68cf87bfc1437eb6edc1f60a5de17480_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

68cf87bfc1437eb6edc1f60a5de17480_NeikiAnalytics.exe
Size

456KB
MD5

68cf87bfc1437eb6edc1f60a5de17480
SHA1

1baa3ef68df2b1bf753277e23b927a6b82815c45
SHA256

a7525f8692297bc3732e577aa6ca4a257040f7f7077d2d9a3f9ed6de82cafde9
SHA512

2166976549873383c9b7e4164714307e9b36eb1c9b31390b3b0b4064069b0bf1d67561302fc44985337e1b4acc16adac795e10e3420334456ca80aec3a291722
SSDEEP

6144:d6nIzLvAe2gMYJrK/cFSFJvzG2iCqhMx6H8YQvVFgtrmZ:d68LvA8ZJrS5Atr4

Score

1^/10

Malware Config

Signatures

Files

68cf87bfc1437eb6edc1f60a5de17480_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

034af49bee64406bb54dbca4508e7509

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:51:27:ac:6e:2a:fc:48:fa:3f:f8:cf:1e:0e:29:a3
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05-01-2023 00:00

Not After

04-01-2025 23:59

Subject

CN=北京拉酷网络科技有限公司,O=北京拉酷网络科技有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:89:2f:28:17:35:f1:e3:94:d3:13:2f:46:8a:bd:fc:56:20:86:9b:5d:f9:4b:26:f8:9f:38:bb:dd:a0:20:58
Signer

Actual PE Digest

61:89:2f:28:17:35:f1:e3:94:d3:13:2f:46:8a:bd:fc:56:20:86:9b:5d:f9:4b:26:f8:9f:38:bb:dd:a0:20:58

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

qt5gui

?sharedPainter@QPaintDevice@@MEBAPEAVQPainter@@XZ
?redirected@QPaintDevice@@MEBAPEAV1@PEAVQPoint@@@Z
?paintEngine@QImage@@UEBAPEAVQPaintEngine@@XZ
?metric@QImage@@MEBAHW4PaintDeviceMetric@QPaintDevice@@@Z
?jumpToNextImage@QImageIOHandler@@UEAA_NXZ
?jumpToImage@QImageIOHandler@@UEAA_NH@Z
?initPainter@QPaintDevice@@MEBAXPEAVQPainter@@@Z
?devType@QImage@@UEBAHXZ
?drawImage@QPainter@@QEAAXAEBVQRect@@AEBVQImage@@@Z
??1QPainter@@QEAA@XZ
?setDevice@QImageIOHandler@@QEAAXPEAVQIODevice@@@Z
??0QPainter@@QEAA@PEAVQPaintDevice@@@Z
?setOption@QImageIOHandler@@UEAAXW4ImageOption@1@AEBVQVariant@@@Z
?setFormat@QImageIOHandler@@QEBAXAEBVQByteArray@@@Z
?device@QImageIOHandler@@QEBAPEAVQIODevice@@XZ
??1QImageIOHandler@@UEAA@XZ
??0QImageIOHandler@@QEAA@XZ
?convertToFormat_helper@QImage@@IEBA?AV1@W4Format@1@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?bytesPerLine@QImage@@QEBAHXZ
?byteCount@QImage@@QEBAHXZ
?bits@QImage@@QEAAPEAEXZ
?height@QImage@@QEBAHXZ
?width@QImage@@QEBAHXZ
?format@QImage@@QEBA?AW4Format@1@XZ
?isNull@QImage@@QEBA_NXZ
??4QImage@@QEAAAEAV0@$$QEAV0@@Z
??4QImage@@QEAAAEAV0@AEBV0@@Z
??1QImage@@UEAA@XZ
??0QImage@@QEAA@AEBV0@@Z
??0QImage@@QEAA@HHW4Format@0@@Z
?invalidate@QColor@@AEAAXXZ
??BQColor@@QEBA?AVQVariant@@XZ
?fromRgba@QColor@@SA?AV1@I@Z
?staticMetaObject@QImageIOPlugin@@2UQMetaObject@@B
??1QImageIOPlugin@@UEAA@XZ
??0QImageIOPlugin@@QEAA@PEAVQObject@@@Z
?qt_metacall@QImageIOPlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QImageIOPlugin@@UEAAPEAXPEBD@Z
?setFormat@QImageIOHandler@@QEAAXAEBVQByteArray@@@Z

qt5core

??6QDebug@@QEAAAEAV0@PEBD@Z
??1QDebug@@QEAA@XZ
?toInt@QVariant@@QEBAHPEA_N@Z
??0QVariant@@QEAA@AEBVQSize@@@Z
??0QVariant@@QEAA@H@Z
??0QVariant@@QEAA@XZ
?peek@QIODevice@@QEAA?AVQByteArray@@_J@Z
?write@QIODevice@@QEAA_JPEBD_J@Z
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ
?endsWith@QByteArray@@QEBA_NPEBD@Z
?startsWith@QByteArray@@QEBA_NPEBD@Z
?constData@QByteArray@@QEBAPEBDXZ
?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?isOpen@QIODevice@@QEBA_NXZ
?isReadable@QIODevice@@QEBA_NXZ
?isWritable@QIODevice@@QEBA_NXZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
??0QMessageLogger@@QEAA@PEBDH0@Z
?warning@QMessageLogger@@QEBAXPEBDZZ
?warning@QMessageLogger@@QEBA?AVQDebug@@XZ
??0QByteArray@@QEAA@XZ
??1QByteArray@@QEAA@XZ
??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z
??6QDebug@@QEAAAEAV0@H@Z

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle

vcruntime140

memset
memcpy
memmove
__C_specific_handler
__vcrt_InitializeCriticalSectionEx
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list

api-ms-win-crt-math-l1-1-0

log
ceil
log10
pow

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
malloc
free

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

034af49bee64406bb54dbca4508e7509

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

9a:51:27:ac:6e:2a:fc:48:fa:3f:f8:cf:1e:0e:29:a3Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

61:89:2f:28:17:35:f1:e3:94:d3:13:2f:46:8a:bd:fc:56:20:86:9b:5d:f9:4b:26:f8:9f:38:bb:dd:a0:20:58Signer

Headers

DLL Characteristics

File Characteristics

Imports

qt5gui

qt5core

kernel32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 333KB - Virtual size: 332KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 1024B - Virtual size: 9KB

.pdata Size: 16KB - Virtual size: 15KB

.qtmetad Size: 512B - Virtual size: 292B

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 52B

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 276B

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9a:51:27:ac:6e:2a:fc:48:fa:3f:f8:cf:1e:0e:29:a3
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

61:89:2f:28:17:35:f1:e3:94:d3:13:2f:46:8a:bd:fc:56:20:86:9b:5d:f9:4b:26:f8:9f:38:bb:dd:a0:20:58
Signer

.text
Size: 333KB - Virtual size: 332KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 1024B - Virtual size: 9KB

.pdata
Size: 16KB - Virtual size: 15KB

.qtmetad
Size: 512B - Virtual size: 292B

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 52B

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 276B