0b15fde18ff9694264a48eb1801d78d0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0b15fde18ff9694264a48eb1801d78d0_NeikiAnalytics.exe
Size

43KB
MD5

0b15fde18ff9694264a48eb1801d78d0
SHA1

879fa33cc33a3386ef886ce2f7d9f42722e6b4f0
SHA256

560237f4f7db40fa1332f27327f776b384ec8f7c7bca4597b85b02e9bc80055c
SHA512

7f808480d18b8fad403aef0ff577190ce929a8a74438ccfd49021baf35c08831b80b5777e35b651b9ecae7f386a4f82e76ffddfd43d6d13ecc036e54c3bef61a
SSDEEP

768:THM+mszu8o8TZTekJqJYy4njM24ms3v/XZcTZPQ1t8OdxYbGGwbiRBEt:wRBGZTelYyuM2Bs3v/XZcTZPQpdxYTwv

Score

1^/10

Malware Config

Signatures

Files

0b15fde18ff9694264a48eb1801d78d0_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

d0ea3ca7d5dd656e8905830186816017

Code Sign

58:a2:d7:2d:8c:c0:fd:89:cc:ff:21:e0:d4:ed:c7:4a
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15-03-2021 00:00

Not After

14-03-2024 23:59

Subject

CN=DroidMonkey Apps\, LLC,O=DroidMonkey Apps\, LLC,POSTALCODE=22315,STREET=6653 Audrey Kay Ct,L=Franconia,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

16:b6:2e:a1:1e:46:39:1f:df:55:36:82:6c:3c:67:9a:c1:a7:5b:11:ff:6b:4d:25:ab:65:32:3f:18:ee:e9:dc
Signer

Actual PE Digest

16:b6:2e:a1:1e:46:39:1f:df:55:36:82:6c:3c:67:9a:c1:a7:5b:11:ff:6b:4d:25:ab:65:32:3f:18:ee:e9:dc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Tools\vcpkg\buildtrees\qt5-imageformats\x64-windows-rel\plugins\imageformats\qtiff.pdb

Imports

qt5gui

?currentImageRect@QImageIOHandler@@UEBA?AVQRect@@XZ
?nextImageDelay@QImageIOHandler@@UEBAHXZ
?loopCount@QImageIOHandler@@UEBAHXZ
?name@QImageIOHandler@@UEBA?AVQByteArray@@XZ
?convertToFormat_inplace@QImage@@IEAA_NW4Format@1@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?convertToFormat_helper@QImage@@IEBA?AV1@W4Format@1@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?setDotsPerMeterY@QImage@@QEAAXH@Z
?setDotsPerMeterX@QImage@@QEAAXH@Z
?dotsPerMeterY@QImage@@QEBAHXZ
?dotsPerMeterX@QImage@@QEBAHXZ
?setColorSpace@QImage@@QEAAXAEBVQColorSpace@@@Z
?colorSpace@QImage@@QEBA?AVQColorSpace@@XZ
?hasAlphaChannel@QImage@@QEBA_NXZ
?setColorTable@QImage@@QEAAXV?$QVector@I@@@Z
?colorTable@QImage@@QEBA?AV?$QVector@I@@XZ
?bytesPerLine@QImage@@QEBAHXZ
?constScanLine@QImage@@QEBAPEBEH@Z
?scanLine@QImage@@QEBAPEBEH@Z
?scanLine@QImage@@QEAAPEAEH@Z
?sizeInBytes@QImage@@QEBA_JXZ
?bits@QImage@@QEAAPEAEXZ
?depth@QImage@@QEBAHXZ
?size@QImage@@QEBA?AVQSize@@XZ
?height@QImage@@QEBAHXZ
?width@QImage@@QEBAHXZ
?reinterpretAsFormat@QImage@@QEAA_NW4Format@1@@Z
?format@QImage@@QEBA?AW4Format@1@XZ
?copy@QImage@@QEBA?AV1@HHHH@Z
?isNull@QImage@@QEBA_NXZ
??4QImage@@QEAAAEAV0@$$QEAV0@@Z
?staticMetaObject@QImageIOPlugin@@2UQMetaObject@@B
?setDevice@QImageIOHandler@@QEAAXPEAVQIODevice@@@Z
?setFormat@QImageIOHandler@@QEAAXAEBVQByteArray@@@Z
?qt_metacast@QImageIOPlugin@@UEAAPEAXPEBD@Z
?qt_metacall@QImageIOPlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
??0QImageIOPlugin@@QEAA@PEAVQObject@@@Z
??1QImageIOPlugin@@UEAA@XZ
??0QImageIOHandler@@QEAA@XZ
??1QImageIOHandler@@UEAA@XZ
?device@QImageIOHandler@@QEBAPEAVQIODevice@@XZ
?setFormat@QImageIOHandler@@QEBAXAEBVQByteArray@@@Z
??1QColorSpace@@QEAA@XZ
?isValid@QColorSpace@@QEBA_NXZ
?fromIccProfile@QColorSpace@@SA?AV1@AEBVQByteArray@@@Z
?iccProfile@QColorSpace@@QEBA?AVQByteArray@@XZ
?logicalDpiX@QPaintDevice@@QEBAHXZ
?logicalDpiY@QPaintDevice@@QEBAHXZ
??0QImage@@QEAA@AEBVQSize@@W4Format@0@@Z
??0QImage@@QEAA@$$QEAV0@@Z
??1QImage@@UEAA@XZ

qt5core

?height@QSize@@QEBAHXZ
?width@QSize@@QEBAHXZ
??0QSize@@QEAA@HH@Z
??0QSize@@QEAA@XZ
?toInt@QVariant@@QEBAHPEA_N@Z
?type@QVariant@@QEBA?AW4Type@1@XZ
??0QVariant@@QEAA@AEBVQSize@@@Z
??0QVariant@@QEAA@H@Z
??0QVariant@@QEAA@XZ
?peek@QIODevice@@QEAA_JPEAD_J@Z
?write@QIODevice@@QEAA_JPEBD_J@Z
?read@QIODevice@@QEAA_JPEAD_J@Z
?constData@QByteArray@@QEBAPEBDXZ
??1QByteArray@@QEAA@XZ
??0QByteArray@@QEAA@PEBDH@Z
?sharedNull@QArrayData@@SAPEAU1@XZ
?deallocate@QArrayData@@SAXPEAU1@_K1@Z
?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?warning@QMessageLogger@@QEBAXPEBDZZ
??0QMessageLogger@@QEAA@PEBDH0@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
?isWritable@QIODevice@@QEBA_NXZ
?isReadable@QIODevice@@QEBA_NXZ
?isOpen@QIODevice@@QEBA_NXZ
?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ

tiff

TIFFReadTile
TIFFDefaultStripSize
TIFFReadRGBAImageOriented
TIFFWriteScanline
TIFFReadScanline
TIFFSetField
TIFFSetDirectory
TIFFIsTiled
TIFFClientOpen
TIFFTileSize
TIFFScanlineSize
TIFFReadDirectory
TIFFGetField
TIFFClose
_TIFFfree
_TIFFmalloc

vcruntime140

__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
__std_type_info_destroy_list
memcpy
__std_terminate

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initialize_narrow_environment
_initialize_onexit_table
_initterm_e
_configure_narrow_argv
_seh_filter_dll

kernel32

SetUnhandledExceptionFilter
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 133B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0ea3ca7d5dd656e8905830186816017

Code Sign

58:a2:d7:2d:8c:c0:fd:89:cc:ff:21:e0:d4:ed:c7:4aCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

16:b6:2e:a1:1e:46:39:1f:df:55:36:82:6c:3c:67:9a:c1:a7:5b:11:ff:6b:4d:25:ab:65:32:3f:18:ee:e9:dcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt5gui

qt5core

tiff

vcruntime140

vcruntime140_1

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 728B

.pdata Size: 1024B - Virtual size: 996B

.qtmetad Size: 512B - Virtual size: 133B

.rsrc Size: 1024B - Virtual size: 832B

.reloc Size: 512B - Virtual size: 164B

58:a2:d7:2d:8c:c0:fd:89:cc:ff:21:e0:d4:ed:c7:4a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

16:b6:2e:a1:1e:46:39:1f:df:55:36:82:6c:3c:67:9a:c1:a7:5b:11:ff:6b:4d:25:ab:65:32:3f:18:ee:e9:dc
Signer

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 728B

.pdata
Size: 1024B - Virtual size: 996B

.qtmetad
Size: 512B - Virtual size: 133B

.rsrc
Size: 1024B - Virtual size: 832B

.reloc
Size: 512B - Virtual size: 164B