2edf35f5191b383d24c18446cc4e053c3faf2c5555331a0d4694e0181f5aee6b_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2edf35f5191b383d24c18446cc4e053c3faf2c5555331a0d4694e0181f5aee6b_NeikiAnalytics.exe
Size

98KB
MD5

7b2d7388a1e10902044cdb8dbf67ba20
SHA1

cfe06611f9975a2405030d1a66b87e86dfebebde
SHA256

2edf35f5191b383d24c18446cc4e053c3faf2c5555331a0d4694e0181f5aee6b
SHA512

411dbf918c61bae6fa3edab140fc9f7812c2b8c6cce179b4109c4ce1102b94c27a05e395fb975ae60d8af5a1c12a884464a6516e42b30b18646067023258ea33
SSDEEP

1536:jnyvAv4aW2fyUd9pCdyjfKnyrR56aRjOefyhtAS2tszA:jshaWsvd7GyLKnyKyj/S2OzA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2edf35f5191b383d24c18446cc4e053c3faf2c5555331a0d4694e0181f5aee6b_NeikiAnalytics.exe

Files

2edf35f5191b383d24c18446cc4e053c3faf2c5555331a0d4694e0181f5aee6b_NeikiAnalytics.exe
.exe .js windows:6 windows x64 arch:x64 polyglot

debf9ccba72873db17416200a35b0672

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

openvr_api

VR_InitInternal
VR_ShutdownInternal
VR_GetInitToken
VR_IsInterfaceVersionValid
VR_GetGenericInterface
VR_RuntimePath

advapi32

RegOpenKeyExW
RegQueryValueExW

qt5quick

?staticMetaObject@QQuickRenderControl@@2UQMetaObject@@B
?wheelEvent@QQuickWindow@@MEAAXPEAVQWheelEvent@@@Z
?showEvent@QQuickWindow@@MEAAXPEAVQShowEvent@@@Z
?resizeEvent@QQuickWindow@@MEAAXPEAVQResizeEvent@@@Z
?renderWindow@QQuickRenderControl@@UEAAPEAVQWindow@@PEAVQPoint@@@Z
?qt_metacast@QQuickWindow@@UEAAPEAXPEBD@Z
?qt_metacast@QQuickRenderControl@@UEAAPEAXPEBD@Z
?qt_metacall@QQuickWindow@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacall@QQuickRenderControl@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?mouseReleaseEvent@QQuickWindow@@MEAAXPEAVQMouseEvent@@@Z
?mousePressEvent@QQuickWindow@@MEAAXPEAVQMouseEvent@@@Z
?mouseMoveEvent@QQuickWindow@@MEAAXPEAVQMouseEvent@@@Z
?mouseDoubleClickEvent@QQuickWindow@@MEAAXPEAVQMouseEvent@@@Z
?metaObject@QQuickWindow@@UEBAPEBUQMetaObject@@XZ
?metaObject@QQuickRenderControl@@UEBAPEBUQMetaObject@@XZ
?keyReleaseEvent@QQuickWindow@@MEAAXPEAVQKeyEvent@@@Z
?keyPressEvent@QQuickWindow@@MEAAXPEAVQKeyEvent@@@Z
?hideEvent@QQuickWindow@@MEAAXPEAVQHideEvent@@@Z
?focusOutEvent@QQuickWindow@@MEAAXPEAVQFocusEvent@@@Z
?focusObject@QQuickWindow@@UEBAPEAVQObject@@XZ
?focusInEvent@QQuickWindow@@MEAAXPEAVQFocusEvent@@@Z
?exposeEvent@QQuickWindow@@MEAAXPEAVQExposeEvent@@@Z
?event@QQuickWindow@@MEAA_NPEAVQEvent@@@Z
?accessibleRoot@QQuickWindow@@UEBAPEAVQAccessibleInterface@@XZ
?height@QQuickItem@@QEBANXZ
?width@QQuickItem@@QEBANXZ
?setParentItem@QQuickItem@@QEAAXPEAV1@@Z
?update@QQuickWindow@@QEAAXXZ
?resetOpenGLState@QQuickWindow@@QEAAXXZ
?setRenderTarget@QQuickWindow@@QEAAXPEAVQOpenGLFramebufferObject@@@Z
?contentItem@QQuickWindow@@QEBAPEAVQQuickItem@@XZ
??1QQuickWindow@@UEAA@XZ
??0QQuickWindow@@QEAA@PEAVQQuickRenderControl@@@Z
?sceneChanged@QQuickRenderControl@@QEAAXXZ
?renderRequested@QQuickRenderControl@@QEAAXXZ
?sync@QQuickRenderControl@@QEAA_NXZ
?render@QQuickRenderControl@@QEAAXXZ
?polishItems@QQuickRenderControl@@QEAAXXZ
?initialize@QQuickRenderControl@@QEAAXPEAVQOpenGLContext@@@Z
??1QQuickRenderControl@@UEAA@XZ
??0QQuickRenderControl@@QEAA@PEAVQObject@@@Z
?staticMetaObject@QQuickItem@@2UQMetaObject@@B

qt5gui

?bindDefault@QOpenGLFramebufferObject@@SA_NXZ
??1QGuiApplication@@UEAA@XZ
?exec@QGuiApplication@@SAHXZ
??0QSurfaceFormat@@QEAA@XZ
??1QSurfaceFormat@@QEAA@XZ
?setDepthBufferSize@QSurfaceFormat@@QEAAXH@Z
?setStencilBufferSize@QSurfaceFormat@@QEAAXH@Z
??0QOpenGLContext@@QEAA@PEAVQObject@@@Z
??1QOpenGLContext@@UEAA@XZ
?setFormat@QOpenGLContext@@QEAAXAEBVQSurfaceFormat@@@Z
?create@QOpenGLContext@@QEAA_NXZ
?touchEvent@QWindow@@MEAAXPEAVQTouchEvent@@@Z
?tabletEvent@QWindow@@MEAAXPEAVQTabletEvent@@@Z
?surfaceType@QWindow@@UEBA?AW4SurfaceType@QSurface@@XZ
?surfaceType@QOffscreenSurface@@UEBA?AW4SurfaceType@QSurface@@XZ
?surfaceHandle@QWindow@@EEBAPEAVQPlatformSurface@@XZ
?surfaceHandle@QOffscreenSurface@@EEBAPEAVQPlatformSurface@@XZ
?size@QWindow@@UEBA?AVQSize@@XZ
?size@QOffscreenSurface@@UEBA?AVQSize@@XZ
?qt_metacast@QOpenGLContext@@UEAAPEAXPEBD@Z
?qt_metacast@QOffscreenSurface@@UEAAPEAXPEBD@Z
?qt_metacall@QOpenGLContext@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacall@QOffscreenSurface@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?nativeEvent@QWindow@@MEAA_NAEBVQByteArray@@PEAXPEAJ@Z
?moveEvent@QWindow@@MEAAXPEAVQMoveEvent@@@Z
?metaObject@QOpenGLContext@@UEBAPEBUQMetaObject@@XZ
?metaObject@QOffscreenSurface@@UEBAPEBUQMetaObject@@XZ
?format@QWindow@@UEBA?AVQSurfaceFormat@@XZ
?format@QOffscreenSurface@@UEBA?AVQSurfaceFormat@@XZ
?glFlush@QOpenGLFunctions@@QEAAXXZ
??0QGuiApplication@@QEAA@AEAHPEAPEADH@Z
?texture@QOpenGLFramebufferObject@@QEBAIXZ
??1QOpenGLFramebufferObject@@UEAA@XZ
??0QOpenGLFramebufferObject@@QEAA@HHW4Attachment@0@II@Z
?textureId@QOpenGLTexture@@QEBAIXZ
??0QOpenGLTexture@@QEAA@AEBVQImage@@W4MipMapGeneration@0@@Z
??1QWheelEvent@@UEAA@XZ
??0QWheelEvent@@QEAA@AEBVQPointF@@0VQPoint@@1HW4Orientation@Qt@@V?$QFlags@W4MouseButton@Qt@@@@V?$QFlags@W4KeyboardModifier@Qt@@@@@Z
??1QMouseEvent@@UEAA@XZ
??0QMouseEvent@@QEAA@W4Type@QEvent@@AEBVQPointF@@1W4MouseButton@Qt@@V?$QFlags@W4MouseButton@Qt@@@@V?$QFlags@W4KeyboardModifier@Qt@@@@@Z
?setGeometry@QWindow@@QEAAXHHHH@Z
??1QImage@@UEAA@XZ
??0QImage@@QEAA@AEBVQString@@PEBD@Z
?setFormat@QOffscreenSurface@@QEAAXAEBVQSurfaceFormat@@@Z
?create@QOffscreenSurface@@QEAAXXZ
??1QOffscreenSurface@@UEAA@XZ
??0QOffscreenSurface@@QEAA@PEAVQScreen@@@Z
?functions@QOpenGLContext@@QEBAPEAVQOpenGLFunctions@@XZ
?makeCurrent@QOpenGLContext@@QEAA_NPEAVQSurface@@@Z
?format@QOpenGLContext@@QEBA?AVQSurfaceFormat@@XZ

qt5qml

??0QQmlComponent@@QEAA@PEAVQQmlEngine@@AEBVQUrl@@PEAVQObject@@@Z
??1QQmlComponent@@UEAA@XZ
?isError@QQmlComponent@@QEBA_NXZ
?errorString@QQmlComponent@@QEBA?AVQString@@XZ
?create@QQmlComponent@@UEAAPEAVQObject@@PEAVQQmlContext@@@Z
??0QQmlEngine@@QEAA@PEAVQObject@@@Z
??1QQmlEngine@@UEAA@XZ
?rootContext@QQmlEngine@@QEBAPEAVQQmlContext@@XZ
?setContextProperty@QQmlContext@@QEAAXAEBVQString@@PEAVQObject@@@Z
?setContextProperty@QQmlContext@@QEAAXAEBVQString@@AEBVQVariant@@@Z

qt5core

?staticMetaObject@QObject@@2UQMetaObject@@B
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?qUnregisterResourceData@@YA_NHPEBE00@Z
?qRegisterResourceData@@YA_NHPEBE00@Z
?object@QJsonDocument@@QEBA?AVQJsonObject@@XZ
?toJson@QJsonDocument@@QEBA?AVQByteArray@@XZ
?fromJson@QJsonDocument@@SA?AV1@AEBVQByteArray@@PEAUQJsonParseError@@@Z
??1QJsonDocument@@QEAA@XZ
??0QJsonDocument@@QEAA@AEBVQJsonObject@@@Z
?end@QJsonArray@@QEAA?AViterator@1@XZ
?begin@QJsonArray@@QEAA?AViterator@1@XZ
?removeAt@QJsonArray@@QEAAXH@Z
?append@QJsonArray@@QEAAXAEBVQJsonValue@@@Z
??1QJsonArray@@QEAA@XZ
??0QJsonArray@@QEAA@XZ
?toNativeSeparators@QDir@@SA?AVQString@@AEBV2@@Z
?absoluteFilePath@QFileInfo@@QEBA?AVQString@@XZ
??1QFileInfo@@QEAA@XZ
??0QFileInfo@@QEAA@AEBVQFile@@@Z
?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ
??AQJsonObject@@QEAA?AVQJsonValueRef@@AEBVQString@@@Z
??4QJsonObject@@QEAAAEAV0@AEBV0@@Z
??1QJsonObject@@QEAA@XZ
??0QJsonObject@@QEAA@XZ
?toValue@QJsonValueRef@@AEBA?AVQJsonValue@@XZ
?toObject@QJsonValueRef@@QEBA?AVQJsonObject@@XZ
?toArray@QJsonValueRef@@QEBA?AVQJsonArray@@XZ
??4QJsonValueRef@@QEAAAEAV0@AEBVQJsonValue@@@Z
??8QJsonValue@@QEBA_NAEBV0@@Z
??1QJsonValue@@QEAA@XZ
??0QJsonValue@@QEAA@AEBVQJsonObject@@@Z
??0QJsonValue@@QEAA@AEBVQJsonArray@@@Z
??0QJsonValue@@QEAA@PEBD@Z
??0QJsonValue@@QEAA@AEBVQString@@@Z
??0QJsonValue@@QEAA@_N@Z
??1QFile@@UEAA@XZ
??0QFile@@QEAA@AEBVQString@@@Z
?write@QIODevice@@QEAA_JAEBVQByteArray@@@Z
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ
?toUtf8@QString@@QEGBA?AVQByteArray@@XZ
??BQByteArray@@QEBAPEBDXZ
?warning@QMessageLogger@@QEBAXPEBDZZ
?staticMetaObject@QTimer@@2UQMetaObject@@B
?shared_null@QListData@@2UData@1@B
?timerEvent@QTimer@@MEAAXPEAVQTimerEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?qt_metacast@QTimer@@UEAAPEAXPEBD@Z
?qt_metacall@QTimer@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?metaObject@QTimer@@UEBAPEBUQMetaObject@@XZ
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?timeout@QTimer@@QEAAXUQPrivateSignal@1@@Z
?start@QTimer@@QEAAXXZ
?setInterval@QTimer@@QEAAXH@Z
??1QTimer@@UEAA@XZ
??0QTimer@@QEAA@PEAVQObject@@@Z
?notifyInternal2@QCoreApplication@@CA_NPEAVQObject@@PEAVQEvent@@@Z
?exit@QCoreApplication@@SAXH@Z
?arguments@QCoreApplication@@SA?AVQStringList@@XZ
?toPoint@QPointF@@QEBA?AVQPoint@@XZ
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z
??1QObject@@UEAA@XZ
??0QObject@@QEAA@PEAV0@@Z
?end@QListData@@QEBAPEAPEAXXZ
?begin@QListData@@QEBAPEAPEAXXZ
?at@QListData@@QEBAPEAPEAXH@Z
?size@QListData@@QEBAHXZ
?dispose@QListData@@SAXPEAUData@1@@Z
?toStdString@QString@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??4QString@@QEAAAEAV0@PEBD@Z
??8@YA_NAEBVQString@@0@Z
?fromUtf8@QString@@SA?AV1@PEBDH@Z
?append@QString@@QEAAAEAV1@AEBV1@@Z
??4QString@@QEAAAEAV0@$$QEAV0@@Z
??4QString@@QEAAAEAV0@AEBV0@@Z
??0QString@@QEAA@AEBV0@@Z
??0QString@@QEAA@XZ
??1Connection@QMetaObject@@QEAA@XZ
?fromLocalFile@QUrl@@SA?AV1@AEBVQString@@@Z
?url@QUrl@@QEBA?AVQString@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z
??1QUrl@@QEAA@XZ
??0QMessageLogger@@QEAA@PEBDH0@Z
?debug@QMessageLogger@@QEBAXPEBDZZ
?cast@QMetaObject@@QEBAPEAVQObject@@PEAV2@@Z
??1QByteArray@@QEAA@XZ
?constData@QByteArray@@QEBAPEBDXZ
??1QString@@QEAA@XZ
?toUtf8@QString@@QEHAA?AVQByteArray@@XZ
?fromWCharArray@QString@@SA?AV1@PEB_WH@Z
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@AEBVQString@@@Z
?fromNativeSeparators@QDir@@SA?AVQString@@AEBV2@@Z
??0QUrl@@QEAA@AEBVQString@@W4ParsingMode@0@@Z

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

kernel32

GetCommandLineW
GetSystemTimeAsFileTime
GetCurrentThreadId
LocalFree
InitializeSListHead
WideCharToMultiByte
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

vcruntime140

memset
__std_terminate
memmove
_CxxThrowException
__CxxFrameHandler3
memcpy
__C_specific_handler
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
_initialize_onexit_table
_cexit
_seh_filter_exe
_set_app_type
_initialize_narrow_environment
_configure_narrow_argv
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
terminate

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

shell32

CommandLineToArgvW

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

debf9ccba72873db17416200a35b0672

Headers

DLL Characteristics

File Characteristics

Imports

openvr_api

advapi32

qt5quick

qt5gui

qt5qml

qt5core

msvcp140

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

shell32

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 56B

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 512B - Virtual size: 436B

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 56B

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 512B - Virtual size: 436B