5f2cc1488fbecb296a18c69574d8baa0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

5f2cc1488fbecb296a18c69574d8baa0_NeikiAnalytics
Size

411KB
MD5

5f2cc1488fbecb296a18c69574d8baa0
SHA1

30eb86cced5996b0871e256629ec97f82d00311c
SHA256

643eeb109609846a553f02ddb8ccfe638a9f74925a3a4e00983b60a59f97ba85
SHA512

7996211953355f733ab5f7aff359e6ac9deb431bba92ffd19aa6e7c761e6131f192ad6677dc0152d9aaf946282d9bd6149516bbf075c404eca3eff30cfec7f0e
SSDEEP

6144:HEB4c7RMbSEB6wBSVJGpFRu1YJh7sjg8RbLAd7vZPqvtoeUOQbpvL:HEZ7+b/B7SrGNt7R8R/Ad7vZyi

Score

1^/10

Malware Config

Signatures

Files

5f2cc1488fbecb296a18c69574d8baa0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

58aee1b311b3c689b32ccaf328657623

Code Sign

5a:36:15:95:68:4c:60:91:d0:f5:d7:5f:e4:12:dc:04
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/10/2011, 00:00

Not After

17/12/2014, 23:59

Subject

CN=JRD COMMUNICATION (SHENZHEN) LTD,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=JRD COMMUNICATION (SHENZHEN) LTD,L=深圳,ST=广东省深圳市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:19:97:6e:3c:98:cc:08:b9:99:d0:43:31:7d:76:ca:a5:5e:a7:18
Signer

Actual PE Digest

e7:19:97:6e:3c:98:cc:08:b9:99:d0:43:31:7d:76:ca:a5:5e:a7:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateSemaphoreA
ExitProcess
GetCommandLineA
GetCommandLineW
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetTickCount
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject

mingwm10

__mingwthr_key_dtor

msvcrt

_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
fputc
fputs
free
fwrite
malloc
memchr
memmove
printf
realloc
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strerror
strncmp
strncpy
strstr
strtok
wcscpy
wcslen
wcsncpy

libgcc_s_dw2-1

_Unwind_DeleteException
_Unwind_GetDataRelBase
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
__deregister_frame_info
__emutls_get_address
__register_frame_info

qtcore4

_Z17qt_message_output9QtMsgTypePKc
_Z5qFreePv
_Z5qHashRK7QString
_Z7qMemSetPvij
_Z8qWinMainP11HINSTANCE__S0_PciRiR7QVectorIS1_E
_Z9qBadAllocv
_ZN10QByteArray11shared_nullE
_ZN10QByteArray7reallocEi
_ZN10QByteArrayaSERKS_
_ZN11QMetaObject8activateEP7QObjectPKS_iPPv
_ZN11QTextStreamC1EP7QString6QFlagsIN9QIODevice12OpenModeFlagEE
_ZN11QTextStreamD1Ev
_ZN11QTextStreamlsEPKc
_ZN11QTextStreamlsERK7QString
_ZN11QTextStreamlsEc
_ZN11QTextStreamlsEi
_ZN11QTextStreamlsEx
_ZN11QVectorData10reallocateEPS_iii
_ZN11QVectorData4freeEPS_i
_ZN11QVectorData8allocateEii
_ZN13QPluginLoader11setFileNameERK7QString
_ZN13QPluginLoader4loadEv
_ZN13QPluginLoader8instanceEv
_ZN13QPluginLoaderC1EP7QObject
_ZN14QWaitCondition4waitEP6QMutexm
_ZN14QWaitConditionC1Ev
_ZN14QWaitConditionD1Ev
_ZN16QCoreApplication4quitEv
_ZN16QCoreApplication4selfE
_ZN4QDir9setFilterE6QFlagsINS_6FilterEE
_ZN4QDirC1ERK7QString
_ZN4QDirD1Ev
_ZN5QDateC1Eiii
_ZN5QTimeC1Eiiii
_ZN6QMutex4lockEv
_ZN6QMutex6unlockEv
_ZN6QMutexC1ENS_13RecursionModeE
_ZN6QMutexD1Ev
_ZN6QTimer10singleShotEiP7QObjectPKc
_ZN6QTimer4stopEv
_ZN6QTimer5startEi
_ZN6QTimerC1EP7QObject
_ZN7QObject10childEventEP11QChildEvent
_ZN7QObject10disconnectEPKS_PKcS1_S3_
_ZN7QObject10startTimerEi
_ZN7QObject10timerEventEP11QTimerEvent
_ZN7QObject11customEventEP6QEvent
_ZN7QObject11eventFilterEPS_P6QEvent
_ZN7QObject11qt_metacallEN11QMetaObject4CallEiPPv
_ZN7QObject11qt_metacastEPKc
_ZN7QObject12moveToThreadEP7QThread
_ZN7QObject13connectNotifyEPKc
_ZN7QObject16disconnectNotifyEPKc
_ZN7QObject16staticMetaObjectE
_ZN7QObject5eventEP6QEvent
_ZN7QObject7connectEPKS_PKcS1_S3_N2Qt14ConnectionTypeE
_ZN7QObject9killTimerEi
_ZN7QObjectC2EPS_
_ZN7QObjectD2Ev
_ZN7QString10fromLatin1EPKci
_ZN7QString11shared_nullE
_ZN7QString14fromWCharArrayEPKwi
_ZN7QString16codecForCStringsE
_ZN7QString16fromAscii_helperEPKci
_ZN7QString4freeEPNS_4DataE
_ZN7QString6appendE5QChar
_ZN7QString6appendERKS_
_ZN7QString7sprintfEPKcz
_ZN7QString9fromAsciiEPKci
_ZN7QStringaSERKS_
_ZN7QThread11qt_metacallEN11QMetaObject4CallEiPPv
_ZN7QThread11qt_metacastEPKc
_ZN7QThread16staticMetaObjectE
_ZN7QThread4execEv
_ZN7QThread4quitEv
_ZN7QThread4waitEm
_ZN7QThread5startENS_8PriorityE
_ZN7QThread6msleepEm
_ZN7QThreadC2EP7QObject
_ZN7QThreadD2Ev
_ZN8QLibrary11setFileNameERK7QString
_ZN8QLibrary4loadEv
_ZN8QLibrary7resolveEPKc
_ZN8QLibraryC1EP7QObject
_ZN8QLibraryD1Ev
_ZN8QMapData10createDataEi
_ZN8QMapData11node_createEPPNS_4NodeEii
_ZN8QMapData11shared_nullE
_ZN8QMapData16continueFreeDataEi
_ZN9QDateTime7setDateERK5QDate
_ZN9QDateTime7setTimeERK5QTime
_ZN9QDateTimeC1Ev
_ZN9QDateTimeD1Ev
_ZN9QFileInfoC1ERKS_
_ZN9QFileInfoD1Ev
_ZN9QHashData11free_helperEPFvPNS_4NodeEE
_ZN9QHashData11shared_nullE
_ZN9QHashData12allocateNodeEi
_ZN9QHashData14detach_helper2EPFvPNS_4NodeEPvEPFvS1_Eii
_ZN9QHashData6rehashEi
_ZN9QListData11detach_growEPii
_ZN9QListData11shared_nullE
_ZN9QListData5eraseEPPv
_ZN9QListData6appendEv
_ZN9QListData6detachEi
_ZN9QListData6insertEi
_ZN9QListData6removeEi
_ZNK4QDir12absolutePathEv
_ZNK4QDir13entryInfoListE6QFlagsINS_6FilterEES0_INS_8SortFlagEE
_ZNK7QObject6senderEv
_ZNK7QString11toLocal8BitEv
_ZNK7QString12toWCharArrayEPw
_ZNK7QString3argExiiRK5QChar
_ZNK7QString4leftEi
_ZNK7QString5rightEi
_ZNK7QString6toUtf8Ev
_ZNK7QString7indexOfERKS_iN2Qt15CaseSensitivityE
_ZNK7QString7toAsciiEv
_ZNK7QStringeqERK13QLatin1String
_ZNK7QStringeqERKS_
_ZNK7QStringltERKS_
_ZNK9QDateTime8toStringERK7QString
_ZNK9QFileInfo8fileNameEv
_ZNK9QFileInfo8filePathEv

qtgui4

_ZN12QApplication4execEv
_ZN12QApplicationD2Ev

common

_Z10DestroyLogv
_Z17getActiveUserNamev
_Z22GetDataValueFromStructR10BLDiagInfoR10CDataValue
_Z22GetDataValueFromStructR14BLLinuxVerInfoR10CDataValue
_Z22GetDataValueFromStructR14BLLocationInfoR10CDataValue
_Z22GetDataValueFromStructR15BLEquipmentInfoR10CDataValue
_Z22GetDataValueFromStructR15BLPinGetInfoCnfR10CDataValue
_Z22GetDataValueFromStructR16BLUssdReceiveRptR10CDataValue
_Z22GetDataValueFromStructR18BLPinCheckStateCnfR10CDataValue
_Z22GetDataValueFromStructR19BLNetworkGetInfoCnfR10CDataValue
_Z22GetDataValueFromStructR19BLNetworkGetListCnfR10CDataValue
_Z22GetDataValueFromStructR23BLNetworkGetRegStateCnfR10CDataValue
_Z22GetDataValueFromStructR27BLNetworkGetLacAndCellIDCnfR10CDataValue
_Z22GetStructFromDataValueR10CDataValueR14BLPinChangeReq
_Z22GetStructFromDataValueR10CDataValueR14BLPinEnableReq
_Z22GetStructFromDataValueR10CDataValueR15BLCancelMessage
_Z22GetStructFromDataValueR10CDataValueR15BLNetworkSetReq
_Z22GetStructFromDataValueR10CDataValueR16BLLockChangeInfo
_Z22GetStructFromDataValueR10CDataValueR16BLLockEnableInfo
_Z22GetStructFromDataValueR10CDataValueR16BLUssdSendCmdReq
_Z22GetStructFromDataValueR10CDataValueR17BLPinVerifyPukReq
_Z7InitLogPKc
_ZN10CDataValue11arrayAppendERKS_b
_ZN10CDataValue14parseToQStringE10ENUM_STYLE
_ZN10CDataValue16parseToDataValueER7QStringRS_
_ZN10CDataValue6mapGetEPKc
_ZN10CDataValue6mapSetEPKcRKS_b
_ZN10CDataValue6mapSetERK7QStringRKS_b
_ZN10CDataValue8arrayGetEj
_ZN10CDataValueC1E15ENUM_VALUE_TYPE
_ZN10CDataValueC1EPKc
_ZN10CDataValueC1EPKv
_ZN10CDataValueC1ERK7QString
_ZN10CDataValueC1ERKS_
_ZN10CDataValueC1ERKSs
_ZN10CDataValueC1Ei
_ZN10CDataValueD1Ev
_ZN10CDataValueaSERKS_
_ZN11CSerialPort12CreateObjectEv
_ZN13CPersoManager10hasFeatureE7QString
_ZN13CPersoManager13getConfigDataE7QString
_ZN13CPersoManager14systemInstanceEv
_ZN13CPersoManager7destroyE7QString
_ZN13CPersoManager8instanceE7QString
_ZN14CMainAppGlobal14getLibraryPathEv
_ZN14CMainAppGlobal15getResourcePathEv
_ZN18BusinessPluginBase19handleMessageComingERK7QStringP10CDataValueS4_
_ZN18BusinessPluginBase23handleUnsolicitedReportERK7QStringRS0_P10CDataValue
_ZN19QtSingleApplication9isRunningEv
_ZN19QtSingleApplicationC1ERiPPcb
_ZN20CSystemEventListener7destroyEv
_ZN20CSystemEventListener8instanceEv
_ZN20DeviceService_Global14initErrorTableEv
_ZN20DeviceService_Global16atError2IpcErrorEi
_ZN20DeviceService_Global18getGlobalDataByKeyE7QStringR10CDataValue
_ZN20DeviceService_Global18setGlobalDataByKeyE7QStringR10CDataValue
_ZN20DeviceService_Global23getDeviceIDByDeviceNameE7QString
_ZN20DeviceService_Global5resetEv
_ZN20DeviceService_Global8instanceEv
_ZN23ThreadMessageDispatcher21incomingThreadMessageEP10CDataValue
_ZN23ThreadMessageDispatcher29getNextPendingResponseMessageEv
_ZN23ThreadMessageDispatcher8instanceEv
_ZN27ApplicationContorllerClient12startConnectEv
_ZN27ApplicationContorllerClient22sendMsgToAppControllerE7QStringP10CDataValue
_ZN27ApplicationContorllerClient33sendMsgToAppController_GetDevicesEv
_ZN27ApplicationContorllerClientC1E7QStringP7QObject
_ZN8CLogFileC1Ei
_ZN8CLogFileD1Ev
_ZN9IPCServer11startListenE7QString
_ZN9IPCServer12sendResponseE7QStringi
_ZN9IPCServer27setOnlyOneConnectionSupportEv
_ZN9IPCServerC1EP7QObject
_ZNK10CDataValue10arrayCountEv
_ZNK10CDataValue10mapGetKeysEv
_ZNK10CDataValue11mapIsMemberEPKc
_ZNK10CDataValue5asIntEv
_ZNK10CDataValue6asBoolEv
_ZNK10CDataValue6isNullEv
_ZNK10CDataValue8isStringEv
_ZNK10CDataValue9asQStringEv
_ZTV19QtSingleApplication
_ZTV19QtSingleApplication
_ZTV19QtSingleApplication

Sections

.text
Size: 307KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 156B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

58aee1b311b3c689b32ccaf328657623

Code Sign

5a:36:15:95:68:4c:60:91:d0:f5:d7:5f:e4:12:dc:04Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e7:19:97:6e:3c:98:cc:08:b9:99:d0:43:31:7d:76:ca:a5:5e:a7:18Signer

Headers

File Characteristics

Imports

kernel32

mingwm10

msvcrt

libgcc_s_dw2-1

qtcore4

qtgui4

common

Sections

.text Size: 307KB - Virtual size: 306KB

.data Size: 57KB - Virtual size: 57KB

.rdata Size: 30KB - Virtual size: 29KB

.bss Size: - Virtual size: 156B

.idata Size: 12KB - Virtual size: 12KB

5a:36:15:95:68:4c:60:91:d0:f5:d7:5f:e4:12:dc:04
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e7:19:97:6e:3c:98:cc:08:b9:99:d0:43:31:7d:76:ca:a5:5e:a7:18
Signer

.text
Size: 307KB - Virtual size: 306KB

.data
Size: 57KB - Virtual size: 57KB

.rdata
Size: 30KB - Virtual size: 29KB

.bss
Size: - Virtual size: 156B

.idata
Size: 12KB - Virtual size: 12KB