35fc05ebd5dfd84d5f8c7cf9e00609a0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

35fc05ebd5dfd84d5f8c7cf9e00609a0_NeikiAnalytics.exe
Size

75KB
MD5

35fc05ebd5dfd84d5f8c7cf9e00609a0
SHA1

c36ed15c8f6bd0bdc794fa583b9a4419e31d6843
SHA256

9bcdb6f437dd295627ea65d14af6e3c52d7631dcf695c808ee352b0aceb9ef03
SHA512

00692c6d11a713ebadaa44ceb8be930b4278d31ece7601e7da373d6da453906f3cc18e61717d60506bfbf5f976cd3e9bb9b39c06381fbcfe631d1e5edc6cf1e9
SSDEEP

1536:8i6GeehRxG2cLNdr1UiGuu1Iu87McEBR17/xS:QRuRxG2cLNdr+ku1rvcEBR14

Score

1^/10

Malware Config

Signatures

Files

35fc05ebd5dfd84d5f8c7cf9e00609a0_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

cfdebd7f32f16f47c6b3ab8361c962f1

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:98:6e:f1:68:03:ca:fa:96:ff:d6:c2:c0:14:24:98
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12/12/2023, 00:00

Not After

11/12/2024, 23:59

Subject

CN=Autodesk\, Inc.,O=Autodesk\, Inc.,L=San Rafael,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:73:4a:16:cb:73:88:96:b4:e6:1d:75:3c:4b:bd:86:a6:e9:33:b1:c4:65:1d:3e:b1:ee:52:1e:e3:36:13:81
Signer

Actual PE Digest

82:73:4a:16:cb:73:88:96:b4:e6:1d:75:3c:4b:bd:86:a6:e9:33:b1:c4:65:1d:3e:b1:ee:52:1e:e3:36:13:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

python310

PyConfig_SetArgv
PyConfig_InitPythonConfig
Py_Main
Py_DecodeLocale
Py_SetProgramName

qt5widgets

??1QApplication@@UEAA@XZ
??0QApplication@@QEAA@AEAHPEAPEADH@Z

qt5core

?toUtf8@QString@@QEGBA?AVQByteArray@@XZ
?append@QString@@QEAAAEAV1@AEBV1@@Z
??1QByteArray@@QEAA@XZ
?data@QByteArray@@QEAAPEADXZ
?constData@QByteArray@@QEBAPEBDXZ
??0QString@@QEAA@XZ
??1QString@@QEAA@XZ
??0QFileInfo@@QEAA@AEBVQString@@@Z
?shared_null@QListData@@2UData@1@B
?homePath@QDir@@SA?AVQString@@XZ
?exists@QDir@@QEBA_NAEBVQString@@@Z
??8QDir@@QEBA_NAEBV0@@Z
?exists@QDir@@QEBA_NXZ
?mkpath@QDir@@QEBA_NAEBVQString@@@Z
?mkdir@QDir@@QEBA_NAEBVQString@@@Z
?cdUp@QDir@@QEAA_NXZ
?cd@QDir@@QEAA_NAEBVQString@@@Z
?absoluteFilePath@QDir@@QEBA?AVQString@@AEBV2@@Z
?absolutePath@QDir@@QEBA?AVQString@@XZ
??4QDir@@QEAAAEAV0@AEBVQString@@@Z
??4QDir@@QEAAAEAV0@AEBV0@@Z
??1QDir@@QEAA@XZ
??0QDir@@QEAA@AEBVQString@@@Z
??0QDir@@QEAA@AEBV0@@Z
?isExecutable@QFileInfo@@QEBA_NXZ
?isReadable@QFileInfo@@QEBA_NXZ
?absoluteFilePath@QFileInfo@@QEBA?AVQString@@XZ
?exists@QFileInfo@@QEBA_NXZ
??1QFileInfo@@QEAA@XZ
?toUtf8@QString@@QEHAA?AVQByteArray@@XZ
?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ
?end@QListData@@QEBAPEAPEAXXZ
?begin@QListData@@QEBAPEAPEAXXZ
?at@QListData@@QEBAPEAPEAXH@Z
?size@QListData@@QEBAHXZ
?append@QListData@@QEAAPEAPEAXXZ
?erase@QListData@@QEAAPEAPEAXPEAPEAX@Z
?dispose@QListData@@SAXPEAUData@1@@Z
?dispose@QListData@@QEAAXXZ
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?detach@QListData@@QEAAPEAUData@1@H@Z
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z
??YQString@@QEAAAEAV0@PEBD@Z
??0QString@@QEAA@PEBD@Z

boost_filesystem-vc143-mt-x64-1_80

?convert@path_traits@filesystem@boost@@YAXPEB_W0AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$codecvt@_WDU_Mbstatet@@@5@@Z
?codecvt@path@filesystem@boost@@SAAEBV?$codecvt@_WDU_Mbstatet@@@std@@XZ
?append_v3@path@filesystem@boost@@AEAAXAEBV123@@Z
?status@detail@filesystem@boost@@YA?AVfile_status@23@AEBVpath@23@PEAVerror_code@system@3@@Z
?convert@path_traits@filesystem@boost@@YAXPEBD0AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$codecvt@_WDU_Mbstatet@@@5@@Z

stl_ext

?tokenize@stl_ext@@YAXAEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@1@Z

msvcp140

_Mtx_destroy_in_situ
_Mtx_init_in_situ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

vcruntime140

__std_terminate
memcpy
_CxxThrowException
memcmp
__std_exception_destroy
_purecall
__C_specific_handler
__current_exception
__current_exception_context
memset
__std_exception_copy
memmove

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_cexit
_get_initial_narrow_environment
_initterm_e
exit
_exit
_crt_atexit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_invalid_parameter_noinfo_noreturn
terminate
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm

api-ms-win-crt-environment-l1-1-0

_putenv
getenv

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_callnewh

api-ms-win-crt-locale-l1-1-0

__initialize_lconv_for_unsigned_char
_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

kernel32

GetModuleHandleW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
RtlCaptureContext
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfdebd7f32f16f47c6b3ab8361c962f1

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:98:6e:f1:68:03:ca:fa:96:ff:d6:c2:c0:14:24:98Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

82:73:4a:16:cb:73:88:96:b4:e6:1d:75:3c:4b:bd:86:a6:e9:33:b1:c4:65:1d:3e:b1:ee:52:1e:e3:36:13:81Signer

Headers

DLL Characteristics

File Characteristics

Imports

python310

qt5widgets

qt5core

boost_filesystem-vc143-mt-x64-1_80

stl_ext

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

kernel32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 304B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:98:6e:f1:68:03:ca:fa:96:ff:d6:c2:c0:14:24:98
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

82:73:4a:16:cb:73:88:96:b4:e6:1d:75:3c:4b:bd:86:a6:e9:33:b1:c4:65:1d:3e:b1:ee:52:1e:e3:36:13:81
Signer

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 304B