129079a08a221509217f75e8686daf60_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

129079a08a221509217f75e8686daf60_NeikiAnalytics.exe
Size

71KB
MD5

129079a08a221509217f75e8686daf60
SHA1

1eba46ba410b27ec4b24f94f62d5f3ff37d6c99e
SHA256

22246207bd19bbff4a8ac23262bc8cd02c68e5fc0a1d43cbb8ad98b9c1a14f61
SHA512

e42ad0431e0ebfd08d1732383356b98aad485822cc55386e1e48187f1ab6e8eb4d7e1f032b8caf795c95f82daeb1b144e5f4a5aa3c7a31b700b0dd7494a29156
SSDEEP

768:5V2TsDV3iJAOy8E32yLUvEGTBg3zutdfzvLy5Rr2HZ4G2Cmk2VAYLJEYijq6AMx1:5V2IcDE3mS4v2A923bVAYLG7W4xKQ

Score

1^/10

Malware Config

Signatures

Files

129079a08a221509217f75e8686daf60_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

a255219041272f02b6aec33ec331da7b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:98:6e:f1:68:03:ca:fa:96:ff:d6:c2:c0:14:24:98
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12/12/2023, 00:00

Not After

11/12/2024, 23:59

Subject

CN=Autodesk\, Inc.,O=Autodesk\, Inc.,L=San Rafael,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:fc:12:53:d8:75:2b:b9:63:75:66:ac:c0:6d:58:6d:a6:8d:05:99:21:95:3a:e8:32:a7:87:82:e6:6f:0d:8b
Signer

Actual PE Digest

31:fc:12:53:d8:75:2b:b9:63:75:66:ac:c0:6d:58:6d:a6:8d:05:99:21:95:3a:e8:32:a7:87:82:e6:6f:0d:8b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb

Imports

qt5gui

?topLevelWindows@QGuiApplication@@SA?AV?$QList@PEAVQWindow@@@@XZ
?registerTouchDevice@QWindowSystemInterface@@SAXPEBVQTouchDevice@@@Z
?setCapabilities@QTouchDevice@@QEAAXV?$QFlags@W4CapabilityFlag@QTouchDevice@@@@@Z
?setType@QTouchDevice@@QEAAXW4DeviceType@1@@Z
?focusWindow@QGuiApplication@@SAPEAVQWindow@@XZ
??$handleTouchEvent@UDefaultDelivery@QWindowSystemInterface@@@QWindowSystemInterface@@SA_NPEAVQWindow@@PEAVQTouchDevice@@AEBV?$QList@UTouchPoint@QWindowSystemInterface@@@@V?$QFlags@W4KeyboardModifier@Qt@@@@@Z
?setName@QTouchDevice@@QEAAXAEBVQString@@@Z
??0QTouchDevice@@QEAA@XZ
?mapToGlobal@QWindow@@QEBA?AVQPoint@@AEBV2@@Z
?fromTranslate@QTransform@@SA?AV1@NN@Z
?map@QTransform@@QEBA?AVQPointF@@AEBV2@@Z
??XQTransform@@QEAAAEAV0@AEBV0@@Z
?rotate@QTransform@@QEAAAEAV1@NW4Axis@Qt@@@Z
?scale@QTransform@@QEAAAEAV1@NN@Z
?translate@QTransform@@QEAAAEAV1@NN@Z
?type@QTransform@@QEBA?AW4TransformationType@1@XZ
??4QTransform@@QEAAAEAV0@AEBV0@@Z
??0QTransform@@QEAA@XZ
??1QGenericPlugin@@UEAA@XZ
??0QGenericPlugin@@QEAA@PEAVQObject@@@Z
?qt_metacall@QGenericPlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QGenericPlugin@@UEAAPEAXPEBD@Z
?staticMetaObject@QGenericPlugin@@2UQMetaObject@@B

qt5network

?readDatagram@QUdpSocket@@QEAA_JPEAD_JPEAVQHostAddress@@PEAG@Z
?pendingDatagramSize@QUdpSocket@@QEBA_JXZ
?hasPendingDatagrams@QUdpSocket@@QEBA_NXZ
??1QUdpSocket@@UEAA@XZ
??0QUdpSocket@@QEAA@PEAVQObject@@@Z
??1QHostAddress@@QEAA@XZ
??0QHostAddress@@QEAA@W4SpecialAddress@0@@Z
??0QHostAddress@@QEAA@XZ
?bind@QAbstractSocket@@QEAA_NAEBVQHostAddress@@GV?$QFlags@W4BindFlag@QAbstractSocket@@@@@Z

qt5core

??6QDebug@@QEAAAEAV0@H@Z
??6QDebug@@QEAAAEAV0@M@Z
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z
?shared_null@QMapDataBase@@2U1@B
?staticMetaObject@QIODevice@@2UQMetaObject@@B
?toByteArray@QVariant@@QEBA?AVQByteArray@@XZ
?compare@QString@@QEBAHVQLatin1String@@W4CaseSensitivity@Qt@@@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
??0QMessageLogger@@QEAA@PEBDH00@Z
?warning@QMessageLogger@@QEBAXPEBDZZ
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ
?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?deallocate@QArrayData@@SAXPEAU1@_K1@Z
?sharedNull@QArrayData@@SAPEAU1@XZ
?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z
??0QByteArray@@QEAA@XZ
??0QByteArray@@QEAA@PEBDH@Z
??0QByteArray@@QEAA@AEBV0@@Z
??1QByteArray@@QEAA@XZ
??4QByteArray@@QEAAAEAV0@AEBV0@@Z
??0QByteArray@@QEAA@$$QEAV0@@Z
??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z
?constData@QByteArray@@QEBAPEBDXZ
?indexOf@QByteArray@@QEBAHDH@Z
?mid@QByteArray@@QEBA?AV1@HH@Z
?startsWith@QByteArray@@QEBA_NAEBV1@@Z
?startsWith@QByteArray@@QEBA_ND@Z
?toHex@QByteArray@@QEBA?AV1@XZ
?detach@QListData@@QEAAPEAUData@1@H@Z
?dispose@QListData@@SAXPEAUData@1@@Z
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@AEBV0@@Z
??1QDebug@@QEAA@XZ
??6QDebug@@QEAAAEAV0@AEBVQByteArray@@@Z
??0QLoggingCategory@@QEAA@PEBD@Z
??1QLoggingCategory@@QEAA@XZ
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ
?isWarningEnabled@QLoggingCategory@@QEBA_NXZ
?shared_null@QListData@@2UData@1@B
?warning@QMessageLogger@@QEBA?AVQDebug@@XZ
?at@QByteArray@@QEBADH@Z
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?append@QListData@@QEAAPEAPEAXXZ
??0QVariant@@QEAA@H@Z
??0QVariant@@QEAA@M@Z
??0QVariant@@QEAA@AEBVQByteArray@@@Z
??6@YA?AVQDebug@@V0@AEBVQVariant@@@Z
??6QTextStream@@QEAAAEAV0@D@Z
??6QDebug@@QEAAAEAV0@D@Z
??6QDebug@@QEAAAEAV0@PEBD@Z
?staticMetaObject@QObject@@2UQMetaObject@@B
?qEnvironmentVariableIsSet@@YA_NPEBD@Z
??1Connection@QMetaObject@@QEAA@XZ
?resize@QByteArray@@QEAAXH@Z
?data@QByteArray@@QEAAPEADXZ
?toFloat@QVariant@@QEBAMPEA_N@Z
?section@QString@@QEBA?AV1@VQChar@@HHV?$QFlags@W4SectionFlag@QString@@@@@Z
?startsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?split@QString@@QEBA?AVQStringList@@VQChar@@V?$QFlags@W4SplitBehaviorFlags@Qt@@@@W4CaseSensitivity@Qt@@@Z
?toInt@QString@@QEBAHPEA_NH@Z
??8QString@@QEBA_NPEBD@Z
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z
?toPoint@QPointF@@QEBA?AVQPoint@@XZ
??0?$QVector@VQPointF@@@@QEAA@XZ
??0?$QVector@VQPointF@@@@QEAA@AEBV0@@Z
??1?$QVector@VQPointF@@@@QEAA@XZ
?realloc@QListData@@QEAAXH@Z
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
??0QObject@@QEAA@PEAV0@@Z
??1QObject@@UEAA@XZ
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z
?nextNode@QMapNodeBase@@QEBAPEBU1@XZ
?freeNodeAndRebalance@QMapDataBase@@QEAAXPEAUQMapNodeBase@@@Z
?recalcMostLeftNode@QMapDataBase@@QEAAXXZ
?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z
?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z
?createData@QMapDataBase@@SAPEAU1@XZ
?freeData@QMapDataBase@@SAXPEAU1@@Z
?errorString@QIODevice@@QEBA?AVQString@@XZ
?readyRead@QIODevice@@QEAAXXZ
?userType@QVariant@@QEBAHXZ
?toInt@QVariant@@QEBAHPEA_N@Z
??1QString@@QEAA@XZ

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime

vcruntime140

memcpy
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_dll
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_register_onexit_function

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 105B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a255219041272f02b6aec33ec331da7b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:98:6e:f1:68:03:ca:fa:96:ff:d6:c2:c0:14:24:98Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

31:fc:12:53:d8:75:2b:b9:63:75:66:ac:c0:6d:58:6d:a6:8d:05:99:21:95:3a:e8:32:a7:87:82:e6:6f:0d:8bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt5gui

qt5network

qt5core

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.qtmetad Size: 512B - Virtual size: 105B

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 512B - Virtual size: 172B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:98:6e:f1:68:03:ca:fa:96:ff:d6:c2:c0:14:24:98
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

31:fc:12:53:d8:75:2b:b9:63:75:66:ac:c0:6d:58:6d:a6:8d:05:99:21:95:3a:e8:32:a7:87:82:e6:6f:0d:8b
Signer

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.qtmetad
Size: 512B - Virtual size: 105B

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 172B