General

Malware Config

Signatures

Files

• 68cf87bfc1437eb6edc1f60a5de17480_NeikiAnalytics.exe

  .dll windows:6 windows x64 arch:x64

  034af49bee64406bb54dbca4508e7509

  
  

  Code Sign

  01

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  01-01-2004 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25-05-2021 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  9a:51:27:ac:6e:2a:fc:48:fa:3f:f8:cf:1e:0e:29:a3

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  05-01-2023 00:00

  Not After

  04-01-2025 23:59

  Subject

  CN=北京拉酷网络科技有限公司,O=北京拉酷网络科技有限公司,ST=北京市,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  21-09-2022 00:00

  Not After

  21-11-2033 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  61:89:2f:28:17:35:f1:e3:94:d3:13:2f:46:8a:bd:fc:56:20:86:9b:5d:f9:4b:26:f8:9f:38:bb:dd:a0:20:58

  Signer

  Actual PE Digest

  61:89:2f:28:17:35:f1:e3:94:d3:13:2f:46:8a:bd:fc:56:20:86:9b:5d:f9:4b:26:f8:9f:38:bb:dd:a0:20:58

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  Imports

  qt5gui

  ?sharedPainter@QPaintDevice@@MEBAPEAVQPainter@@XZ

  ?redirected@QPaintDevice@@MEBAPEAV1@PEAVQPoint@@@Z

  ?paintEngine@QImage@@UEBAPEAVQPaintEngine@@XZ

  ?metric@QImage@@MEBAHW4PaintDeviceMetric@QPaintDevice@@@Z

  ?jumpToNextImage@QImageIOHandler@@UEAA_NXZ

  ?jumpToImage@QImageIOHandler@@UEAA_NH@Z

  ?initPainter@QPaintDevice@@MEBAXPEAVQPainter@@@Z

  ?devType@QImage@@UEBAHXZ

  ?drawImage@QPainter@@QEAAXAEBVQRect@@AEBVQImage@@@Z

  ??1QPainter@@QEAA@XZ

  ?setDevice@QImageIOHandler@@QEAAXPEAVQIODevice@@@Z

  ??0QPainter@@QEAA@PEAVQPaintDevice@@@Z

  ?setOption@QImageIOHandler@@UEAAXW4ImageOption@1@AEBVQVariant@@@Z

  ?setFormat@QImageIOHandler@@QEBAXAEBVQByteArray@@@Z

  ?device@QImageIOHandler@@QEBAPEAVQIODevice@@XZ

  ??1QImageIOHandler@@UEAA@XZ

  ??0QImageIOHandler@@QEAA@XZ

  ?convertToFormat_helper@QImage@@IEBA?AV1@W4Format@1@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z

  ?bytesPerLine@QImage@@QEBAHXZ

  ?byteCount@QImage@@QEBAHXZ

  ?bits@QImage@@QEAAPEAEXZ

  ?height@QImage@@QEBAHXZ

  ?width@QImage@@QEBAHXZ

  ?format@QImage@@QEBA?AW4Format@1@XZ

  ?isNull@QImage@@QEBA_NXZ

  ??4QImage@@QEAAAEAV0@$$QEAV0@@Z

  ??4QImage@@QEAAAEAV0@AEBV0@@Z

  ??1QImage@@UEAA@XZ

  ??0QImage@@QEAA@AEBV0@@Z

  ??0QImage@@QEAA@HHW4Format@0@@Z

  ?invalidate@QColor@@AEAAXXZ

  ??BQColor@@QEBA?AVQVariant@@XZ

  ?fromRgba@QColor@@SA?AV1@I@Z

  ?staticMetaObject@QImageIOPlugin@@2UQMetaObject@@B

  ??1QImageIOPlugin@@UEAA@XZ

  ??0QImageIOPlugin@@QEAA@PEAVQObject@@@Z

  ?qt_metacall@QImageIOPlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

  ?qt_metacast@QImageIOPlugin@@UEAAPEAXPEBD@Z

  ?setFormat@QImageIOHandler@@QEAAXAEBVQByteArray@@@Z

  qt5core

  ??6QDebug@@QEAAAEAV0@PEBD@Z

  ??1QDebug@@QEAA@XZ

  ?toInt@QVariant@@QEBAHPEA_N@Z

  ??0QVariant@@QEAA@AEBVQSize@@@Z

  ??0QVariant@@QEAA@H@Z

  ??0QVariant@@QEAA@XZ

  ?peek@QIODevice@@QEAA?AVQByteArray@@_J@Z

  ?write@QIODevice@@QEAA_JPEBD_J@Z

  ?readAll@QIODevice@@QEAA?AVQByteArray@@XZ

  ?endsWith@QByteArray@@QEBA_NPEBD@Z

  ?startsWith@QByteArray@@QEBA_NPEBD@Z

  ?constData@QByteArray@@QEBAPEBDXZ

  ?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z

  ?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ

  ?isOpen@QIODevice@@QEBA_NXZ

  ?isReadable@QIODevice@@QEBA_NXZ

  ?isWritable@QIODevice@@QEBA_NXZ

  ?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z

  ?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z

  ?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z

  ?customEvent@QObject@@MEAAXPEAVQEvent@@@Z

  ?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z

  ?event@QObject@@UEAA_NPEAVQEvent@@@Z

  ?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z

  ?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z

  ??0QMessageLogger@@QEAA@PEBDH0@Z

  ?warning@QMessageLogger@@QEBAXPEBDZZ

  ?warning@QMessageLogger@@QEBA?AVQDebug@@XZ

  ??0QByteArray@@QEAA@XZ

  ??1QByteArray@@QEAA@XZ

  ??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z

  ??6QDebug@@QEAAAEAV0@H@Z

  kernel32

  InitializeSListHead

  DisableThreadLibraryCalls

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  GetCurrentProcessId

  QueryPerformanceCounter

  TerminateProcess

  GetCurrentProcess

  IsProcessorFeaturePresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  IsDebuggerPresent

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  GetProcAddress

  GetModuleHandleW

  CreateEventW

  WaitForSingleObjectEx

  ResetEvent

  SetEvent

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  CloseHandle

  vcruntime140

  memset

  memcpy

  memmove

  __C_specific_handler

  __vcrt_InitializeCriticalSectionEx

  __telemetry_main_invoke_trigger

  __telemetry_main_return_trigger

  __std_exception_copy

  __std_exception_destroy

  _CxxThrowException

  __std_type_info_destroy_list

  api-ms-win-crt-math-l1-1-0

  log

  ceil

  log10

  pow

  api-ms-win-crt-utility-l1-1-0

  qsort

  api-ms-win-crt-heap-l1-1-0

  _callnewh

  calloc

  malloc

  free

  api-ms-win-crt-runtime-l1-1-0

  _seh_filter_dll

  _configure_narrow_argv

  _initialize_narrow_environment

  _initialize_onexit_table

  _register_onexit_function

  _execute_onexit_table

  _crt_atexit

  _cexit

  _initterm

  _initterm_e

  Exports

  Exports

  qt_plugin_instance

  qt_plugin_query_metadata

  Sections

  .text

  Size: 333KB - Virtual size: 332KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 90KB - Virtual size: 89KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 16KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .qtmetad

  Size: 512B - Virtual size: 292B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 512B - Virtual size: 52B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 32B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 824B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 276B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ