23e3dab3a0585549807661e4ba72d880_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

23e3dab3a0585549807661e4ba72d880_NeikiAnalytics
Size

33KB
MD5

23e3dab3a0585549807661e4ba72d880
SHA1

ff8aa94da4a488dd40b111eb35e83e6db07065c3
SHA256

0319a6ea92997746ca3c91bcb9cff0dc05dd48848c39450bf7a89a99bb03e8b7
SHA512

fecc05e4709401e9b1f9612252614473f529b054b9a474b38e53ed2de37bb61d103575f9c86ad93cc82a9234b9cc7a926d289f92d4d95d01bd31a62a8ea919f2
SSDEEP

768:0HBOtAG4i3KaCIYU68gYs+KM6ehINnRKekOl3yCCFU0:igSIKYrK1RKrO1gU0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23e3dab3a0585549807661e4ba72d880_NeikiAnalytics

Files

23e3dab3a0585549807661e4ba72d880_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

c7f0b95b5c5700823b3f783f845fb480

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

I:\gl\builds\SWZWWoES\0\isg_virtuos\isg-virtuos\virtuos\bin_x64\plugins\RealTimeTarget\RealTimeTargetManager\VRealTimeTargetLicenseRequester_x64.pdb

Imports

qt5core

?toLatin1@QChar@@QEBADXZ
?at@QByteArray@@QEBAD_J@Z
??4QString@@QEAAAEAV0@AEBV0@@Z
?at@QString@@QEBA?BVQChar@@H@Z
?append@QString@@QEAAAEAV1@VQChar@@@Z
?prepend@QString@@QEAAAEAV1@AEBV1@@Z
?replace@QString@@QEAAAEAV1@AEBV1@0W4CaseSensitivity@Qt@@@Z
?split@QString@@QEBA?AVQStringList@@AEBV1@W4SplitBehavior@1@W4CaseSensitivity@Qt@@@Z
?toLongLong@QString@@QEBA_JPEA_NH@Z
?number@QString@@SA?AV1@_JH@Z
??4QString@@QEAAAEAV0@AEBVQByteArray@@@Z
?begin@QString@@QEAAPEAVQChar@@XZ
??0QChar@@QEAA@H@Z
?detach@QListData@@QEAAPEAUData@1@H@Z
?dispose@QListData@@QEAAXXZ
?dispose@QListData@@SAXPEAUData@1@@Z
?size@QListData@@QEBAHXZ
?at@QListData@@QEBAPEAPEAXH@Z
?begin@QListData@@QEBAPEAPEAXXZ
?end@QListData@@QEBAPEAPEAXXZ
??0QProcess@@QEAA@PEAVQObject@@@Z
??1QProcess@@UEAA@XZ
?start@QProcess@@QEAAXAEBVQString@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?waitForFinished@QProcess@@QEAA_NH@Z
?readAllStandardOutput@QProcess@@QEAA?AVQByteArray@@XZ
??1QByteArray@@QEAA@XZ
?qt_assert_x@@YAXPEBD00H@Z
?open@QFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??1QFile@@UEAA@XZ
?end@QString@@QEAAPEAVQChar@@XZ
?close@QFileDevice@@UEAAXXZ
??6QTextStream@@QEAAAEAV0@AEBVQString@@@Z
??1QTextStream@@UEAA@XZ
??0QTextStream@@QEAA@PEAVQIODevice@@@Z
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ
?hash@QCryptographicHash@@SA?AVQByteArray@@AEBV2@W4Algorithm@1@@Z
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z
??0QFile@@QEAA@AEBVQString@@@Z
?append@QByteArray@@QEAAAEAV1@AEBVQString@@@Z
?toHex@QByteArray@@QEBA?AV1@XZ
?toStdString@QByteArray@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0QString@@QEAA@XZ
??0QString@@QEAA@AEBV0@@Z
??1QString@@QEAA@XZ
??4QString@@QEAAAEAV0@$$QEAV0@@Z
??0QByteArray@@QEAA@XZ
?toUpper@QString@@QEHAA?AV1@XZ
?simplified@QString@@QEGBA?AV1@XZ
?append@QString@@QEAAAEAV1@AEBV1@@Z
?fromUtf8@QString@@SA?AV1@PEBDH@Z
??8@YA_NAEBVQString@@0@Z
??0QString@@QEAA@AEBVQByteArray@@@Z
?fromStdString@QString@@SA?AV1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?toStdString@QString@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

mdpapi

MDPClose
MDPOpen
MDPSyncRead

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uncaught_exception@std@@YA_NXZ

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memset
__std_terminate
_CxxThrowException
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_crt_atexit
_initialize_onexit_table
terminate
_seh_filter_dll
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__p___argv
_set_app_type
_seh_filter_exe
system
__p___argc
_exit
exit
_crt_at_quick_exit
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

kernel32

QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7f0b95b5c5700823b3f783f845fb480

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt5core

mdpapi

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 48B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 48B