blackmoon | c2f78f12fd0107cffab72265f8cdf620_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

c2f78f12fd0107cffab72265f8cdf620_NeikiAnalytics
Size

5.0MB
MD5

c2f78f12fd0107cffab72265f8cdf620
SHA1

9b9eb0170300274fcb2ad3df6f8ad767edc70ca6
SHA256

f8fa7318912f5a265f9bd63b91a52a9d746aaef531964648971578cf216a61fc
SHA512

dd65156b85cce75567723b7a689e25dcce48a97050379253dc1d8b135e23a8a971712f74959af595661cd37a7ddec2e30261da48ab16c9b7feb774e0f1e5ba8f
SSDEEP

49152:qaI6wfHtOeid5HHGcPPtqwmCEWsu/VJ+Qe6ETdnlj74ytp:HI6UH3iLHHDPY1WsumQepl

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2f78f12fd0107cffab72265f8cdf620_NeikiAnalytics

Files

c2f78f12fd0107cffab72265f8cdf620_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

28f00f935cb1bd6f60dac37738bc2a5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Module32First
ReleaseMutex
VirtualAllocEx
OpenThread
BeginUpdateResourceA
EndUpdateResourceA
UpdateResourceA
GetSystemDirectoryA
ExpandEnvironmentStringsA
GlobalUnlock
GlobalSize
HeapCreate
HeapAlloc
ReleaseSemaphore
GetVersionExA
GetModuleFileNameA
CopyFileA
GetTempFileNameA
GetTempPathA
ReadProcessMemory
HeapFree
HeapDestroy
GetProcessHeap
ExitProcess
HeapReAlloc
IsBadReadPtr
WritePrivateProfileStringA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetPrivateProfileStringA
WriteFile
CreateFileA
DeleteFileA
ReadFile
GetFileSize
SetFilePointer
GetUserDefaultLCID
GlobalFree
GlobalLock
GlobalAlloc
GetEnvironmentVariableA
Sleep
LCMapStringA
GetCommandLineA
FreeConsole
WriteConsoleA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
FlushFileBuffers
SetStdHandle
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
RaiseException
IsBadWritePtr
VirtualFree
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetVersion
DeleteCriticalSection
CreateThread
FreeLibrary
OutputDebugStringA
SetConsoleTextAttribute
SetConsoleTitleA
GetStdHandle
AllocConsole
CreateDirectoryW
CreateMutexA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetLocalTime
lstrcpyn
GetModuleHandleA
SetPriorityClass
VirtualAlloc
GetProcAddress
AddVectoredExceptionHandler
SetWaitableTimer
CreateWaitableTimerA
GetLastError
GetSystemInfo
DebugActiveProcessStop
ContinueDebugEvent
WaitForDebugEvent
DebugActiveProcess
GetTimeFormatA
GetDateFormatA
FindClose
FindFirstFileW
MultiByteToWideChar
lstrlenA
GetCurrentThreadId
WideCharToMultiByte
lstrlenW
GetTickCount
IsBadCodePtr
CreateEventA
OpenEventA
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
RtlMoveMemory
GetCurrentProcessId
CloseHandle
LocalFree
LocalAlloc
OpenProcess
LoadLibraryA
GetCurrentProcess

user32

GetDC
ReleaseDC
SetWindowRgn
FillRect
DrawIconEx
EnableWindow
GetLastActivePopup
CallWindowProcA
GetScrollInfo
SendInput
SetKeyboardState
VkKeyScanW
SetCursorPos
mouse_event
RegisterWindowMessageA
MessageBoxTimeoutW
SystemParametersInfoA
GetKeyboardLayoutList
GetCursorInfo
EnumWindows
GetDCEx
ScreenToClient
UnhookWindowsHookEx
WindowFromDC
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
IsWindowVisible
FindWindowExA
GetWindowThreadProcessId
GetParent
UnloadKeyboardLayout
GetClassNameA
GetWindowTextLengthW
GetWindowTextW
SetWindowPos
EnumDisplaySettingsA
PrintWindow
ClientToScreen
DrawIcon
ChildWindowFromPointEx
GetSystemMetrics
IsIconic
OpenIcon
AttachThreadInput
SetActiveWindow
GetDlgItem
GetWindowDC
GetAsyncKeyState
GetActiveWindow
MessageBoxTimeoutA
MsgWaitForMultipleObjects
GetWindowRect
MoveWindow
SendMessageA
GetWindowInfo
SetForegroundWindow
IsZoomed
MapVirtualKeyA
SwitchToThisWindow
WindowFromPoint
GetMenuBarInfo
GetAncestor
RedrawWindow
EnableMenuItem
ShowWindow
FindWindowA
IsWindowEnabled
GetWindow
GetWindowTextA
GetWindowTextLengthA
ChangeDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplayDevicesW
IsWindow
GetCursorPos

gdi32

StretchBlt
GetCurrentObject
EnumFontFamiliesExA
RemoveFontResourceA
CreateBitmap
GetTextExtentPoint32A
SetTextCharacterExtra
CreateFontA
GetDeviceCaps
SelectObject
GetStockObject
Rectangle
CreateCompatibleDC
BitBlt
CreateDIBSection
GetDIBits
CreateRoundRectRgn
CreateSolidBrush
CreateDIBitmap
GetFontResourceInfoW
AddFontResourceA

advapi32

AllocateAndInitializeSid
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
DeleteService
OpenServiceA
CreateServiceA
OpenSCManagerA
CloseServiceHandle
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
FreeSid
EqualSid
OpenProcessToken
GetTokenInformation

vmprotectsdk32

VMProtectDecryptStringA

oleaut32

VariantClear
SystemTimeToVariantTime
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
OleLoadPicture
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
SafeArrayDestroy
VariantTimeToSystemTime

ole32

CLSIDFromProgID
CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CoInitialize
OleRun
CoCreateInstance
GetHGlobalFromStream

shlwapi

PathFindFileNameA
PathIsDirectoryW
PathRemoveBlanksA
PathFileExistsA

psapi

GetModuleFileNameExA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

imm32

ImmInstallIMEA

gdiplus

GdiplusStartup
GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.8MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

28f00f935cb1bd6f60dac37738bc2a5c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

vmprotectsdk32

oleaut32

ole32

shlwapi

psapi

version

imm32

gdiplus

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 3.8MB - Virtual size: 3.9MB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 3.8MB - Virtual size: 3.9MB