blackmoon | 77016b7b2097e31555aa8aa3facf9391c11a34f789889937a7b317cb46f9ce95

Sharing

Copy URL

Twitter E-mail

General

Target

77016b7b2097e31555aa8aa3facf9391c11a34f789889937a7b317cb46f9ce95
Size

2.1MB
MD5

ecfc2ae88f8ed53b8aff5f2f24cbe0fb
SHA1

3ba1f3fa171f0fd0a5fc7887bffb91a0b9f090f7
SHA256

77016b7b2097e31555aa8aa3facf9391c11a34f789889937a7b317cb46f9ce95
SHA512

8b30c43af0065ed08fd62a658ec17a3a2c1007b4176a61ab0b3bc78185ac31f10f433097b60f0cdc71a403bcf7b84dd1ee271e523bb88539dc1b50412ec7ddff
SSDEEP

49152:nv5nAmTjbi8GxsLoI9nGLFS93uQ6sy6PSde:v5nAmTjblNw09+jsy6PSde

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

77016b7b2097e31555aa8aa3facf9391c11a34f789889937a7b317cb46f9ce95
.exe windows x86

e5d1f72061fd4bf5736cd4f6f542191d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
FormatMessageA
GetUserDefaultLCID
GetTickCount
GetEnvironmentVariableA
GetModuleFileNameA
CreateFileA
GetFileSize
ReadFile
CreateDirectoryA
WritePrivateProfileStringA
IsBadReadPtr
HeapReAlloc
GlobalAlloc
WideCharToMultiByte
VirtualFree
VirtualAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
MultiByteToWideChar
LocalSize
GetProcAddress
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
WriteFile
SetErrorMode
GetProcessVersion
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
InterlockedIncrement
lstrcpyA
lstrcatA
InterlockedDecrement
GlobalFlags
MulDiv
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalFree
LocalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GlobalSize
RtlMoveMemory
lstrlenW
CreateThread
GetCurrentProcessId
TerminateProcess
OpenProcess
Module32First
SetWaitableTimer
CreateWaitableTimerW
HeapFree
GlobalFree
GlobalUnlock
GetNativeSystemInfo
GlobalLock
GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
GetLastError
GetVersionExA
GetModuleHandleW
GetProcessHeap
GetWindowsDirectoryA
GetSystemDirectoryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetTempPathA

user32

UpdateLayeredWindow
ReleaseCapture
IsZoomed
IsIconic
LoadCursorFromFileW
SetTimer
PtInRect
ReleaseDC
SetCaretPos
GetCursorPos
CallWindowProcW
TrackMouseEvent
ShowWindow
BeginPaint
EndPaint
SetCapture
GetFocus
SetFocus
SetWindowLongW
SetWindowPos
SetPropA
GetClassLongW
GetWindowTextW
GetParent
SetWindowRgn
GetSystemMetrics
MessageBoxA
wsprintfA
DispatchMessageA
GetMessageA
PeekMessageA
KillTimer
SetCursor
SendMessageA
PostMessageW
RemovePropA
GetPropA
MessageBeep
SetActiveWindow
MoveWindow
GetWindowRect
DestroyWindow
DispatchMessageW
TranslateMessage
SetForegroundWindow
GetMessageW
IsWindow
GetClassNameW
EnableWindow
IsWindowEnabled
GetForegroundWindow
GetActiveWindow
PostQuitMessage
PostMessageA
SendMessageW
GetLastActivePopup
SetWindowsHookExA
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
GetClassNameA
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
InvalidateRect
GetDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
GetWindowPlacement
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
CreateWindowExW
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
MsgWaitForMultipleObjects
CopyImage
SystemParametersInfoA
DefWindowProcW
RegisterClassExW
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
LoadCursorW
IntersectRect
GetAsyncKeyState
GetWindowLongA
GetMenu

advapi32

RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegCloseKey

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconW
ShellExecuteA
ord680

ole32

CLSIDFromProgID
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
StringFromGUID2
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize

gdiplus

GdipCreateHBITMAPFromBitmap
GdipGetCompositingQuality
GdipCreatePathGradientFromPath
GdipDrawPolygon
GdipFillPolygon
GdipCreatePen2
GdipCreateLineBrush
GdipFillPath
GdipClosePathFigure
GdipAddPathArc
GdipCreatePath
GdipDeletePath
GdipDrawPath
GdipCreateRegionHrgn
GdipDeleteRegion
GdipGetRegionBounds
GdipMeasureCharacterRanges
GdipCreateRegion
GdipSetStringFormatMeasurableCharacterRanges
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetStringFormatFlags
GdipGetStringFormatTrimming
GdipGetStringFormatAlign
GdipSetStringFormatFlags
GdiplusStartup
GdipCreateImageAttributes
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipGetFamilyName
GdipGetFontSize
GdipGetFontStyle
GdipMeasureString
GdipGetImagePixelFormat
GdipCloneBitmapArea
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipDisposeImage
GdipLoadImageFromStream
GdipDrawImageRect
GdipSetClipRegion
GdipSetClipRect
GdipDrawRectangle
GdipDeletePen
GdipSetPenDashStyle
GdipResetClip
GdipGetTextRenderingHint
GdipSetStringFormatTrimming
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGraphicsClear
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateStringFormat
GdipSetStringFormatHotkeyPrefix
GdipDeleteStringFormat
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipDeleteBrush
GdipGetFontHeight
GdipCreateSolidFill
GdipDrawString
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetStringFormatAlign
GdipSetTextRenderingHint

oleaut32

VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
OleLoadPicture

dbghelp

MakeSureDirectoryPathExists

shlwapi

PathIsDirectoryA
PathFileExistsA

gdi32

GetStockObject
GetObjectA
GetDIBits
CreateRectRgn
CreateRoundRectRgn
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
BitBlt
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps

imm32

ImmGetContext
ImmAssociateContext

comdlg32

GetOpenFileNameA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comctl32

ord17

oledlg

ord8

Sections

.text
Size: 624KB - Virtual size: 623KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 580KB - Virtual size: 663KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e5d1f72061fd4bf5736cd4f6f542191d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

gdiplus

oleaut32

dbghelp

shlwapi

gdi32

imm32

comdlg32

winspool.drv

comctl32

oledlg

Sections

.text Size: 624KB - Virtual size: 623KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 580KB - Virtual size: 663KB

.rsrc Size: 44KB - Virtual size: 42KB

.text
Size: 624KB - Virtual size: 623KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 580KB - Virtual size: 663KB

.rsrc
Size: 44KB - Virtual size: 42KB