandshakeOptions@@QEAA@XZ
??0QWebSocketHandshakeOptions@@QEAA@AEBV0@@Z
??0QWebSocketHandshakeOptions@@QEAA@XZ
?staticMetaObject@QWebSocket@@2UQMetaObject@@B
?qt_metacall@QWebSocket@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QWebSocket@@UEAAPEAXPEBD@Z
?metaObject@QWebSocket@@UEBAPEBUQMetaObject@@XZ
?handleConnection@QWebSocketServer@@QEBAXPEAVQTcpSocket@@@Z
?supportedVersions@QWebSocketServer@@QEBA?AV?$QList@W4Version@QWebSocketProtocol@@@@XZ
?sslConfiguration@QWebSocketServer@@QEBA?AVQSslConfiguration@@XZ
?setSslConfiguration@QWebSocketServer@@QEAAXAEBVQSslConfiguration@@@Z
?proxy@QWebSocketServer@@QEBA?AVQNetworkProxy@@XZ
?setProxy@QWebSocketServer@@QEAAXAEBVQNetworkProxy@@@Z
?supportedSubprotocols@QWebSocketServer@@QEBA?AV?$QList@VQString@@@@XZ
?setSupportedSubprotocols@QWebSocketServer@@QEAAXAEBV?$QList@VQString@@@@@Z
?serverName@QWebSocketServer@@QEBA?AVQString@@XZ
?setServerName@QWebSocketServer@@QEAAXAEBVQString@@@Z
?resumeAccepting@QWebSocketServer@@QEAAXXZ
?pauseAccepting@QWebSocketServer@@QEAAXXZ
?errorString@QWebSocketServer@@QEBA?AVQString@@XZ
?error@QWebSocketServer@@QEBA?AW4CloseCode@QWebSocketProtocol@@XZ
?nextPendingConnection@QWebSocketServer@@UEAAPEAVQWebSocket@@XZ
?hasPendingConnections@QWebSocketServer@@QEBA_NXZ
?socketDescriptor@QWebSocketServer@@QEBA_JXZ
?setSocketDescriptor@QWebSocketServer@@QEAA_N_J@Z
?secureMode@QWebSocketServer@@QEBA?AW4SslMode@1@XZ
?serverUrl@QWebSocketServer@@QEBA?AVQUrl@@XZ
?ping@QWebSocket@@QEAAXAEBVQByteArray@@@Z
?serverAddress@QWebSocketServer@@QEBA?AVQHostAddress@@XZ
?serverPort@QWebSocketServer@@QEBAGXZ
?handshakeTimeoutMS@QWebSocketServer@@QEBAHXZ
?setHandshakeTimeout@QWebSocketServer@@QEAAXH@Z
?maxPendingConnections@QWebSocketServer@@QEBAHXZ
?setMaxPendingConnections@QWebSocketServer@@QEAAXH@Z
?isListening@QWebSocketServer@@QEBA_NXZ
?close@QWebSocketServer@@QEAAXXZ
?listen@QWebSocketServer@@QEAA_NAEBVQHostAddress@@G@Z
??1QWebSocketServer@@UEAA@XZ
??0QWebSocketServer@@QEAA@AEBVQString@@W4SslMode@0@PEAVQObject@@@Z
?qt_metacall@QWebSocketServer@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QWebSocketServer@@UEAAPEAXPEBD@Z
?metaObject@QWebSocketServer@@UEBAPEBUQMetaObject@@XZ
?sendTextMessage@QWebSocket@@QEAA_JAEBVQString@@@Z

qt6network

??0QHostAddress@@QEAA@W4SpecialAddress@0@@Z
??1QHostAddress@@QEAA@XZ

qt6core

?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?metaObject@QObject@@UEBAPEBUQMetaObject@@XZ
??1QString@@QEAA@XZ
??0QString@@QEAA@XZ
?staticMetaObject@QObject@@2UQMetaObject@@B
?qt_QMetaEnum_debugOperator@@YA?AVQDebug@@AEAV1@_JPEBUQMetaObject@@PEBD@Z
??6QDebug@@QEAAAEAV0@H@Z
??1QDebug@@QEAA@XZ
?currentThread@QThread@@SAPEAV1@XZ
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?isSignalConnected@QObject@@IEBA_NAEBVQMetaMethod@@@Z
?receivers@QObject@@IEBAHPEBD@Z
?senderSignalIndex@QObject@@IEBAHXZ
?sender@QObject@@IEBAPEAV1@XZ
?deleteLater@QObject@@QEAAXXZ
?inherits@QObject@@QEBA_NPEBD@Z
?thread@QObject@@QEBAPEAVQThread@@XZ
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?id@QMetaType@@QEBAHH@Z
?registerNormalizedTypedef@QMetaType@@SAXAEBVQByteArray@@V1@@Z
?className@QMetaObject@@QEBAPEBDXZ
??6QDataStream@@QEAAAEAV0@H@Z
??5QDataStream@@QEAAAEAV0@AEAH@Z
?isNull@QByteArray@@QEBA_NXZ
?size@QByteArray@@QEBA_JXZ
?append@QByteArray@@QEAAAEAV1@PEBD@Z
?constData@QByteArray@@QEBAPEBDXZ
?data@QByteArray@@QEBAPEBDXZ
?reserve@QByteArray@@QEAAX_J@Z
??1QByteArray@@QEAA@XZ
??0QByteArray@@QEAA@XZ
?reallocateUnaligned@QArrayData@@SA?AU?$pair@PEAUQArrayData@@PEAX@std@@PEAU1@PEAX_J2W4AllocationOption@1@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?allocate@QArrayData@@SAPEAXPEAPEAU1@_J11W4AllocationOption@1@@Z

python3

PyExc_TypeError
PyType_IsSubtype
PyType_GetFlags
_Py_Dealloc
PyLong_FromLong
PyLong_FromUnsignedLong
PyBool_FromLong
PyList_New
PyList_SetItem
PyDict_GetItemString
PyModule_GetDict
PyCapsule_GetPointer
PyErr_SetString
PyErr_Occurred
PyLong_FromUnsignedLongLong
PyLong_FromLongLong
PyExc_AttributeError
PyCapsule_Type
PyIter_Next
PyObject_GetIter
PyImport_ImportModule
PyEval_RestoreThread
PyEval_SaveThread
PyModule_Create2
PyGILState_Release
PyGILState_Ensure
PyErr_Format
Py_FatalError
_Py_NoneStruct
PyErr_Clear

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent

vcruntime140

memcmp
memcpy
memmove
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
memset

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit

Exports

Exports

PyInit_QtWebSockets

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c08e7645cf9cfada7bd1369a54661eaf

Headers

DLL Characteristics

File Characteristics

Imports

qt6websockets

qt6network

qt6core

python3

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 8KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 8KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB