blackmoon | e183b8e869ec7d85da4b454338c42a70_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

e183b8e869ec7d85da4b454338c42a70_NeikiAnalytics
Size

5.0MB
MD5

e183b8e869ec7d85da4b454338c42a70
SHA1

083833506328e321a54385bfe5e91c2fb0aa1cef
SHA256

65ee6447d161a39d9a74aa72dffa5750e021722e4536d74b6e9bbd01ea275fef
SHA512

d0c9dfe190ffaca8af83f4cf7bcd334eda761fceabca4fee7c67fe234fabb143fbfd535473b12098a5066c5cb63727ebd5a2806d00246bf0efe1c30970dde814
SSDEEP

49152:NkRWjPNFVVtIdVRSETdnl+HHGcPPtqwmCEWsu/VJ+QeL7Eyyp:cWjd7kRhsHHDPY1WsumQeP

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e183b8e869ec7d85da4b454338c42a70_NeikiAnalytics

Files

e183b8e869ec7d85da4b454338c42a70_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

f40f4f824a88214c21c0ae0e56c01523

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
BeginUpdateResourceA
EndUpdateResourceA
UpdateResourceA
GetSystemDirectoryA
ExpandEnvironmentStringsA
GlobalUnlock
GlobalSize
HeapCreate
HeapAlloc
ReadProcessMemory
HeapFree
HeapDestroy
GetProcessHeap
ExitProcess
HeapReAlloc
IsBadReadPtr
WritePrivateProfileStringA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetPrivateProfileStringA
WriteFile
CreateFileA
DeleteFileA
ReadFile
GetFileSize
SetFilePointer
GetUserDefaultLCID
GlobalFree
GlobalLock
GlobalAlloc
GetEnvironmentVariableA
Sleep
LCMapStringA
GetCommandLineA
FreeLibrary
LoadLibraryA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetTempFileNameA
GetModuleFileNameA
FlushFileBuffers
SetStdHandle
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
RaiseException
IsBadWritePtr
VirtualFree
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetVersion
DeleteCriticalSection
CreateThread
CopyFileA
GetVersionExA
ReleaseSemaphore
OpenThread
VirtualAllocEx
ReleaseMutex
Module32First
CreateMutexA
GetModuleHandleA
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
lstrcpyn
GetSystemTimeAsFileTime
GetLocalTime
VirtualAlloc
GetProcAddress
AddVectoredExceptionHandler
SetWaitableTimer
CreateWaitableTimerA
GetLastError
GetSystemInfo
DebugActiveProcessStop
ContinueDebugEvent
WaitForDebugEvent
DebugActiveProcess
FindClose
FindFirstFileW
MultiByteToWideChar
lstrlenA
GetCurrentThreadId
WideCharToMultiByte
lstrlenW
GetTickCount
IsBadCodePtr
CreateEventA
OpenEventA
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
RtlMoveMemory
GetCurrentProcessId
CloseHandle
LocalFree
LocalAlloc
OpenProcess
GetCurrentProcess

user32

SetWindowRgn
FillRect
DrawIconEx
EnableWindow
GetLastActivePopup
CallWindowProcA
GetScrollInfo
UnhookWindowsHookEx
RegisterWindowMessageA
SendInput
SetKeyboardState
VkKeyScanW
SetCursorPos
mouse_event
MessageBoxTimeoutW
SystemParametersInfoA
GetKeyboardLayoutList
UnloadKeyboardLayout
EnumDisplaySettingsA
DrawIcon
ScreenToClient
WindowFromDC
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetDC
ReleaseDC
IsWindowVisible
FindWindowExA
GetWindowThreadProcessId
GetParent
GetClassNameA
GetDCEx
GetWindowTextLengthW
PrintWindow
ClientToScreen
GetCursorInfo
ChildWindowFromPointEx
GetWindowTextW
SetWindowPos
GetSystemMetrics
IsIconic
OpenIcon
AttachThreadInput
SetActiveWindow
EnumWindows
GetDlgItem
GetAsyncKeyState
GetActiveWindow
MessageBoxTimeoutA
MsgWaitForMultipleObjects
GetWindowInfo
SetForegroundWindow
GetCursorPos
GetWindowRect
MoveWindow
GetWindowDC
IsZoomed
MapVirtualKeyA
SwitchToThisWindow
WindowFromPoint
GetMenuBarInfo
GetAncestor
RedrawWindow
EnableMenuItem
ShowWindow
FindWindowA
IsWindow
IsWindowEnabled
GetWindow
GetWindowTextA
GetWindowTextLengthA
ChangeDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplayDevicesW
SendMessageA

gdi32

StretchBlt
GetCurrentObject
EnumFontFamiliesExA
RemoveFontResourceA
CreateBitmap
GetTextExtentPoint32A
SetTextCharacterExtra
GetDeviceCaps
SelectObject
GetStockObject
Rectangle
CreateCompatibleDC
BitBlt
CreateDIBSection
GetDIBits
CreateRoundRectRgn
CreateSolidBrush
CreateDIBitmap
AddFontResourceA
CreateFontA
GetFontResourceInfoW

advapi32

AllocateAndInitializeSid
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
DeleteService
OpenServiceA
CreateServiceA
OpenSCManagerA
CloseServiceHandle
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
FreeSid
EqualSid
OpenProcessToken
GetTokenInformation

oleaut32

SafeArrayCreate
VariantTimeToSystemTime
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
OleLoadPicture
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayDestroy
SysAllocString
VariantClear
SystemTimeToVariantTime

ole32

CoCreateInstance
OleRun
GetHGlobalFromStream
CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CoInitialize
CLSIDFromProgID

shlwapi

PathFindFileNameA
PathRemoveBlanksA
PathFileExistsA

vmprotectsdk32

VMProtectDecryptStringA

psapi

GetModuleFileNameExA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

imm32

ImmInstallIMEA

gdiplus

GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown
GdiplusStartup

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.8MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f40f4f824a88214c21c0ae0e56c01523

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

oleaut32

ole32

shlwapi

vmprotectsdk32

psapi

version

imm32

gdiplus

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 3.8MB - Virtual size: 3.9MB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 3.8MB - Virtual size: 3.9MB