7074bbad75d2bd82d0e7782dfad5596ccd65f0897ce0e130f3ab4b18a498dfc0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

7074bbad75d2bd82d0e7782dfad5596ccd65f0897ce0e130f3ab4b18a498dfc0_NeikiAnalytics.exe
Size

661KB
MD5

b6a3be7875447fbf50cb9a47c643bee0
SHA1

5915886d6ef3dfe702ac807a27f05a4f5100ee6c
SHA256

7074bbad75d2bd82d0e7782dfad5596ccd65f0897ce0e130f3ab4b18a498dfc0
SHA512

156398f72516274ac82670e9bef2da0593218334593144892497edb4c9b1bdae70a8daac18b28b72bb3696f8885c356274836bf4b24e91c1dc3b362c36774aeb
SSDEEP

6144:U3ROyeSo7/7V2EeyPkWocAJ4NX/6+3YJjDUu+sprAWSmxCPn9P74rO2X69/qeanj:Uk76hljSiAWzMPnBJTvhywxWRqhC

Score

1^/10

Malware Config

Signatures

Files

7074bbad75d2bd82d0e7782dfad5596ccd65f0897ce0e130f3ab4b18a498dfc0_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

dde6055784bdca48a86ed484f2736fe0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:4f:d3:11:f7:b3:e0:4c:a8:cd:33:52:2d:f5:c9:37
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/03/2024, 00:00

Not After

11/02/2026, 23:59

Subject

SERIALNUMBER=B184956,CN=Viber Media S.a r.l.,O=Viber Media S.a r.l.,L=Luxembourg,C=LU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024c55

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:dc:df:03:80:dc:d0:84:0b:d1:39:fb:a1:0a:54:b4:fc:c5:87:fe:e0:f2:a4:9d:b2:c4:d0:e4:d9:36:2f:f3
Signer

Actual PE Digest

bf:dc:df:03:80:dc:d0:84:0b:d1:39:fb:a1:0a:54:b4:fc:c5:87:fe:e0:f2:a4:9d:b2:c4:d0:e4:d9:36:2f:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\out_x64\Qt\qt_src_6.5.3\qtbase\bin\QtWebEngineProcess.pdb

Imports

kernel32

QueryDosDeviceW
GetLongPathNameW
GetFileAttributesW
SetCurrentDirectoryW
RtlCaptureStackBackTrace
FormatMessageA
GetLocalTime
OutputDebugStringA
GetCurrentDirectoryW
GetModuleHandleExW
QueryThreadCycleTime
UnmapViewOfFile
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
RtlVirtualUnwind
RtlLookupFunctionEntry
TlsGetValue
WideCharToMultiByte
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
AcquireSRWLockExclusive
CreateNamedPipeW
WriteFile
GetCommandLineW
GetProcessHeaps
SetThreadAffinityMask
VirtualFree
GetCurrentProcessorNumber
HeapSetInformation
SetUnhandledExceptionFilter
GetThreadId
TlsFree
TlsAlloc
GetThreadPriority
SetThreadPriority
GetCurrentThread
Sleep
RaiseException
IsDebuggerPresent
TlsSetValue
SetHandleInformation
GetFileType
FreeLibrary
AssignProcessToJobObject
MapViewOfFile
CreateFileMappingW
WriteProcessMemory
ReadProcessMemory
CreateFileW
LocalFree
LoadLibraryW
GetModuleHandleA
GetModuleFileNameW
IsWow64Process
GetNativeSystemInfo
GetVersionExW
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
LoadLibraryExW
UnregisterWaitEx
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleW
VirtualAlloc
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
EnumSystemLocalesEx
GetUserDefaultLocaleName
GetUserDefaultLCID
GetUserDefaultLangID
GetTickCount
HeapDestroy
TerminateProcess
UnregisterWait
RegisterWaitForSingleObject
SetInformationJobObject
TerminateJobObject
GetCurrentThreadId
CreateThread
GetCurrentProcess
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
DuplicateHandle
SetLastError
CloseHandle
CreateMutexW
GetProcessHandleCount
VirtualAllocEx
VirtualProtectEx
VirtualFreeEx
CreateJobObjectW
QueryInformationJobObject
GetSystemInfo
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
InitOnceExecuteOnce
DebugBreak
lstrlenW
CreateRemoteThread
GetLogicalProcessorInformation
RtlCaptureContext
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
GetProductInfo
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcessId
GetLastError

qt6webenginecore

?qWebEngineChromiumVersion@@YAPEBDXZ
?processMain@QtWebEngineCore@@YAHHPEAPEBD@Z
?staticSandboxInterfaceInfo@QtWebEngineSandbox@@YAPEAUSandboxInterfaceInfo@sandbox@@PEAU23@@Z
?qWebEngineVersion@@YAPEBDXZ

qt6core

?warning@QMessageLogger@@QEBAXPEBDZZ
?qErrnoWarning@@YAXHPEBDZZ
?deallocate@QArrayData@@SAXPEAU1@_J1@Z
??0QString@@QEAA@$$QEAU?$QArrayDataPointer@_S@@@Z
??0QLibrary@@QEAA@PEAVQObject@@@Z
?applicationName@QCoreApplication@@SA?AVQString@@XZ
?resolve@QLibrary@@QEAAP6AXXZPEBD@Z
?load@QLibrary@@QEAA_NXZ
?setFileName@QLibrary@@QEAAXAEBVQString@@@Z
?compare@QOperatingSystemVersionBase@@KAHV1@0@Z
??0QMessageLogger@@QEAA@PEBDH0@Z
?info@QMessageLogger@@QEBAXPEBDZZ
??0QCoreApplication@@QEAA@AEAHPEAPEADH@Z
?toLocal8Bit@QString@@QEHAA?AVQByteArray@@XZ
??1QString@@QEAA@XZ
?constData@QByteArray@@QEBAPEBDXZ
??1QLibrary@@UEAA@XZ
?Windows8_1@QOperatingSystemVersion@@2V1@B
??1QByteArray@@QEAA@XZ
??1QCoreApplication@@UEAA@XZ
?current@QOperatingSystemVersion@@SA?AV1@XZ

msvcp140

_Thrd_yield
_Xtime_get_ticks
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
_Mtx_lock
_Mtx_unlock
?_Throw_Cpp_error@std@@YAXH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?_Xout_of_range@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z

vcruntime140

memset
memcpy
_purecall
memcmp
__C_specific_handler
memmove
memchr
strrchr
strstr
strchr
__current_exception
__current_exception_context
__std_exception_copy
__std_exception_destroy
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
realloc
malloc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
terminate
_crt_atexit
abort
_errno
_configure_narrow_argv
_initialize_narrow_environment
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_exit
_invoke_watson
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

round
ceilf
exp
log
floor
ceil
__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__acrt_iob_func
_write
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

isxdigit
_wcsdup
wcscmp
_wcsnicmp
_wcsicmp
_strdup

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

advapi32

AdjustTokenPrivileges
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDisablePredefinedCache
RegCloseKey
RevertToSelf
CreateWellKnownSid
EqualSid
GetLengthSid
GetSidSubAuthority
InitializeSid
IsValidSid
ConvertSidToStringSidW
ConvertStringSidToSidW
SetEntriesInAclW
GetNamedSecurityInfoW
SetSecurityInfo
BuildTrusteeWithSidW
CreateProcessAsUserW
SetThreadToken
OpenProcessToken
DuplicateToken
GetTokenInformation
AccessCheck
DuplicateTokenEx
GetAce
GetKernelObjectSecurity
GetSecurityDescriptorSacl
MapGenericMask
SetKernelObjectSecurity
SetTokenInformation
InitializeAcl
EventRegister
EventUnregister
EventWrite
AddMandatoryAce
GetSecurityInfo
GetSecurityDescriptorDacl
SystemFunction036
FreeSid
ImpersonateLoggedOnUser
CreateRestrictedToken
LookupPrivilegeValueW

shell32

CommandLineToArgvW

user32

GetProcessWindowStation
SetProcessWindowStation
CreateWindowStationW
CreateDesktopW
GetUserObjectInformationW
GetThreadDesktop
CloseWindowStation
CloseDesktop

winmm

timeGetTime

ole32

CoTaskMemFree

Exports

Exports

GetHandleVerifier
IsSandboxedProcess
TargetCreateNamedPipeW
TargetCreateNamedPipeW64
TargetCreateThread
TargetCreateThread64
TargetGdiDllInitialize
TargetGdiDllInitialize64
TargetGetStockObject
TargetGetStockObject64
TargetNtCreateFile
TargetNtCreateFile64
TargetNtCreateSection
TargetNtCreateSection64
TargetNtMapViewOfSection
TargetNtMapViewOfSection64
TargetNtOpenFile
TargetNtOpenFile64
TargetNtOpenProcess
TargetNtOpenProcess64
TargetNtOpenProcessToken
TargetNtOpenProcessToken64
TargetNtOpenProcessTokenEx
TargetNtOpenProcessTokenEx64
TargetNtOpenThread
TargetNtOpenThread64
TargetNtOpenThreadToken
TargetNtOpenThreadToken64
TargetNtOpenThreadTokenEx
TargetNtOpenThreadTokenEx64
TargetNtQueryAttributesFile
TargetNtQueryAttributesFile64
TargetNtQueryFullAttributesFile
TargetNtQueryFullAttributesFile64
TargetNtSetInformationFile
TargetNtSetInformationFile64
TargetNtSetInformationThread
TargetNtSetInformationThread64
TargetNtUnmapViewOfSection
TargetNtUnmapViewOfSection64
TargetRegisterClassW
TargetRegisterClassW64
g_current_mitigations
g_handles_to_close
g_interceptions
g_nt
g_originals
g_sentinel_value_end
g_sentinel_value_start
g_shared_IPC_size
g_shared_delayed_integrity_level
g_shared_delayed_mitigations
g_shared_policy_size
g_shared_section
g_shared_startup_mitigations

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dde6055784bdca48a86ed484f2736fe0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:4f:d3:11:f7:b3:e0:4c:a8:cd:33:52:2d:f5:c9:37Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

bf:dc:df:03:80:dc:d0:84:0b:d1:39:fb:a1:0a:54:b4:fc:c5:87:fe:e0:f2:a4:9d:b2:c4:d0:e4:d9:36:2f:f3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

qt6webenginecore

qt6core

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

shell32

user32

winmm

ole32

Exports

Exports

Sections

.text Size: 512KB - Virtual size: 512KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 6KB - Virtual size: 29KB

.pdata Size: 28KB - Virtual size: 27KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:4f:d3:11:f7:b3:e0:4c:a8:cd:33:52:2d:f5:c9:37
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

bf:dc:df:03:80:dc:d0:84:0b:d1:39:fb:a1:0a:54:b4:fc:c5:87:fe:e0:f2:a4:9d:b2:c4:d0:e4:d9:36:2f:f3
Signer

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 6KB - Virtual size: 29KB

.pdata
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB