blackmoon | c72944252c639998760148dc675fbb909f0169499509fedfbd21d9fe6d8405e1

Sharing

Copy URL Twitter E-mail

General

Target

c72944252c639998760148dc675fbb909f0169499509fedfbd21d9fe6d8405e1
Size

132KB
MD5

d4458692d11a3cf07e14daf3def262da
SHA1

fb86e528550727ae48ec7629195840928898c8ee
SHA256

c72944252c639998760148dc675fbb909f0169499509fedfbd21d9fe6d8405e1
SHA512

558f64195c08971e76d38239159f8e99e8d3b3d16c2bc3013730f399c2bf5ff607c9fd822540c7b8170aae2a4a9d58e0f76ea77dee92d38aa6e0ed04d0b1e39f
SSDEEP

1536:z/P+MlrprL3idw9T8it15IBYxewyOzfVkCBlTs5:zprTidw9Tpzxew5B/m

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

c72944252c639998760148dc675fbb909f0169499509fedfbd21d9fe6d8405e1
.dll windows x86

68600a01b56f5960af49d5b470142e8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
CreateThread
HeapFree
LocalSize
ExitProcess
HeapReAlloc
CreateRemoteThread
GetPrivateProfileStringA
LCMapStringA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
UnmapViewOfFile
RtlMoveMemory
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
HeapAlloc
GetProcessHeap
CloseHandle
WriteProcessMemory
ReadProcessMemory
GetModuleHandleA
VirtualFreeEx
VirtualQueryEx
VirtualAllocEx
IsBadReadPtr
GetModuleFileNameA
VirtualQuery

user32

SetClassLongA
FillRect
GetSysColor
IsIconic
IsZoomed
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
DestroyIcon
UnregisterHotKey
GetMessageA
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetActiveWindow
RegisterClassExA
CreateMenu
CreatePopupMenu
GetSystemMenu
LoadMenuA
DestroyMenu
AppendMenuA
GetClassLongA
InsertMenuA
SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
SetForegroundWindow
SetPropA
GetMenuStringA
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
TrackMouseEvent
SetCursor
SetRect
SetWindowRgn
RemovePropA
GetMenuItemCount
GetPropA
LoadCursorA
DefMDIChildProcA
SendMessageA
DefWindowProcA
DestroyWindow
GetClientRect
GetAsyncKeyState
EndPaint
BeginPaint
KillTimer
SetTimer
IsWindow
RegisterWindowMessageA
CallWindowProcA
SetWindowLongA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageA
SetWindowPos
MoveWindow
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
GetParent
GetWindowRect
GetFocus
SetFocus
GetClassNameA
GetDlgItem
GetWindowLongA
CreateWindowExA
DestroyCursor
TrackPopupMenu
PostQuitMessage
RegisterHotKey

atl

ord42

shell32

Shell_NotifyIconA
DragFinish
DragQueryFileA
DragAcceptFiles

gdi32

DeleteObject
GetObjectA
CreateCompatibleDC
CreateDIBSection
DeleteDC
SelectObject
BitBlt
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
StretchBlt
CreateSolidBrush
CreatePatternBrush
GetStockObject

msvcrt

memmove
__CxxFrameHandler
strncmp
modf
strchr
strrchr
malloc
free
_ftol
atoi
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
_CIfmod

Exports

Exports

InstallHook

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68600a01b56f5960af49d5b470142e8f

Headers

File Characteristics

Imports

kernel32

user32

atl

shell32

gdi32

msvcrt

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 67KB

.rsrc Size: 4KB - Virtual size: 716B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 67KB

.rsrc
Size: 4KB - Virtual size: 716B

.reloc
Size: 4KB - Virtual size: 3KB