0f9ecd70177739cf1402623a0fb153d0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0f9ecd70177739cf1402623a0fb153d0_NeikiAnalytics.exe
Size

1.5MB
MD5

0f9ecd70177739cf1402623a0fb153d0
SHA1

2b2bdc8fc3aa1cd2cb2e4e3c99e9c7b4329eff1b
SHA256

9ff26bfa09dcf8283d7c8eac553d6ebab043b3512895f6110577f6045e18e070
SHA512

ccc1ff51d0c5829ee607aadb6326db7e7a8e0e6377e9262090f0676e86ea49c54ce7901ddf781608270c273644c43d316c5785b9d439ea2d05448c92666effa4
SSDEEP

24576:ApT4w3aOeligd+1vxy/4ucNRT5AyCHc1WZmpRBXKrz:ApMUpT1vc/4lCHc1tez

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f9ecd70177739cf1402623a0fb153d0_NeikiAnalytics.exe

Files

0f9ecd70177739cf1402623a0fb153d0_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

04227afd29ef04d1e1ed07743f524830

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\QT\qtvirtualkeyboard-everywhere-src-5.12.8\plugins\virtualkeyboard\qtvirtualkeyboard_openwnn.pdb

Imports

qt5virtualkeyboard

?qt_metacall@QVirtualKeyboardAbstractInputMethod@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QVirtualKeyboardAbstractInputMethod@@UEAAPEAXPEBD@Z
?staticMetaObject@QVirtualKeyboardAbstractInputMethod@@2UQMetaObject@@B
??0QVirtualKeyboardExtensionPlugin@@QEAA@XZ
??1QVirtualKeyboardExtensionPlugin@@UEAA@XZ
?qt_metacall@QVirtualKeyboardExtensionPlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QVirtualKeyboardExtensionPlugin@@UEAAPEAXPEBD@Z
?staticMetaObject@QVirtualKeyboardExtensionPlugin@@2UQMetaObject@@B
?commit@QVirtualKeyboardInputContext@@QEAAXAEBVQString@@HH@Z
?setPreeditText@QVirtualKeyboardInputContext@@QEAAXAEBVQString@@V?$QList@VAttribute@QInputMethodEvent@@@@HH@Z
?inputMethodHints@QVirtualKeyboardInputContext@@QEBA?AV?$QFlags@W4InputMethodHint@Qt@@@@XZ
?selectionListsChanged@QVirtualKeyboardAbstractInputMethod@@QEAAXXZ
?selectionListActiveItemChanged@QVirtualKeyboardAbstractInputMethod@@QEAAXW4Type@QVirtualKeyboardSelectionListModel@@H@Z
?selectionListChanged@QVirtualKeyboardAbstractInputMethod@@QEAAXW4Type@QVirtualKeyboardSelectionListModel@@@Z
?selectionListData@QVirtualKeyboardAbstractInputMethod@@UEAA?AVQVariant@@W4Type@QVirtualKeyboardSelectionListModel@@HW4Role@4@@Z
?inputContext@QVirtualKeyboardAbstractInputMethod@@QEBAPEAVQVirtualKeyboardInputContext@@XZ
??1QVirtualKeyboardAbstractInputMethod@@UEAA@XZ
??0QVirtualKeyboardAbstractInputMethod@@QEAA@PEAVQObject@@@Z
?clickPreeditText@QVirtualKeyboardAbstractInputMethod@@UEAA_NH@Z
?reselect@QVirtualKeyboardAbstractInputMethod@@UEAA_NHAEBV?$QFlags@W4ReselectFlag@QVirtualKeyboardInputEngine@@@@@Z
?traceEnd@QVirtualKeyboardAbstractInputMethod@@UEAA_NPEAVQVirtualKeyboardTrace@@@Z
?traceBegin@QVirtualKeyboardAbstractInputMethod@@UEAAPEAVQVirtualKeyboardTrace@@HW4PatternRecognitionMode@QVirtualKeyboardInputEngine@@AEBV?$QMap@VQString@@VQVariant@@@@1@Z
?patternRecognitionModes@QVirtualKeyboardAbstractInputMethod@@UEBA?AV?$QList@W4PatternRecognitionMode@QVirtualKeyboardInputEngine@@@@XZ
?selectionListRemoveItem@QVirtualKeyboardAbstractInputMethod@@UEAA_NW4Type@QVirtualKeyboardSelectionListModel@@H@Z

qt5gui

??0QBrush@@QEAA@W4GlobalColor@Qt@@W4BrushStyle@2@@Z
??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z
??1QBrush@@QEAA@XZ
?setUnderlineStyle@QTextCharFormat@@QEAAXW4UnderlineStyle@1@@Z
??0QTextCharFormat@@QEAA@XZ
??BQTextFormat@@QEBA?AVQVariant@@XZ
?setProperty@QTextFormat@@QEAAXHAEBVQVariant@@@Z
??1QTextFormat@@QEAA@XZ
??BQBrush@@QEBA?AVQVariant@@XZ
?setRgb@QColor@@QEAAXHHHH@Z

qt5qml

?qmlregister@QQmlPrivate@@YAHW4RegistrationType@1@PEAX@Z
?qdeclarativeelement_destructor@QQmlPrivate@@YAXPEAVQObject@@@Z

qt5core

??0QObject@@QEAA@PEAV0@@Z
?toUpper@QString@@QEHAA?AV1@XZ
?toLower@QString@@QEHAA?AV1@XZ
?at@QBitArray@@QEBA_NH@Z
?size@QBitArray@@QEBAHXZ
?end@QListData@@QEBAPEAPEAXXZ
?begin@QListData@@QEBAPEAPEAXXZ
?length@QString@@QEBAHXZ
??1QBitArray@@QEAA@XZ
?setBit@QBitArray@@QEAAXH@Z
??0QBitArray@@QEAA@$$QEAV0@@Z
?className@QMetaObject@@QEBAPEBDXZ
??0QByteArray@@QEAA@XZ
??0QByteArray@@QEAA@PEBDH@Z
??1QByteArray@@QEAA@XZ
?reserve@QByteArray@@QEAAXH@Z
?append@QByteArray@@QEAAAEAV1@D@Z
?append@QByteArray@@QEAAAEAV1@PEBD@Z
??0QString@@QEAA@XZ
??1QString@@QEAA@XZ
?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z
?registerNormalizedTypedef@QMetaType@@SAHAEBVQByteArray@@H@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?isPrint@QChar@@SA_NI@Z
??0QString@@QEAA@AEBV0@@Z
??4QString@@QEAAAEAV0@AEBV0@@Z
??0QString@@QEAA@$$QEAV0@@Z
?clear@QString@@QEAAXXZ
?at@QString@@QEBA?BVQChar@@H@Z
?mid@QString@@QEBA?AV1@HH@Z
?insert@QString@@QEAAAEAV1@HAEBV1@@Z
?detach@QListData@@QEAAPEAUData@1@H@Z
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?dispose@QListData@@SAXPEAUData@1@@Z
?append@QListData@@QEAAPEAPEAXXZ
??0QVariant@@QEAA@XZ
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@HPEBXI@Z
??0QVariant@@QEAA@AEBV0@@Z
??0QVariant@@QEAA@AEBVQString@@@Z
??0QVariant@@QEAA@$$QEAV0@@Z
??4QVariant@@QEAAAEAV0@$$QEAV0@@Z
?isDetached@QVariant@@QEBA_NXZ
??0QLoggingCategory@@QEAA@PEBD@Z
??1QLoggingCategory@@QEAA@XZ
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ
?shared_null@QListData@@2UData@1@B
?qRegisterResourceData@@YA_NHPEBE00@Z
?qUnregisterResourceData@@YA_NHPEBE00@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
??4QString@@QEAAAEAV0@$$QEAV0@@Z
?append@QString@@QEAAAEAV1@AEBV1@@Z
?insert@QListData@@QEAAPEAPEAXH@Z
?remove@QListData@@QEAAXH@Z
??1QObject@@UEAA@XZ
??0QObject@@IEAA@AEAVQObjectPrivate@@PEAV0@@Z
??0QObjectPrivate@@QEAA@H@Z
??1QObjectPrivate@@UEAA@XZ
?compare@QString@@QEBAHAEBV1@W4CaseSensitivity@Qt@@@Z
??0QBitArray@@QEAA@AEBV0@@Z
?append@QListData@@QEAAPEAPEAXAEBU1@@Z
?recalcMostLeftNode@QMapDataBase@@QEAAXXZ
?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z
?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z
?createData@QMapDataBase@@SAPEAU1@XZ
?freeData@QMapDataBase@@SAXPEAU1@@Z
?shared_null@QMapDataBase@@2U1@B
?category@QChar@@SA?AW4Category@1@I@Z
?left@QString@@QEBA?AV1@H@Z
?toLower@QString@@QEGBA?AV1@XZ
?toUpper@QString@@QEGBA?AV1@XZ
?staticMetaObject@QObject@@2UQMetaObject@@B
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
??0QByteArray@@QEAA@HW4Initialization@Qt@@@Z
?resize@QByteArray@@QEAAXH@Z
?constData@QByteArray@@QEBAPEBDXZ
??4QByteRef@@QEAAAEAV0@D@Z
?toUtf8@QString@@QEGBA?AVQByteArray@@XZ
?fromUtf8@QString@@SA?AV1@PEBDH@Z
?realloc@QListData@@QEAAXH@Z
??0QBitArray@@QEAA@XZ
??0QBitArray@@QEAA@H_N@Z
??M@YA_NAEBVQString@@0@Z

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
CloseHandle

vcruntime140

memcpy
memset
_purecall
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 187B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04227afd29ef04d1e1ed07743f524830

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt5virtualkeyboard

qt5gui

qt5qml

qt5core

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 1.3MB - Virtual size: 1.3MB

.pdata Size: 5KB - Virtual size: 5KB

.qtmetad Size: 512B - Virtual size: 187B

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 1.3MB - Virtual size: 1.3MB

.pdata
Size: 5KB - Virtual size: 5KB

.qtmetad
Size: 512B - Virtual size: 187B

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 5KB - Virtual size: 5KB