blackmoon | 667e10c4b35fa32e80cc879c2dc416b0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

667e10c4b35fa32e80cc879c2dc416b0_NeikiAnalytics.exe
Size

1.3MB
MD5

667e10c4b35fa32e80cc879c2dc416b0
SHA1

06dcbcd47c8e95394178d4432ae70721884f176a
SHA256

c4d5e64c65a64299256796bee94452c33c850896e27f1c0b7ebd4718b64adcaf
SHA512

9167e9df4f309bea913dcb37f984472b1133497ffe9a972d7bb937c8453338934b71d3734eb46a9115fd7ebd6dee4a389cc51786bbc060a6710224cf4db190c2
SSDEEP

24576:Ym+sTK3HbVEjaD1s+RPp/JCF40Psag+thFe87S3wuGcB:Y72iRBosadtCAHc

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
667e10c4b35fa32e80cc879c2dc416b0_NeikiAnalytics.exe

Files

667e10c4b35fa32e80cc879c2dc416b0_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

b020fea64565169ea9c7f92bb9210206

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
GetCurrentProcess
GetVersionExA
TerminateProcess
GetTempPathA
GetWindowsDirectoryA
lstrcpyA
GetSystemDirectoryA
SetLastError
lstrcatA
GetVersion
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
LocalFree
FlushFileBuffers
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
InterlockedExchange
GetModuleHandleExA
CreateToolhelp32Snapshot
Thread32First
Thread32Next
RtlMoveMemory
VirtualAlloc
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalUnlock
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
GetCurrentProcessId
LoadLibraryA
lstrlenA
MultiByteToWideChar
WriteProcessMemory
CreateDirectoryA
MoveFileA
CreateFileA
ReadDirectoryChangesW
GetLogicalDriveStringsA
WideCharToMultiByte
GetLocalTime
LocalAlloc
IsWow64Process
lstrcpyn
lstrlenW
GlobalAlloc
IsBadReadPtr
GlobalFree
GetTickCount
OpenThread
GetThreadContext
Module32First
VirtualProtect
DeviceIoControl
FreeLibrary
lstrcpynA
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
GetModuleFileNameA
DeleteFileA
CloseHandle
ReadFile
GetFileSize
WriteFile
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
GetEnvironmentVariableA
GetLastError
Sleep
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetCommandLineA
LCMapStringA
CreateThread

ws2_32

connect
ioctlsocket
shutdown
WSACleanup
inet_addr
socket
closesocket
select
__WSAFDIsSet
send
inet_ntoa
WSAGetLastError
recv
gethostbyname
WSAStartup
ntohs
htons

shlwapi

PathFileExistsA

user32

GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
UnregisterClassA
GetDlgCtrlID
GetMenuItemCount
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
SetCursor
GetKeyState
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
wvsprintfA
SetWindowTextA
ReleaseDC
GetDC
GetRawInputData
EnumChildWindows
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
EnumWindows
CallNextHookEx
ValidateRect
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
SystemParametersInfoA
GetClassNameA
SendMessageA
GetWindowRect
PostMessageA
PostQuitMessage
SetForegroundWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
EnableWindow
SetWindowsHookExA
GetLastActivePopup
MessageBoxA
wsprintfA
GetSystemMetrics
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetParent
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetTopWindow

gdi32

GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
SetMapMode
GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetObjectA
GetStockObject
PtVisible
Escape
RectVisible
TextOutA
ExtTextOutA

advapi32

RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
LookupAccountSidA
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

vmprotectsdk32

VMProtectBeginMutation
VMProtectEnd

psapi

GetProcessImageFileNameA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

shell32

SHGetSpecialFolderPathA

comctl32

ord17

Exports

Exports

IntitACE

Sections

.text
Size: 296KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1000KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b020fea64565169ea9c7f92bb9210206

Headers

File Characteristics

Imports

kernel32

ws2_32

shlwapi

user32

gdi32

advapi32

vmprotectsdk32

psapi

winspool.drv

shell32

comctl32

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 294KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 1000KB - Virtual size: 1.1MB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 296KB - Virtual size: 294KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 1000KB - Virtual size: 1.1MB

.reloc
Size: 36KB - Virtual size: 35KB