6b703f5a311a7e8286b8d9f779341230_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6b703f5a311a7e8286b8d9f779341230_NeikiAnalytics.exe
Size

947KB
MD5

6b703f5a311a7e8286b8d9f779341230
SHA1

fc1694569a8de18c55d98efb55eb57ee31859948
SHA256

ebe268ba4f9103118b8cdbb4db44a6400b3c894fdfa779bae759e4a1688a40de
SHA512

d4975ccdd5e2b97fe7f31d206aa9af46861f580b6a3c246316de94fe3bb0088ea320b2950991c8c82021adbd688806a10914d1e5b86b723186ec70fe6bd99d36
SSDEEP

24576:RAQJsyU6lDuFn+2zT1KBXzRkN2QNvWyeDo:RAiwZvWyeD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b703f5a311a7e8286b8d9f779341230_NeikiAnalytics.exe

Files

6b703f5a311a7e8286b8d9f779341230_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

f292cc54d401f1863d6d02b8f800bd56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

qt6quickcontrols2

?unregisterTypes@QQuickStylePlugin@@UEAAXXZ
?registerTypes@QQuickStylePlugin@@UEAAXPEBD@Z
?updateTheme@QQuickStylePlugin@@UEAAXXZ
??1QQuickStylePlugin@@UEAA@XZ
??0QQuickStylePlugin@@QEAA@PEAVQObject@@@Z
?qt_metacall@QQuickStylePlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QQuickStylePlugin@@UEAAPEAXPEBD@Z
?staticMetaObject@QQuickStylePlugin@@2UQMetaObject@@B

qt6quicktemplates2

?setPalette@QQuickTheme@@QEAAXW4Scope@1@AEBVQPalette@@@Z

qt6gui

??8QColor@@QEBA_NAEBV0@@Z
??0QPalette@@QEAA@XZ
?fromRgba@QColor@@SA?AV1@I@Z
??0QColor@@QEAA@XZ
??5@YAAEAVQDataStream@@AEAV0@AEAVQColor@@@Z
??6@YAAEAVQDataStream@@AEAV0@AEBVQColor@@@Z
??6@YA?AVQDebug@@V0@AEBVQColor@@@Z
??1QPalette@@QEAA@XZ
?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z
??1QBrush@@QEAA@XZ
??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z

qt6qml

??1QJSManagedValue@@QEAA@XZ
?initLoadAttachedLookup@AOTCompiledContext@QQmlPrivate@@QEBAXIIPEAVQObject@@@Z
?loadAttachedLookup@AOTCompiledContext@QQmlPrivate@@QEBA_NIPEAVQObject@@PEAX@Z
??5@YAAEAVQDataStream@@AEAV0@AEAVQJSValue@@@Z
??6@YAAEAVQDataStream@@AEAV0@AEBVQJSValue@@@Z
?toVariant@QJSValue@@QEBA?AVQVariant@@XZ
?isVariant@QJSValue@@QEBA_NXZ
??0QJSValue@@QEAA@AEBV0@@Z
??1QJSValue@@QEAA@XZ
??0QJSValue@@QEAA@W4SpecialValue@0@@Z
?initGetEnumLookup@AOTCompiledContext@QQmlPrivate@@QEBAXIPEBUQMetaObject@@PEBD1@Z
?getEnumLookup@AOTCompiledContext@QQmlPrivate@@QEBA_NIPEAX@Z
?initLoadSingletonLookup@AOTCompiledContext@QQmlPrivate@@QEBAXII@Z
?loadSingletonLookup@AOTCompiledContext@QQmlPrivate@@QEBA_NIPEAX@Z
?initCallObjectPropertyLookup@AOTCompiledContext@QQmlPrivate@@QEBAXI@Z
?toVariant@QJSManagedValue@@QEBA?AVQVariant@@XZ
?initGetObjectLookup@AOTCompiledContext@QQmlPrivate@@QEBAXIPEAVQObject@@VQMetaType@@@Z
?getObjectLookup@AOTCompiledContext@QQmlPrivate@@QEBA_NIPEAVQObject@@PEAX@Z
?initLoadContextIdLookup@AOTCompiledContext@QQmlPrivate@@QEBAXI@Z
?loadContextIdLookup@AOTCompiledContext@QQmlPrivate@@QEBA_NIPEAX@Z
??1QQmlModuleRegistration@@QEAA@XZ
?setReturnValueUndefined@AOTCompiledContext@QQmlPrivate@@QEBAXXZ
?hasError@QJSEngine@@QEBA_NXZ
?initLoadScopeObjectPropertyLookup@AOTCompiledContext@QQmlPrivate@@QEBAXIVQMetaType@@@Z
?loadScopeObjectPropertyLookup@AOTCompiledContext@QQmlPrivate@@QEBA_NIPEAX@Z
?setInstructionPointer@AOTCompiledContext@QQmlPrivate@@QEBAXH@Z
?qmlunregister@QQmlPrivate@@YAXW4RegistrationType@1@_K@Z
??0QQmlModuleRegistration@@QEAA@PEBDP6AXXZ@Z
?qmlRegisterModule@@YAXPEBDHH@Z
?qmlregister@QQmlPrivate@@YAHW4RegistrationType@1@PEAX@Z
?initializeEngine@QQmlExtensionPlugin@@UEAAXPEAVQQmlEngine@@PEBD@Z
??0QJSManagedValue@@QEAA@$$QEAV0@@Z
?convertManaged@QJSEngine@@CA_NAEBVQJSManagedValue@@VQMetaType@@PEAX@Z
?convertV2@QJSEngine@@CA_NAEBVQJSValue@@VQMetaType@@PEAX@Z
?convertString@QJSEngine@@CA_NAEBVQString@@VQMetaType@@PEAX@Z
?convertVariant@QJSEngine@@AEAA_NAEBVQVariant@@VQMetaType@@PEAX@Z
?constructValueType@AOTCompiledContext@QQmlPrivate@@QEBA?AVQVariant@@VQMetaType@@PEBUQMetaObject@@HPEAX@Z
?staticMetaObject@QQmlComponent@@2UQMetaObject@@B
?throwError@QJSEngine@@QEAAXW4ErrorType@QJSValue@@AEBVQString@@@Z
?toString@QJSPrimitiveValue@@CA?AVQString@@N@Z
?convertQObjectToString@QJSEngine@@AEAA?AVQString@@PEAVQObject@@@Z
?callObjectPropertyLookup@AOTCompiledContext@QQmlPrivate@@QEBA_NIPEAVQObject@@PEAPEAXPEBVQMetaType@@H@Z
?lookupResultMetaType@AOTCompiledContext@QQmlPrivate@@QEBA?AVQMetaType@@I@Z

qt6core

?flags@QMetaType@@QEBA?AV?$QFlags@W4TypeFlag@QMetaType@@@@XZ
?number@QString@@SA?AV1@HH@Z
??0QString@@QEAA@VQLatin1String@@@Z
??6@YA?AVQDebug@@V0@AEBVQUrl@@@Z
??5@YAAEAVQDataStream@@AEAV0@AEAVQUrl@@@Z
??6@YAAEAVQDataStream@@AEAV0@AEBVQUrl@@@Z
??8QUrl@@QEBA_NAEBV0@@Z
??MQUrl@@QEBA_NAEBV0@@Z
??1QUrl@@QEAA@XZ
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z
??0QUrl@@QEAA@AEBVQString@@W4ParsingMode@0@@Z
??0QUrl@@QEAA@AEBV0@@Z
??0QUrl@@QEAA@XZ
??4QString@@QEAAAEAV0@$$QEAV0@@Z
?cast@QMetaObject@@QEBAPEBVQObject@@PEBV2@@Z
?constData@QVariant@@QEBAPEBXXZ
?toString@QVariant@@QEBA?AVQString@@XZ
?convert@QMetaType@@SA_NV1@PEBX0PEAX@Z
?toDouble@QString@@QEBANPEA_N@Z
?toInt@QString@@QEBAHPEA_NH@Z
??0QByteArray@@QEAA@PEBD_J@Z
?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z
?metaObject@QMetaType@@QEBAPEBUQMetaObject@@XZ
??4QVariant@@QEAAAEAV0@AEBV0@@Z
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z
??6QDebug@@QEAAAEAV0@_N@Z
??6QTextStream@@QEAAAEAV0@H@Z
??6QDataStream@@QEAAAEAV0@_N@Z
??6QDataStream@@QEAAAEAV0@H@Z
?staticMetaObject@QObject@@2UQMetaObject@@B
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
??0QObject@@QEAA@PEAV0@@Z
??1QObject@@UEAA@XZ
??1QDebug@@QEAA@XZ
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
??0QString@@QEAA@$$QEAU?$QArrayDataPointer@_S@@@Z
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
?className@QMetaObject@@QEBAPEBDXZ
??0QByteArray@@QEAA@XZ
??1QByteArray@@QEAA@XZ
?reserve@QByteArray@@QEAAX_J@Z
?data@QByteArray@@QEBAPEBDXZ
?append@QByteArray@@QEAAAEAV1@D@Z
?append@QByteArray@@QEAAAEAV1@PEBD@Z
?size@QByteArray@@QEBA_JXZ
?isNull@QByteArray@@QEBA_NXZ
?registerNormalizedTypedef@QMetaType@@SAXAEBVQByteArray@@V1@@Z
?id@QMetaType@@QEBAHH@Z
?qRegisterResourceData@@YA_NHPEBE00@Z
?qUnregisterResourceData@@YA_NHPEBE00@Z
?qResourceFeatureZlib@@YAEXZ
??0QChar@@QEAA@UQLatin1Char@@@Z
?equalStrings@QtPrivate@@YA_NVQStringView@@0@Z
?equalStrings@QtPrivate@@YA_NVQStringView@@VQLatin1String@@@Z
??0QString@@QEAA@AEBV0@@Z
??1QString@@QEAA@XZ
??0QString@@QEAA@$$QEAV0@@Z
?data@QString@@QEBAPEBVQChar@@XZ
?startsWith@QString@@QEBA_NVQChar@@W4CaseSensitivity@Qt@@@Z
?insert@QString@@QEAAAEAV1@_JVQChar@@@Z
?isNull@QString@@QEBA_NXZ
?globalSeed@QHashSeed@@SA?AU1@XZ
?qHash@@YA_KVQStringView@@_K@Z
?scheme@QUrl@@QEBA?AVQString@@XZ
?path@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z
?cleanPath@QDir@@SA?AVQString@@AEBV2@@Z
??5QDataStream@@QEAAAEAV0@AEAN@Z
??6QDataStream@@QEAAAEAV0@N@Z
??6QTextStream@@QEAAAEAV0@N@Z
?maybeSpace@QDebug@@QEAAAEAV1@XZ
?lengthHelperCharArray@QByteArrayView@@CA_JPEBD_K@Z
?fromName@QMetaType@@SA?AV1@VQByteArrayView@@@Z
??0QVariant@@QEAA@XZ
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@VQMetaType@@PEBX@Z
??0QVariant@@QEAA@AEBV0@@Z
??0QVariant@@QEAA@$$QEAV0@@Z
??4QVariant@@QEAAAEAV0@$$QEAV0@@Z
?metaType@QVariant@@QEBA?AVQMetaType@@XZ
?isValid@QVariant@@QEBA_NXZ
?data@QVariant@@QEAAPEAXXZ
?qdebugHelper@QVariant@@AEBA?AVQDebug@@V2@@Z
?equals@QVariant@@IEBA_NAEBV1@@Z
??5@YAAEAVQDataStream@@AEAV0@AEAVQVariant@@@Z
??6@YAAEAVQDataStream@@AEAV0@AEBVQVariant@@@Z
?compareStrings@QtPrivate@@YAHVQStringView@@0W4CaseSensitivity@Qt@@@Z
??0QString@@QEAA@XZ
??6@YAAEAVQDataStream@@AEAV0@AEBVQString@@@Z
??5@YAAEAVQDataStream@@AEAV0@AEAVQString@@@Z
??5QDataStream@@QEAAAEAV0@AEAH@Z
??5QDataStream@@QEAAAEAV0@AEA_N@Z

vcruntime140

memset
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
memcmp
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

strlen
strcmp

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_execute_onexit_table
_initialize_onexit_table
_register_onexit_function
_initterm_e
_initterm
_cexit

api-ms-win-crt-math-l1-1-0

_dtest
copysign
fmod

kernel32

GetProcAddress
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EnterCriticalSection
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CloseHandle

Exports

Exports

?qml_register_types_QtQuick_Controls_Basic@@YAXXZ
qt_plugin_instance
qt_plugin_query_metadata_v2

Sections

.text
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f292cc54d401f1863d6d02b8f800bd56

Headers

DLL Characteristics

File Characteristics

Imports

qt6quickcontrols2

qt6quicktemplates2

qt6gui

qt6qml

qt6core

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 449KB - Virtual size: 449KB

.rdata Size: 434KB - Virtual size: 433KB

.data Size: 40KB - Virtual size: 50KB

.pdata Size: 16KB - Virtual size: 16KB

.qtmetad Size: 512B - Virtual size: 128B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 449KB - Virtual size: 449KB

.rdata
Size: 434KB - Virtual size: 433KB

.data
Size: 40KB - Virtual size: 50KB

.pdata
Size: 16KB - Virtual size: 16KB

.qtmetad
Size: 512B - Virtual size: 128B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB