blackmoon | b4d5ebd0075280713610f135859d66b0_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

b4d5ebd0075280713610f135859d66b0_NeikiAnalytics
Size

3.8MB
MD5

b4d5ebd0075280713610f135859d66b0
SHA1

75530a125d041112506c783fb546b66aae9fb464
SHA256

211073e6b2fbd32654881cd08cb28311afdf93713dcd9ecb045cd7f00ab518bb
SHA512

e01780461bbf88447ca1dc2851e64739f1d03c5b433dda9d97651b9f1e948809c8cc29f74cf02f64425672d7039f7f1584ef53853b674a8d1425a689c60c464d
SSDEEP

98304:jwNR3Fszuhyuvl3MpuxpC3YDPGYHVTXZUUgxcvKT9:jaR3Fszuhnv9FC3YaaRyB

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4d5ebd0075280713610f135859d66b0_NeikiAnalytics

Files

b4d5ebd0075280713610f135859d66b0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

6368c87cf27c635b0dbf94ac8e147b12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GlobalFree
GetLocalTime
SetFilePointer
FindFirstFileA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GetTickCount
WriteFile
GetFileSize
ReadFile
GetModuleFileNameA
IsBadReadPtr
HeapReAlloc
lstrcmpiW
lstrcmpA
lstrlenW
lstrlenA
HeapFree
InterlockedDecrement
InterlockedIncrement
LocalSize
HeapAlloc
ExitProcess
SetConsoleMode
GetConsoleMode
GetStdHandle
MoveFileA
CreateDirectoryA
Wow64RevertWow64FsRedirection
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
VirtualAlloc
VirtualFree
GetEnvironmentVariableA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
FlushFileBuffers
SetErrorMode
GetProcessVersion
GetFileAttributesA
Sleep
GetCurrentProcessId
RtlMoveMemory
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle
FindResourceA
LoadResource
LockResource
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
lstrcpyA
lstrcatA
WritePrivateProfileStringA
GlobalFlags
MulDiv
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GetModuleHandleA
CreateFileA
GlobalUnlock
GlobalLock
GlobalAlloc
FreeConsole
SetConsoleTitleA
ReadConsoleA
WriteConsoleA
SetConsoleTextAttribute
AllocConsole
lstrcmpW
RtlZeroMemory
lstrcmpiA
HeapDestroy
HeapCreate
GetAtomNameW
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
GetProcessHeap
DeviceIoControl
WideCharToMultiByte
Wow64DisableWow64FsRedirection
TlsAlloc
LocalFree
LocalAlloc
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
GetLastError
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
DeleteCriticalSection
CreateThread
MultiByteToWideChar
TerminateProcess
lstrcatW
OpenProcess

user32

CreateMDIWindowW
CallWindowProcW
ShowWindow
PostMessageW
CopyIcon
GetIconInfo
ScreenToClient
ValidateRect
UpdateWindow
MoveWindow
SetParent
CreateDialogIndirectParamA
PostThreadMessageA
UnregisterClassA
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
MapWindowPoints
AdjustWindowRectEx
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
CreateWindowExA
GetClassLongA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
SetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GrayStringA
TabbedTextOutA
UnhookWindowsHookEx
GetWindowTextA
SetWindowTextA
DialogBoxParamW
GetDlgCtrlID
GetWindowTextLengthW
GetClassNameA
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
GetKeyState
CallNextHookEx
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
GetWindowLongA
SendMessageA
PostMessageA
SetActiveWindow
GetActiveWindow
GetForegroundWindow
SetWindowTextW
MessageBoxW
SetTimer
KillTimer
SetPropW
SetPropA
GetPropW
GetPropA
RemovePropW
RemovePropA
EnumPropsExW
LoadIconW
SetRect
IsIconic
IsZoomed
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
RegisterWindowMessageW
SystemParametersInfoW
UpdateLayeredWindow
CreateIconFromResourceEx
LoadImageW
DrawIconEx
CreateMenu
CreatePopupMenu
GetSystemMenu
LoadMenuW
GetMenuInfo
DestroyMenu
GetMenuItemCount
GetMenuItemInfoW
AppendMenuW
InsertMenuW
SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
SetForegroundWindow
TrackPopupMenu
GetMenuStringW
GetMenuItemRect
GetMenuState
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoW
SetMenuDefaultItem
LoadStringW
CharUpperW
CharLowerW
MessageBoxA
wsprintfA
DispatchMessageA
GetMessageA
PeekMessageA
CreateDialogParamW
EndDialog
DialogBoxIndirectParamW
SetWindowRgn
BeginPaint
EndPaint
TrackMouseEvent
MessageBoxTimeoutA
GetSysColor
GetDlgItem
GetAncestor
SetWindowLongW
GetAsyncKeyState
IsWindow
FindWindowExW
GetWindowLongW
GetClassNameW
SendMessageW
DestroyCursor
SetCursor
GetClientRect
GetWindowTextW
PtInRect
GetParent
SetCapture
ReleaseCapture
LoadCursorW
DestroyIcon
DestroyAcceleratorTable
DestroyWindow
SetClassLongW
GetClassLongW
CreateDialogIndirectParamW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
PostQuitMessage
DispatchMessageW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
TranslateMDISysAccel
IsChild
GetMessageW
GetFocus
GetKeyNameTextA
MapVirtualKeyA
InvalidateRect
ClientToScreen
FillRect
GetWindowDC
DefWindowProcW
OffsetRect
ReleaseDC
DrawTextA
GetDC
SetFocus
IsWindowVisible
GetNextDlgTabItem
GetWindowRect
SetWindowPos
EnableWindow
IsWindowEnabled
GetWindow

advapi32

DeleteService
ControlService
StartServiceA
CloseServiceHandle
OpenServiceA
CreateServiceA
OpenSCManagerA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

Shell_NotifyIconW
DragQueryFileW
DragFinish
DragAcceptFiles
CommandLineToArgvW
ShellExecuteA
SHGetSpecialFolderPathA

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
StringFromGUID2
GetHGlobalFromStream
CLSIDFromString

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
StrTrimW
StrToIntW
wvnsprintfW
PathFileExistsA
StrToIntExW

gdi32

GetDIBits
CreatePatternBrush
CreateEllipticRgn
CreateFontIndirectW
GetObjectW
StretchBlt
SetStretchBltMode
GetStretchBltMode
CreateDIBSection
CreateCompatibleDC
BitBlt
CreateRoundRectRgn
CreateSolidBrush
GetStockObject
SetBkColor
SetBkMode
SetTextColor
DeleteDC
SelectObject
DeleteObject
GetObjectA
CreateBitmap
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps

comctl32

InitCommonControlsEx
ord17

vmprotectsdk32

VMProtectSetSerialNumber
VMProtectGetSerialNumberState
VMProtectGetCurrentHWID

gdiplus

GdipCreateTexture
GdipSetImageAttributesOutputChannel
GdipSetImageAttributesOutputChannelColorProfile
GdipSetImageAttributesRemapTable
GdipSetImageAttributesWrapMode
GdipFillRectangle
GdipDeleteBrush
GdipDisposeImageAttributes
GdipDeleteGraphics
GdipDisposeImage
GdiplusStartup
GdipDeleteFont
GdipDeletePath
GdipDeleteRegion
GdipCreateImageAttributes
GdipCloneImageAttributes
GdipSetImageAttributesToIdentity
GdipResetImageAttributes
GdipSetImageAttributesThreshold
GdipGetLineSpacing
GdipGetCellDescent
GdipGetCellAscent
GdipGetEmHeight
GdipIsStyleAvailable
GdipGetFamilyName
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySerif
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipGetFontCollectionFamilyCount
GdipPrivateAddMemoryFont
GdipPrivateAddFontFile
GdipNewPrivateFontCollection
GdipNewInstalledFontCollection
GdipCreateSolidFill
GdipBitmapSetResolution
GdipCloneBitmapArea
GdipCreateBitmapFromResource
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipVectorTransformMatrixPoints
GdipTransformMatrixPoints
GdipShearMatrix
GdipScaleMatrix
GdipInvertMatrix
GdipRotateMatrix
GdipTranslateMatrix
GdipMultiplyMatrix
GdipGetMatrixElements
GdipSetMatrixElements
GdipCloneMatrix
GdipCreateMatrix3
GdipCreateMatrix2
GdipCreateMatrix
GdipGetRegionScans
GdipGetRegionScansCount
GdipIsVisibleRegionRect
GdipIsVisibleRegionPoint
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsEmptyRegion
GdipGetRegionHRgn
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionBounds
GdipTransformRegion
GdipTranslateRegion
GdipCombineRegionPath
GdipCombineRegionRegion
GdipCombineRegionRect
GdipSetEmpty
GdipSetInfinite
GdipCloneRegion
GdipCreateRegionRgnData
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipGetImageAttributesAdjustedPalette
GdipIsOutlineVisiblePathPoint
GdipSetImageAttributesNoOp
GdipWarpPath
GdipWindingModeOutline
GdipWidenPath
GdipFlattenPath
GdipGetPathWorldBounds
GdipTransformPath
GdipAddPathString
GdipAddPathPath
GdipAddPathPolygon
GdipAddPathPie
GdipAddPathEllipse
GdipAddPathRectangle
GdipAddPathClosedCurve2
GdipAddPathClosedCurve
GdipAddPathCurve2
GdipAddPathCurve
GdipAddPathBezier
GdipAddPathArc
GdipAddPathLine
GdipGetPathLastPoint
GdipReversePath
GdipClearPathMarkers
GdipSetPathMarker
GdipClosePathFigures
GdipClosePathFigure
GdipStartPathFigure
GdipGetPathData
GdipGetPointCount
GdipSetPathFillMode
GdipGetPathFillMode
GdipResetPath
GdipClonePath
GdipCreatePath2
GdipCreatePath
GdipGetFontHeightGivenDPI
GdipGetFontHeight
GdipGetFontUnit
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily
GdipGetLogFontA
GdipGetLogFontW
GdipCloneFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipDeletePrivateFontCollection
GdipCreateFontFromLogfontW
GdipCreateFont
GdipGetImageGraphicsContext
GdipCreateFromHWND
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateHICONFromBitmap
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetImageThumbnail
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageBounds
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipEndContainer
GdipBeginContainer2
GdipBeginContainer
GdipRestoreGraphics
GdipSaveGraphics
GdipIsVisibleRect
GdipIsVisiblePoint
GdipIsVisibleClipEmpty
GdipIsClipEmpty
GdipGetVisibleClipBounds
GdipGetClipBounds
GdipGetClip
GdipTranslateClip
GdipResetClip
GdipSetClipHrgn
GdipSetClipRegion
GdipSetClipRect
GdipSetClipPath
GdipSetClipGraphics
GdipDrawImagePointsRect
GdipDrawImagePointRect
GdipDrawImagePoints
GdipDrawImageRect
GdipDrawImageRectRect
GdipDrawImage
GdipDrawDriverString
GdipMeasureCharacterRanges
GdipCreateRegion
GdipMeasureString
GdipDrawString
GdipFillRegion
GdipFillClosedCurve2
GdipFillClosedCurve
GdipFillPath
GdipFillPie
GdipFillEllipse
GdipFillPolygon
GdipGraphicsClear
GdipDrawClosedCurve2
GdipDrawClosedCurve
GdipDrawCurve2
GdipDrawCurve
GdipDrawPath
GdipDrawPolygon
GdipDrawPie
GdipDrawEllipse
GdipSetImageAttributesGamma
GdipSetImageAttributesColorKeys
GdipIsVisiblePathPoint
GdipDrawRectangle
GdipDrawBezier
GdipDrawArc
GdipDrawLine
GdipGetNearestColor
GdipTransformPointsI
GdipTransformPoints
GdipGetDpiY
GdipGetDpiX
GdipGetPageScale
GdipSetPageScale
GdipGetPageUnit
GdipSetPageUnit
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipDeleteMatrix
GdipGetWorldTransform
GdipSetWorldTransform
GdipGetPixelOffsetMode
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipReleaseDC
GdipGetDC
GdipFlush
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipSetImageAttributesColorMatrix
GdipCreateRegionRect

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpCheckPlatform
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpSetOption
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpAddRequestHeaders

atl

ord42

crypt32

CryptStringToBinaryW

uxtheme

SetWindowTheme

msimg32

AlphaBlend

oledlg

ord8

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

Sections

.text
Size: 556KB - Virtual size: 552KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.2MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6368c87cf27c635b0dbf94ac8e147b12

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

gdi32

comctl32

vmprotectsdk32

gdiplus

winhttp

atl

crypt32

uxtheme

msimg32

oledlg

oleaut32

winspool.drv

Sections

.text Size: 556KB - Virtual size: 552KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 3.2MB - Virtual size: 3.3MB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 556KB - Virtual size: 552KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 3.2MB - Virtual size: 3.3MB

.rsrc
Size: 8KB - Virtual size: 5KB