blackmoon | 4254a9db6a2ff04c40ddf55018388b70_NeikiAnalytics

General

Target

4254a9db6a2ff04c40ddf55018388b70_NeikiAnalytics
Size

3.1MB
MD5

4254a9db6a2ff04c40ddf55018388b70
SHA1

a9ba7393ca5d0bb8a2566055356d3e74d9278c94
SHA256

04a29ae259c14bf2f98a4241e5ad98603a0e27a0a9fb83e9e32fe5fc56190e23
SHA512

9a27bea1d0bcefc652e660d657c0adac63266f0936dc2062c370342daee55f2b3f1c1996d51d5a3d912dda56ab9051b9eeace4741e73e95d5409beb04f33a50c
SSDEEP

49152:NbM84p+pCQbM84p4/O/4MnYYJ2ZhqSGLHkJEMAWo3n2bjlJ+MYu8m1/N9hGx:NYfyCQYf4DIDQTgxK8mzHC

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4254a9db6a2ff04c40ddf55018388b70_NeikiAnalytics

Files

4254a9db6a2ff04c40ddf55018388b70_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

1481c45e4f1d6c24b1676491f996ac1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cliconfg.pdb

Imports

msvcrt

__set_app_type
__p__fmode
_except_handler3
_adjust_fdiv
__setusermatherr
_controlfp
__p__commode
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcsrchr
wcslen
wcscpy
wcscat
_wcsicmp

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

kernel32

GetModuleFileNameW
GetLastError
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetStartupInfoA
GetModuleHandleA
SetUnhandledExceptionFilter
GetTickCount

user32

TranslateMessage
SetWindowLongW
PostQuitMessage
ShowWindow

sqlunirl

_LoadLibrary@4
_DefWindowProc@16
_PostMessage@16
_FormatMessage@28
_MessageBox@16
_GetProcAddress_@8
_CreateWindowEx@48
_LoadCursor@8
_LoadIcon@8
_MAKEINTRESOURCE@4
_GetUnicodeRedirectionLayer@0
_GetToolsFilePath@16

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1481c45e4f1d6c24b1676491f996ac1b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

sqlunirl

Sections

.text Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 132B

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 132B

.rsrc
Size: 4KB - Virtual size: 2KB