8c6dcb54e1c73638c35a90969f7209d0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

8c6dcb54e1c73638c35a90969f7209d0_NeikiAnalytics.exe
Size

53KB
MD5

8c6dcb54e1c73638c35a90969f7209d0
SHA1

98f29f0d31dfe8a2881cff4cc9c1403d40aebe28
SHA256

1f221e5aaa2d04644bb47147ffd89196675626d789d08692b24375a28feed193
SHA512

c53c3a8708c206b47d348f037a34761c2a90dbb8fcf1dcd1d630e9194f65188347ddf074a2c29bcb0ca644a745ab1c0478751dba16c690d48406057a0072b065
SSDEEP

768:geX42tCF+GkO0vuraYWtneG7iP1tBiyQJOhZCeTJh12C6PLX8YijWwAMxkEfG:geIUVZFedWwGGAFeTIC6PLs7vxi

Score

1^/10

Malware Config

Signatures

Files

8c6dcb54e1c73638c35a90969f7209d0_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

253f123ecbe6e9a7626ab950d48ad77b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:98:6e:f1:68:03:ca:fa:96:ff:d6:c2:c0:14:24:98
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12/12/2023, 00:00

Not After

11/12/2024, 23:59

Subject

CN=Autodesk\, Inc.,O=Autodesk\, Inc.,L=San Rafael,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:cb:a1:83:99:88:84:d0:84:7e:c3:c5:ec:15:4b:4e:5e:0e:06:af:52:e4:2e:c5:ea:5a:45:65:a3:aa:5a:77
Signer

Actual PE Digest

f1:cb:a1:83:99:88:84:d0:84:7e:c3:c5:ec:15:4b:4e:5e:0e:06:af:52:e4:2e:c5:ea:5a:45:65:a3:aa:5a:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\qt\work\qt\qtserialbus\plugins\canbus\qtvirtualcanbus.pdb

Imports

qt5serialbus

?qt_metacall@QCanBusDevice@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QCanBusDevice@@UEAAPEAXPEBD@Z
?staticMetaObject@QCanBusDevice@@2UQMetaObject@@B
?waitForFramesWritten@QCanBusDevice@@UEAA_NH@Z
?waitForFramesReceived@QCanBusDevice@@UEAA_NH@Z
?createDeviceInfo@QCanBusDevice@@KA?AVQCanBusDeviceInfo@@AEBVQString@@00H_N1@Z
?enqueueReceivedFrames@QCanBusDevice@@IEAAXAEBV?$QVector@VQCanBusFrame@@@@@Z
?setError@QCanBusDevice@@IEAAXAEBVQString@@W4CanBusError@1@@Z
?setState@QCanBusDevice@@IEAAXW4CanBusDeviceState@1@@Z
?framesWritten@QCanBusDevice@@QEAAX_J@Z
?state@QCanBusDevice@@QEBA?AW4CanBusDeviceState@1@XZ
?configurationParameter@QCanBusDevice@@QEBA?AVQVariant@@H@Z
?setConfigurationParameter@QCanBusDevice@@UEAAXHAEBVQVariant@@@Z
??0QCanBusDevice@@QEAA@PEAVQObject@@@Z
??0QCanBusDeviceInfo@@QEAA@AEBV0@@Z
??0QCanBusFrame@@QEAA@AEBV0@@Z
??1QCanBusFrame@@QEAA@XZ
?setFlexibleDataRateFormat@QCanBusFrame@@QEAAX_N@Z
?payload@QCanBusFrame@@QEBA?AVQByteArray@@XZ
?setFrameType@QCanBusFrame@@QEAAXW4FrameType@1@@Z
??0QCanBusFrame@@QEAA@IAEBVQByteArray@@@Z
??0QCanBusFactoryV2@@QEAA@XZ
??1QCanBusFactoryV2@@MEAA@XZ
??1QCanBusDeviceInfo@@QEAA@XZ

qt5network

?staticMetaObject@QTcpSocket@@2UQMetaObject@@B
?staticMetaObject@QTcpServer@@2UQMetaObject@@B
?staticMetaObject@QAbstractSocket@@2UQMetaObject@@B
?writeData@QAbstractSocket@@MEAA_JPEBD_J@Z
?waitForReadyRead@QAbstractSocket@@UEAA_NH@Z
?waitForDisconnected@QAbstractSocket@@UEAA_NH@Z
?waitForConnected@QAbstractSocket@@UEAA_NH@Z
?waitForBytesWritten@QAbstractSocket@@UEAA_NH@Z
?socketOption@QAbstractSocket@@UEAA?AVQVariant@@W4SocketOption@1@@Z
?socketDescriptor@QAbstractSocket@@UEBA_JXZ
?setSocketOption@QAbstractSocket@@UEAAXW4SocketOption@1@AEBVQVariant@@@Z
?setSocketDescriptor@QAbstractSocket@@UEAA_N_JW4SocketState@1@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?setReadBufferSize@QAbstractSocket@@UEAAX_J@Z
?resume@QAbstractSocket@@UEAAXXZ
?readLineData@QAbstractSocket@@MEAA_JPEAD_J@Z
?readData@QAbstractSocket@@MEAA_JPEAD_J@Z
?qt_metacast@QTcpSocket@@UEAAPEAXPEBD@Z
?qt_metacast@QTcpServer@@UEAAPEAXPEBD@Z
?qt_metacall@QTcpSocket@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacall@QTcpServer@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?nextPendingConnection@QTcpServer@@UEAAPEAVQTcpSocket@@XZ
?connected@QAbstractSocket@@QEAAXXZ
?metaObject@QTcpServer@@UEBAPEBUQMetaObject@@XZ
?isSequential@QAbstractSocket@@UEBA_NXZ
?incomingConnection@QTcpServer@@MEAAX_J@Z
?hasPendingConnections@QTcpServer@@UEBA_NXZ
?disconnectFromHost@QAbstractSocket@@UEAAXXZ
?connectToHost@QAbstractSocket@@UEAAXAEBVQString@@GV?$QFlags@W4OpenModeFlag@QIODevice@@@@W4NetworkLayerProtocol@1@@Z
?connectToHost@QAbstractSocket@@UEAAXAEBVQHostAddress@@GV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?close@QAbstractSocket@@UEAAXXZ
?canReadLine@QAbstractSocket@@UEBA_NXZ
?bytesToWrite@QAbstractSocket@@UEBA_JXZ
?bytesAvailable@QAbstractSocket@@UEBA_JXZ
?atEnd@QAbstractSocket@@UEBA_NXZ
??1QTcpSocket@@UEAA@XZ
??0QTcpSocket@@QEAA@PEAVQObject@@@Z
?newConnection@QTcpServer@@QEAAXXZ
?listen@QTcpServer@@QEAA_NAEBVQHostAddress@@G@Z
??1QTcpServer@@UEAA@XZ
??0QTcpServer@@QEAA@PEAVQObject@@@Z
?isLoopback@QHostAddress@@QEBA_NXZ
??1QHostAddress@@QEAA@XZ
??0QHostAddress@@QEAA@W4SpecialAddress@0@@Z
??0QHostAddress@@QEAA@AEBV0@@Z
?metaObject@QTcpSocket@@UEBAPEBUQMetaObject@@XZ
??0QHostAddress@@QEAA@AEBVQString@@@Z
?disconnected@QAbstractSocket@@QEAAXXZ

qt5core

?staticMetaObject@QIODevice@@2UQMetaObject@@B
?shared_null@QListData@@2UData@1@B
?size@QIODevice@@UEBA_JXZ
?seek@QIODevice@@UEAA_N_J@Z
?reset@QIODevice@@UEAA_NXZ
?pos@QIODevice@@UEBA_JXZ
?open@QIODevice@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?captured@QRegularExpressionMatch@@QEBA?AVQString@@H@Z
?hasMatch@QRegularExpressionMatch@@QEBA_NXZ
??1QRegularExpressionMatch@@QEAA@XZ
?match@QRegularExpression@@QEBA?AVQRegularExpressionMatch@@AEBVQString@@HW4MatchType@1@V?$QFlags@W4MatchOption@QRegularExpression@@@@@Z
??1QRegularExpression@@QEAA@XZ
??0QRegularExpression@@QEAA@AEBVQString@@V?$QFlags@W4PatternOption@QRegularExpression@@@@@Z
?isWarningEnabled@QLoggingCategory@@QEBA_NXZ
?isInfoEnabled@QLoggingCategory@@QEBA_NXZ
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ
?readyRead@QIODevice@@QEAAXXZ
?write@QIODevice@@QEAA_JAEBVQByteArray@@@Z
?readLine@QIODevice@@QEAA?AVQByteArray@@_J@Z
?currentDateTime@QDateTime@@SA?AV1@XZ
?toMSecsSinceEpoch@QDateTime@@QEBA_JXZ
??1QDateTime@@QEAA@XZ
?toStringList@QVariant@@QEBA?AVQStringList@@XZ
?toBool@QVariant@@QEBA_NXZ
??0QVariant@@QEAA@AEBVQStringList@@@Z
??1QVariant@@QEAA@XZ
?fileName@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z
?port@QUrl@@QEBAHH@Z
?host@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z
??1QUrl@@QEAA@XZ
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z
??0QUrl@@QEAA@AEBVQString@@W4ParsingMode@0@@Z
??0QUrl@@QEAA@XZ
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z
?sender@QObject@@IEBAPEAV1@XZ
?deleteLater@QObject@@QEAAXXZ
?property@QObject@@QEBA?AVQVariant@@PEBD@Z
?setProperty@QObject@@QEAA_NPEBDAEBVQVariant@@@Z
?QStringList_contains@QtPrivate@@YA_NPEBVQStringList@@AEBVQString@@W4CaseSensitivity@Qt@@@Z
?remove@QListData@@QEAAXH@Z
?append@QListData@@QEAAPEAPEAXXZ
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?detach@QListData@@QEAAPEAUData@1@H@Z
??1Connection@QMetaObject@@QEAA@XZ
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z
?staticMetaObject@QObject@@2UQMetaObject@@B
?clear@QString@@QEAAXXZ
?dispose@QListData@@SAXPEAUData@1@@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
??0QObject@@QEAA@PEAV0@@Z
??1QObject@@UEAA@XZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
??0QLoggingCategory@@QEAA@PEBD@Z
??1QLoggingCategory@@QEAA@XZ
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
??0QMessageLogger@@QEAA@PEBDH00@Z
?debug@QMessageLogger@@QEBAXPEBDZZ
?info@QMessageLogger@@QEBAXPEBDZZ
?warning@QMessageLogger@@QEBAXPEBDZZ
?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?deallocate@QArrayData@@SAXPEAU1@_K1@Z
??0QByteArray@@QEAA@XZ
??0QByteArray@@QEAA@PEBDH@Z
??0QByteArray@@QEAA@AEBV0@@Z
??1QByteArray@@QEAA@XZ
?constData@QByteArray@@QEBAPEBDXZ
?indexOf@QByteArray@@QEBAHDH@Z
?mid@QByteArray@@QEBA?AV1@HH@Z
?startsWith@QByteArray@@QEBA_NAEBV1@@Z
?startsWith@QByteArray@@QEBA_NPEBD@Z
?trimmed@QByteArray@@QEHAA?AV1@XZ
?append@QByteArray@@QEAAAEAV1@D@Z
?append@QByteArray@@QEAAAEAV1@AEBV1@@Z
?split@QByteArray@@QEBA?AV?$QList@VQByteArray@@@@D@Z
?toUInt@QByteArray@@QEBAIPEA_NH@Z
?toHex@QByteArray@@QEBA?AV1@XZ
?number@QByteArray@@SA?AV1@IH@Z
?cast@QMetaObject@@QEBAPEAVQObject@@PEAV2@@Z
??0QChar@@QEAA@UQLatin1Char@@@Z
??0QString@@QEAA@XZ
??0QString@@QEAA@AEBV0@@Z
??1QString@@QEAA@XZ
?arg@QString@@QEBA?AV1@HHHVQChar@@@Z
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z
?utf16@QString@@QEBAPEBGXZ
?toUInt@QString@@QEBAIPEA_NH@Z
??8@YA_NAEBVQString@@0@Z
??0QString@@QEAA@AEBVQByteArray@@@Z
?fromHex@QByteArray@@SA?AV1@AEBV1@@Z

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
CloseHandle

vcruntime140

memcpy
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 91B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

253f123ecbe6e9a7626ab950d48ad77b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:98:6e:f1:68:03:ca:fa:96:ff:d6:c2:c0:14:24:98Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

f1:cb:a1:83:99:88:84:d0:84:7e:c3:c5:ec:15:4b:4e:5e:0e:06:af:52:e4:2e:c5:ea:5a:45:65:a3:aa:5a:77Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt5serialbus

qt5network

qt5core

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.qtmetad Size: 512B - Virtual size: 91B

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 512B - Virtual size: 344B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:98:6e:f1:68:03:ca:fa:96:ff:d6:c2:c0:14:24:98
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f1:cb:a1:83:99:88:84:d0:84:7e:c3:c5:ec:15:4b:4e:5e:0e:06:af:52:e4:2e:c5:ea:5a:45:65:a3:aa:5a:77
Signer

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.qtmetad
Size: 512B - Virtual size: 91B

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 512B - Virtual size: 344B