blackmoon | b3a4eaff36fdcb60c58aa53b0041ae55ee415432be1f7a89b6ac6ff981493bb4_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b3a4eaff36fdcb60c58aa53b0041ae55ee415432be1f7a89b6ac6ff981493bb4_NeikiAnalytics.exe
Size

368KB
MD5

1185b02447a3608fc1c25190be6176e0
SHA1

5c2844a0716d438669c6069de310f1fe50ad0d70
SHA256

b3a4eaff36fdcb60c58aa53b0041ae55ee415432be1f7a89b6ac6ff981493bb4
SHA512

9ffc0211723931fd8d4114b69efec56f9307722e03adbe6c80e8b4db9adf6a40c9cc55ef1ab0f1c9bf9d47d12c271bd23e623e11d322f4ecd7a05fe010080194
SSDEEP

3072:ZR8CkLUgS38O2tHZz+RhqFO/CctiijjCqr9V+H5ZmT3Tk8DTi0vlJdQsxVFUV:ZatLUB383tYCoJQH5Zk3bdQsxVw

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3a4eaff36fdcb60c58aa53b0041ae55ee415432be1f7a89b6ac6ff981493bb4_NeikiAnalytics.exe

Files

b3a4eaff36fdcb60c58aa53b0041ae55ee415432be1f7a89b6ac6ff981493bb4_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

e061a65524935b0382a2ce0cb82bc605

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
Sleep
SetFileAttributesA
WriteFile
GetFileSize
ReadFile
GetModuleFileNameA
GetPrivateProfileStringA
IsBadReadPtr
HeapReAlloc
SetStdHandle
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
RtlUnwind
GetStartupInfoA
ExitProcess
LocalSize
HeapAlloc
HeapFree
GetProcessHeap
RtlMoveMemory
GetModuleHandleA
SetWaitableTimer
CreateWaitableTimerA
DeleteFileA
CreateDirectoryW
DeviceIoControl
CreateFileA
GetLastError
MultiByteToWideChar
GetCurrentThreadId
WideCharToMultiByte
lstrlenW
GetTickCount
Process32Next
Process32First
CreateToolhelp32Snapshot
IsBadCodePtr
CreateEventA
OpenEventA
TerminateProcess
CloseHandle
LocalFree
LocalAlloc
GetOEMCP
OpenProcess
GetCurrentProcess
GetCPInfo
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcatA
lstrcpyA
InterlockedIncrement
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
SetErrorMode
SetFilePointer
FlushFileBuffers

user32

wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
RegisterClassExA
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
GetSysColor
PeekMessageA
GetForegroundWindow
GetActiveWindow
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
CallNextHookEx
GetKeyState
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
PtInRect
GetDlgCtrlID
GetWindow
ClientToScreen
UnhookWindowsHookEx
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
FillRect
SystemParametersInfoA
GetMessagePos
GetMessageTime
RegisterClassA
GetClassInfoA
UnregisterClassA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
GetSysColorBrush
LoadStringA
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
SetParent
PostMessageA
MoveWindow
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
GetWindowRect
SetFocus
GetDlgItem
GetWindowLongA
CreateWindowExA
DestroyCursor
SetWindowLongA
PostQuitMessage
DestroyIcon
TrackMouseEvent
SetCursor
LoadCursorA
DefMDIChildProcA
ReleaseCapture
SetCapture
DefWindowProcA
DestroyWindow
GetClientRect
GetAsyncKeyState
CallWindowProcA
EndPaint
BeginPaint
MsgWaitForMultipleObjects
IsWindow
DispatchMessageA
TranslateMessage
IsDialogMessageA
TranslateAcceleratorA
SendMessageA
IsChild
GetFocus
GetMessageA
SetActiveWindow
AttachThreadInput
OpenIcon
IsIconic
SetWindowPos
GetWindowPlacement
WinHelpA
IsWindowVisible
GetWindowTextW
GetWindowTextLengthW
GetClassNameA
GetParent
GetWindowThreadProcessId
FindWindowExA

gdi32

ExtCreateRegion
BitBlt
SelectObject
DeleteDC
SetStretchBltMode
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject
CreateBitmap
CombineRgn
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SaveDC
CreateRoundRectRgn
StretchBlt
CreateSolidBrush
CreatePatternBrush
CreateDIBSection
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx

advapi32

RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA

shell32

SHGetSpecialFolderPathA
DragAcceptFiles
Shell_NotifyIconA
DragFinish
DragQueryFileA
ShellExecuteW

shlwapi

PathIsDirectoryW

atl

ord42

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e061a65524935b0382a2ce0cb82bc605

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

atl

winspool.drv

comctl32

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 172KB - Virtual size: 268KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 172KB - Virtual size: 268KB