66ddc4c07ba919fdc674e68841f1693da6077e73fae99cfeff8a6773ee9ba64b_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

66ddc4c07ba919fdc674e68841f1693da6077e73fae99cfeff8a6773ee9ba64b_NeikiAnalytics.exe
Size

548KB
MD5

9e7870a7e1298ca0c5ad6d39d0bde740
SHA1

fc5e7e0390b07e55e9e7d9a9fd7089265d56a695
SHA256

66ddc4c07ba919fdc674e68841f1693da6077e73fae99cfeff8a6773ee9ba64b
SHA512

ddda413c83b87c3be1c2bf4b497853e200704635b509c0bcb20105603c9d23e09ab10cd3a0b0b7a1eadc8342338cf9278a321eb71707732a9febe621f6c0eaf2
SSDEEP

6144:CrKAT2piq/HTVfFyXd08EmYTWrxJ8rTBXQzfUZUOS6Ssy4LJfrjP4VPQ1kKfoiMY:zbTpY6SGkdcixDmihq

Score

1^/10

Malware Config

Signatures

Files

66ddc4c07ba919fdc674e68841f1693da6077e73fae99cfeff8a6773ee9ba64b_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

693cdde3331fde742cf57daea7be66bc

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:41:6a:06:83:b8:c1:91:de:e8:de:ee:c5:4d:ab:37
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/01/2024, 00:00

Not After

27/01/2027, 23:59

Subject

SERIALNUMBER=2023-001272252,CN=OBS Project\, LLC,O=OBS Project\, LLC,L=Sheridan,ST=Wyoming,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130757796f6d696e67,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\obs-deps\obs-deps\windows_build_temp\qt6\qtbase\build_x64\plugins\imageformats\qjpeg.pdb

Imports

qt6gui

?currentImageRect@QImageIOHandler@@UEBA?AVQRect@@XZ
?currentImageNumber@QImageIOHandler@@UEBAHXZ
?nextImageDelay@QImageIOHandler@@UEBAHXZ
?imageCount@QImageIOHandler@@UEBAHXZ
?loopCount@QImageIOHandler@@UEBAHXZ
?jumpToImage@QImageIOHandler@@UEAA_NH@Z
?jumpToNextImage@QImageIOHandler@@UEAA_NXZ
?qt_imageTransform@@YAXAEAVQImage@@V?$QFlags@W4Transformation@QImageIOHandler@@@@@Z
?qt_convert_rgb888_to_rgb32_ssse3@@YAXPEAIPEBEH@Z
?qt_convert_rgb888_to_rgb32@@YAXPEAIPEBEH@Z
?qt_getImageText@@YA?AV?$QMap@VQString@@V1@@@AEBVQImage@@AEBVQString@@@Z
?iccProfile@QColorSpace@@QEBA?AVQByteArray@@XZ
?fromIccProfile@QColorSpace@@SA?AV1@AEBVQByteArray@@@Z
??1QColorSpace@@QEAA@XZ
?allocateImage@QImageIOHandler@@SA_NVQSize@@W4Format@QImage@@PEAV4@@Z
?setFormat@QImageIOHandler@@QEBAXAEBVQByteArray@@@Z
?device@QImageIOHandler@@QEBAPEAVQIODevice@@XZ
??1QImageIOHandler@@UEAA@XZ
??0QImageIOHandler@@QEAA@XZ
?setText@QImage@@QEAAXAEBVQString@@0@Z
?setDotsPerMeterY@QImage@@QEAAXH@Z
?setDotsPerMeterX@QImage@@QEAAXH@Z
?dotsPerMeterY@QImage@@QEBAHXZ
?dotsPerMeterX@QImage@@QEBAHXZ
?setColorSpace@QImage@@QEAAXAEBVQColorSpace@@@Z
?staticMetaObject@QImageIOPlugin@@2UQMetaObject@@B
?setDevice@QImageIOHandler@@QEAAXPEAVQIODevice@@@Z
?setFormat@QImageIOHandler@@QEAAXAEBVQByteArray@@@Z
?qt_metacast@QImageIOPlugin@@UEAAPEAXPEBD@Z
?qt_metacall@QImageIOPlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
??0QImageIOPlugin@@QEAA@PEAVQObject@@@Z
??1QImageIOPlugin@@UEAA@XZ
??0QImage@@QEAA@AEBV0@@Z
??1QImage@@UEAA@XZ
??4QImage@@QEAAAEAV0@$$QEAV0@@Z
?isNull@QImage@@QEBA_NXZ
?copy@QImage@@QEBA?AV1@AEBVQRect@@@Z
?format@QImage@@QEBA?AW4Format@1@XZ
?convertToFormat@QImage@@QEHAA?AV1@W4Format@1@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?width@QImage@@QEBAHXZ
?height@QImage@@QEBAHXZ
?colorCount@QImage@@QEBAHXZ
?scanLine@QImage@@QEAAPEAEH@Z
?constScanLine@QImage@@QEBAPEBEH@Z
?colorTable@QImage@@QEBA?AV?$QList@I@@XZ
?scaled@QImage@@QEBA?AV1@AEBVQSize@@W4AspectRatioMode@Qt@@W4TransformationMode@4@@Z
?colorSpace@QImage@@QEBA?AVQColorSpace@@XZ

qt6core

qt_cpu_features
?staticMetaObject@QBuffer@@2UQMetaObject@@B
?isWarningEnabled@QLoggingCategory@@QEBA_NXZ
??1QLoggingCategory@@QEAA@XZ
??0QLoggingCategory@@QEAA@PEBDW4QtMsgType@@@Z
?data@QBuffer@@QEBAAEBVQByteArray@@XZ
?toSize@QVariant@@QEBA?AVQSize@@XZ
?toRect@QVariant@@QEBA?AVQRect@@XZ
?toString@QVariant@@QEBA?AVQString@@XZ
?toBool@QVariant@@QEBA_NXZ
?toInt@QVariant@@QEBAHPEA_N@Z
??4QVariant@@QEAAAEAV0@$$QEAV0@@Z
??0QVariant@@QEAA@VQRect@@@Z
??0QVariant@@QEAA@VQSize@@@Z
??0QVariant@@QEAA@AEBVQString@@@Z
??0QVariant@@QEAA@_N@Z
??0QVariant@@QEAA@H@Z
??0QVariant@@QEAA@AEBV0@@Z
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@XZ
?peek@QIODevice@@QEAA_JPEAD_J@Z
?write@QIODevice@@QEAA_JPEBD_J@Z
?read@QIODevice@@QEAA_JPEAD_J@Z
?readRawData@QDataStream@@QEAAHPEADH@Z
??5QDataStream@@QEAAAEAV0@AEAH@Z
??5QDataStream@@QEAAAEAV0@AEAF@Z
?isEmpty@QByteArray@@QEBA_NXZ
?data@QByteArray@@QEBAPEBDXZ
?size@QByteArray@@QEBA_JXZ
?isNull@QByteArray@@QEBA_NXZ
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?isOpen@QIODevice@@QEBA_NXZ
?isReadable@QIODevice@@QEBA_NXZ
?isWritable@QIODevice@@QEBA_NXZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
??0QMessageLogger@@QEAA@PEBDH00@Z
?warning@QMessageLogger@@QEBAXPEBDZZ
?allocate@QArrayData@@SAPEAXPEAPEAU1@_J11W4AllocationOption@1@@Z
?reallocateUnaligned@QArrayData@@SA?AU?$pair@PEAUQArrayData@@PEAX@std@@PEAU1@PEAX_J2W4AllocationOption@1@@Z
??0QChar@@QEAA@UQLatin1Char@@@Z
??0QByteArray@@QEAA@XZ
??0QByteArray@@QEAA@PEBD_J@Z
??0QByteArray@@QEAA@_JD@Z
??0QByteArray@@QEAA@AEBV0@@Z
??1QByteArray@@QEAA@XZ
??0QByteArray@@QEAA@$$QEAV0@@Z
?constData@QByteArray@@QEBAPEBDXZ
?mid@QByteArray@@QEBA?AV1@_J0@Z
?truncate@QByteArray@@QEAAX_J@Z
?append@QByteArray@@QEAAAEAV1@PEBD_J@Z
?append@QByteArray@@QEAAAEAV1@AEBV1@@Z
??YQByteArray@@QEAAAEAV0@PEBD@Z
??0QString@@QEAA@XZ
??0QString@@QEAA@VQLatin1String@@@Z
??0QString@@QEAA@AEBV0@@Z
??1QString@@QEAA@XZ
??4QString@@QEAAAEAV0@AEBV0@@Z
??4QString@@QEAAAEAV0@VQLatin1String@@@Z
??0QString@@QEAA@$$QEAV0@@Z
??4QString@@QEAAAEAV0@$$QEAV0@@Z
?indexOf@QString@@QEBA_JVQChar@@_JW4CaseSensitivity@Qt@@@Z
?indexOf@QString@@QEBA_JVQLatin1String@@_JW4CaseSensitivity@Qt@@@Z
?left@QString@@QEBA?AV1@_J@Z
?mid@QString@@QEBA?AV1@_J0@Z
?simplified@QString@@QEGBA?AV1@XZ
?append@QString@@QEAAAEAV1@AEBV1@@Z
?append@QString@@QEAAAEAV1@VQLatin1String@@@Z
?toUtf8@QString@@QEGBA?AVQByteArray@@XZ
?fromUtf8@QString@@SA?AV1@PEBD_J@Z
?cast@QMetaObject@@QEBAPEBVQObject@@PEBV2@@Z
??0QRect@@QEAA@HHHH@Z
?topLeft@QRect@@QEBA?AVQPoint@@XZ
?translate@QRect@@QEAAXAEBVQPoint@@@Z
?size@QRect@@QEBA?AVQSize@@XZ
??IQRect@@QEBA?AV0@AEBV0@@Z
??0QDataStream@@QEAA@PEAVQByteArray@@V?$QFlags@W4OpenModeFlag@QIODeviceBase@@@@@Z
??1QDataStream@@QEAA@XZ
?status@QDataStream@@QEBA?AW4Status@1@XZ
?setByteOrder@QDataStream@@QEAAXW4ByteOrder@1@@Z

vcruntime140

longjmp
memset
__C_specific_handler
__intrinsic_setjmp
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
memcpy
memmove
memcmp

api-ms-win-crt-runtime-l1-1-0

exit
_crt_atexit
_cexit
_initterm_e
_seh_filter_dll
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-math-l1-1-0

ceil

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-environment-l1-1-0

getenv_s

kernel32

TerminateProcess
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata_v2

Sections

.text
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 133B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

693cdde3331fde742cf57daea7be66bc

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29Certificate

Extended Key Usages

Key Usages

0d:41:6a:06:83:b8:c1:91:de:e8:de:ee:c5:4d:ab:37Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt6gui

qt6core

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-environment-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 411KB - Virtual size: 411KB

.rdata Size: 110KB - Virtual size: 110KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 14KB - Virtual size: 13KB

.qtmetad Size: 512B - Virtual size: 133B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 460B

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

0d:41:6a:06:83:b8:c1:91:de:e8:de:ee:c5:4d:ab:37
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

.text
Size: 411KB - Virtual size: 411KB

.rdata
Size: 110KB - Virtual size: 110KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 14KB - Virtual size: 13KB

.qtmetad
Size: 512B - Virtual size: 133B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 460B