24b2197c557b15557a90723f5ef03bc66928a3b4b33db1c2bff22c59985de58d_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

24b2197c557b15557a90723f5ef03bc66928a3b4b33db1c2bff22c59985de58d_NeikiAnalytics.exe
Size

61KB
MD5

83fac4867ac8dee3f9f95c46ccb69630
SHA1

4120de85f5e8cf3569727c5d857802cebb533a88
SHA256

24b2197c557b15557a90723f5ef03bc66928a3b4b33db1c2bff22c59985de58d
SHA512

c83e56380590158e7575b00da626b464ab73899a20c991d47d9a34f195488727a79936a8047a1311969fa73227b6c9e1269ef135a05d3211d261d1c638567f62
SSDEEP

768:SNDNYcGt4HR7EPODqlf0A7cDDeiyIDzVmitpZi9InuEGNtP+29uFN6lediua:SNycGC9EPl0A7cnzVjOes+2G6l5ua

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24b2197c557b15557a90723f5ef03bc66928a3b4b33db1c2bff22c59985de58d_NeikiAnalytics.exe

Files

24b2197c557b15557a90723f5ef03bc66928a3b4b33db1c2bff22c59985de58d_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

d731e423338b24193781f0a0ea0c8fa8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

M:\.cs\e537c8\1\qtbase\plugins\generic\qtuiotouchplugin.pdb

Imports

qt5gui

?topLevelWindows@QGuiApplication@@SA?AV?$QList@PEAVQWindow@@@@XZ
?registerTouchDevice@QWindowSystemInterface@@SAXPEBVQTouchDevice@@@Z
?setCapabilities@QTouchDevice@@QEAAXV?$QFlags@W4CapabilityFlag@QTouchDevice@@@@@Z
?setType@QTouchDevice@@QEAAXW4DeviceType@1@@Z
?focusWindow@QGuiApplication@@SAPEAVQWindow@@XZ
??$handleTouchEvent@UDefaultDelivery@QWindowSystemInterface@@@QWindowSystemInterface@@SA_NPEAVQWindow@@PEAVQTouchDevice@@AEBV?$QList@UTouchPoint@QWindowSystemInterface@@@@V?$QFlags@W4KeyboardModifier@Qt@@@@@Z
?setName@QTouchDevice@@QEAAXAEBVQString@@@Z
??0QTouchDevice@@QEAA@XZ
?mapToGlobal@QWindow@@QEBA?AVQPoint@@AEBV2@@Z
?fromTranslate@QTransform@@SA?AV1@NN@Z
?map@QTransform@@QEBA?AVQPointF@@AEBV2@@Z
??XQTransform@@QEAAAEAV0@AEBV0@@Z
?rotate@QTransform@@QEAAAEAV1@NW4Axis@Qt@@@Z
?scale@QTransform@@QEAAAEAV1@NN@Z
?translate@QTransform@@QEAAAEAV1@NN@Z
?type@QTransform@@QEBA?AW4TransformationType@1@XZ
??4QTransform@@QEAAAEAV0@AEBV0@@Z
??0QTransform@@QEAA@XZ
??1QGenericPlugin@@UEAA@XZ
??0QGenericPlugin@@QEAA@PEAVQObject@@@Z
?qt_metacall@QGenericPlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QGenericPlugin@@UEAAPEAXPEBD@Z
?staticMetaObject@QGenericPlugin@@2UQMetaObject@@B

qt5network

?readDatagram@QUdpSocket@@QEAA_JPEAD_JPEAVQHostAddress@@PEAG@Z
?pendingDatagramSize@QUdpSocket@@QEBA_JXZ
?hasPendingDatagrams@QUdpSocket@@QEBA_NXZ
??1QUdpSocket@@UEAA@XZ
??0QUdpSocket@@QEAA@PEAVQObject@@@Z
??1QHostAddress@@QEAA@XZ
??0QHostAddress@@QEAA@W4SpecialAddress@0@@Z
??0QHostAddress@@QEAA@XZ
?bind@QAbstractSocket@@QEAA_NAEBVQHostAddress@@GV?$QFlags@W4BindFlag@QAbstractSocket@@@@@Z

qt5core

?shared_null@QMapDataBase@@2U1@B
?staticMetaObject@QIODevice@@2UQMetaObject@@B
?staticMetaObject@QObject@@2UQMetaObject@@B
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z
?compare@QString@@QEBAHVQLatin1String@@W4CaseSensitivity@Qt@@@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
??0QMessageLogger@@QEAA@PEBDH00@Z
?warning@QMessageLogger@@QEBAXPEBDZZ
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ
?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?deallocate@QArrayData@@SAXPEAU1@_K1@Z
?sharedNull@QArrayData@@SAPEAU1@XZ
?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z
??0QByteArray@@QEAA@XZ
??0QByteArray@@QEAA@PEBDH@Z
??0QByteArray@@QEAA@AEBV0@@Z
??1QByteArray@@QEAA@XZ
??4QByteArray@@QEAAAEAV0@AEBV0@@Z
??0QByteArray@@QEAA@$$QEAV0@@Z
??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z
?constData@QByteArray@@QEBAPEBDXZ
?indexOf@QByteArray@@QEBAHDH@Z
?mid@QByteArray@@QEBA?AV1@HH@Z
?startsWith@QByteArray@@QEBA_NAEBV1@@Z
?startsWith@QByteArray@@QEBA_ND@Z
?toHex@QByteArray@@QEBA?AV1@XZ
?detach@QListData@@QEAAPEAUData@1@H@Z
?dispose@QListData@@SAXPEAUData@1@@Z
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@AEBV0@@Z
??1QDebug@@QEAA@XZ
??6QDebug@@QEAAAEAV0@AEBVQByteArray@@@Z
??0QLoggingCategory@@QEAA@PEBD@Z
??1QLoggingCategory@@QEAA@XZ
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ
?isWarningEnabled@QLoggingCategory@@QEBA_NXZ
?shared_null@QListData@@2UData@1@B
?warning@QMessageLogger@@QEBA?AVQDebug@@XZ
?at@QByteArray@@QEBADH@Z
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?append@QListData@@QEAAPEAPEAXXZ
??0QVariant@@QEAA@H@Z
??0QVariant@@QEAA@M@Z
??0QVariant@@QEAA@AEBVQByteArray@@@Z
??6@YA?AVQDebug@@V0@AEBVQVariant@@@Z
??6QTextStream@@QEAAAEAV0@D@Z
??6QDebug@@QEAAAEAV0@D@Z
??6QDebug@@QEAAAEAV0@PEBD@Z
?qEnvironmentVariableIsSet@@YA_NPEBD@Z
??1Connection@QMetaObject@@QEAA@XZ
?resize@QByteArray@@QEAAXH@Z
?data@QByteArray@@QEAAPEADXZ
??1QString@@QEAA@XZ
??6QDebug@@QEAAAEAV0@M@Z
?startsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?split@QString@@QEBA?AVQStringList@@VQChar@@V?$QFlags@W4SplitBehaviorFlags@Qt@@@@W4CaseSensitivity@Qt@@@Z
?toInt@QString@@QEBAHPEA_NH@Z
??8QString@@QEBA_NPEBD@Z
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z
?toPoint@QPointF@@QEBA?AVQPoint@@XZ
??0?$QVector@VQPointF@@@@QEAA@XZ
??0?$QVector@VQPointF@@@@QEAA@AEBV0@@Z
??1?$QVector@VQPointF@@@@QEAA@XZ
?realloc@QListData@@QEAAXH@Z
??0QObject@@QEAA@PEAV0@@Z
??1QObject@@UEAA@XZ
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z
?nextNode@QMapNodeBase@@QEBAPEBU1@XZ
?freeNodeAndRebalance@QMapDataBase@@QEAAXPEAUQMapNodeBase@@@Z
?recalcMostLeftNode@QMapDataBase@@QEAAXXZ
?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z
?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z
?createData@QMapDataBase@@SAPEAU1@XZ
?freeData@QMapDataBase@@SAXPEAU1@@Z
?errorString@QIODevice@@QEBA?AVQString@@XZ
?readyRead@QIODevice@@QEAAXXZ
?userType@QVariant@@QEBAHXZ
?toInt@QVariant@@QEBAHPEA_N@Z
?toFloat@QVariant@@QEBAMPEA_N@Z
?toByteArray@QVariant@@QEBA?AVQByteArray@@XZ
??6QDebug@@QEAAAEAV0@H@Z
?section@QString@@QEBA?AV1@VQChar@@HHV?$QFlags@W4SectionFlag@QString@@@@@Z

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime

vcruntime140

memcpy
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_dll
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_register_onexit_function

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 105B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d731e423338b24193781f0a0ea0c8fa8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt5gui

qt5network

qt5core

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.qtmetad Size: 512B - Virtual size: 105B

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 512B - Virtual size: 172B

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.qtmetad
Size: 512B - Virtual size: 105B

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 172B