blackmoon | 01041fe245004a237aa5ac360bbd03922963cbae0d58ec6a6b69c37906f19be8_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

01041fe245004a237aa5ac360bbd03922963cbae0d58ec6a6b69c37906f19be8_NeikiAnalytics.exe
Size

752KB
MD5

a181022e151d9fc4d028e1153e709000
SHA1

e6058482c865fc72519e3509c28cae55b5aaf445
SHA256

01041fe245004a237aa5ac360bbd03922963cbae0d58ec6a6b69c37906f19be8
SHA512

8edae475e16567182948bce019ba19e8d19a9a1ee230ad93c2e78a274c5e8f3094256f8df76fc67715dc3d2c74e263e07c93c4944d353f3f2d159eac41ad32aa
SSDEEP

12288:7vm78DZ39lPrvc0hHNUcsdY0sIiEoZzZ9KClmpQGWpt:7vm78Z9lPTcq+csu0sIiEoAClmp0H

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01041fe245004a237aa5ac360bbd03922963cbae0d58ec6a6b69c37906f19be8_NeikiAnalytics.exe

Files

01041fe245004a237aa5ac360bbd03922963cbae0d58ec6a6b69c37906f19be8_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

162969d1b85b5cbd47be94727acabb0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr
IsBadCodePtr
GetCurrentProcessId
GetEnvironmentVariableA
SetEnvironmentVariableA
RtlMoveMemory
VirtualAlloc
TlsAlloc
TlsGetValue
TlsSetValue
CreateToolhelp32Snapshot
Module32First
Module32Next
CloseHandle
GetCurrentThreadId
LCMapStringA
GlobalAlloc
GlobalFree
VirtualQuery
ExitProcess
GetModuleHandleA
GetProcAddress
GetCurrentThread
ExitThread
lstrlenW
WideCharToMultiByte
OpenProcess
CopyFileA
VirtualAllocEx
GetTempFileNameA
GetSystemDirectoryA
VirtualFreeEx
MultiByteToWideChar
GlobalLock
GlobalUnlock
lstrcpyn
GlobalSize
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
LocalAlloc
CreateRemoteThread
ReadProcessMemory
GetTickCount
LoadLibraryA
FreeLibrary
GetCommandLineA
GetCurrentDirectoryA
GetDiskFreeSpaceA
MulDiv
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetLocalTime
Process32Next
Process32First
WriteFile
SetFilePointer
TerminateProcess
GlobalMemoryStatus
GetWindowsDirectoryA
lstrcpyA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
GetVersion
DeleteCriticalSection
SetSystemPowerState
GlobalReAlloc
UnmapViewOfFile
MapViewOfFile
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
SetEndOfFile
lstrcmpiA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GlobalHandle
TlsFree
LocalReAlloc
SetErrorMode
GlobalFlags
WritePrivateProfileStringA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
InterlockedExchange
GetUserDefaultLCID
DeleteFileA
GetFileSize
CreateIoCompletionPort
HeapCreate
CreateThread
GetLastError
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReadFile
Sleep
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
VirtualProtect
FlushInstructionCache
GetCurrentProcess
VirtualFree
QueryDosDeviceA
GetLogicalDriveStringsA
GetTempPathA
GetVersionExA
lstrcpynA
CreateFileA
GetThreadTimes
OpenThread
RtlZeroMemory
lstrlenA
LocalFree

shlwapi

PathFileExistsA
PathFindFileNameA

ws2_32

htonl
WSASend
htons
inet_addr
connect
closesocket
WSASocketA
send
WSARecv
gethostbyname
WSACleanup
getsockname
recvfrom
WSAStartup
ntohs
inet_ntoa
gethostname
socket
sendto
listen
bind
accept
__WSAFDIsSet
select
recv
getpeername

user32

LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
BeginPaint
EndPaint
UnhookWindowsHookEx
DestroyWindow
CreateDialogIndirectParamA
EndDialog
SendDlgItemMessageA
IsDialogMessageA
SetWindowTextA
GetDlgCtrlID
MoveWindow
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
GetMessagePos
GetMessageTime
RemovePropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
WinHelpA
GetCapture
GetTopWindow
AdjustWindowRectEx
MapWindowPoints
LoadIconA
UnregisterClassA
GetNextDlgTabItem
LoadStringA
GetMenuState
DestroyMenu
WindowFromDC
GetPropA
CallWindowProcA
GetSysColor
GetClassInfoA
DefWindowProcA
LoadCursorA
PostMessageA
CopyRect
SetRect
GetClientRect
InvalidateRect
ExitWindowsEx
SetForegroundWindow
SetActiveWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
EnableWindow
GetParent
PtInRect
GetWindowLongA
GetWindowTextA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
FindWindowA
IsWindow
SendMessageA
GetWindowRect
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
wvsprintfA
MessageBoxA
GetDesktopWindow
GetWindow
GetWindowThreadProcessId
GetClassNameA
GetWindowTextLengthW
IsWindowVisible
GetCursorInfo
GetIconInfo
GetDC
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
EnableMenuItem
GetFocus
GetLastActivePopup
SetCursor
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
GetSysColorBrush
DrawIcon
ReleaseDC
PostThreadMessageA
MsgWaitForMultipleObjects
EnumWindows
RegisterWindowMessageA
wsprintfA
GetSystemMetrics
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
SetPropA

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetClipBox
MoveToEx
LineTo
CreateBitmap
ScaleViewportExtEx
CreatePalette
CreateDIBitmap
GetNearestPaletteIndex
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBrushIndirect
CreatePenIndirect
RestoreDC
SaveDC
SetWindowOrgEx
CreateFontIndirectA
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkMode
SetBkColor
Rectangle
CreateDIBSection
GdiFlush
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
GetObjectA
GetStockObject

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
OleRun
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CoRevokeClassObject
GetHGlobalFromStream
OleUninitialize
CoRegisterMessageFilter
CoFreeUnusedLibraries

psapi

GetModuleFileNameExA

gdiplus

GdipSaveImageToStream
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipDisposeImage

mswsock

AcceptEx

oleaut32

VariantChangeType
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
SysFreeString
SafeArrayAccessData

oledlg

ord8

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

shell32

SHGetSpecialFolderPathA

comctl32

_TrackMouseEvent
ord17

Exports

Exports

info

Sections

.text
Size: 496KB - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

162969d1b85b5cbd47be94727acabb0a

Headers

File Characteristics

Imports

kernel32

shlwapi

ws2_32

user32

gdi32

advapi32

ole32

psapi

gdiplus

mswsock

oleaut32

oledlg

winspool.drv

shell32

comctl32

Exports

Exports

Sections

.text Size: 496KB - Virtual size: 492KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 164KB - Virtual size: 366KB

.reloc Size: 52KB - Virtual size: 48KB

.text
Size: 496KB - Virtual size: 492KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 164KB - Virtual size: 366KB

.reloc
Size: 52KB - Virtual size: 48KB