blackmoon | e7e8638812264defcb32756580f1e2c024801611531888a13fca00fe4e059040

Sharing

Copy URL Twitter E-mail

General

Target

e7e8638812264defcb32756580f1e2c024801611531888a13fca00fe4e059040
Size

432KB
MD5

6e89a56c28d4ec4e3f1d6575f5e4f825
SHA1

63da4b6b872a8498424ab218860aa42247ca6f83
SHA256

e7e8638812264defcb32756580f1e2c024801611531888a13fca00fe4e059040
SHA512

5b6bb16c3bb558df9186fd4423988cdc7a3a8cf0eff546961938ca88f142ba069e677e6422b193a5db203ca0e368fc59fc86e374fcd8c9368649524913e8b1e1
SSDEEP

6144:JYDSn+YFZ8pgZ/QDcv1WYpcVLoaVcTg2rwQ+Syo:JYDi+YL3ZIDutpcVFRkwQ6

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

e7e8638812264defcb32756580f1e2c024801611531888a13fca00fe4e059040
.dll windows x86

797b9fba1a3e37c57b364fc10664c39c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockFile
UnlockFile
SetEndOfFile
lstrcpynA
GetFullPathNameA
GetFileTime
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetSystemTime
GetLocalTime
HeapSize
GetACP
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
FlushFileBuffers
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadCodePtr
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentThreadId
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
WinExec
lstrcatA
WriteProfileStringA
SetLastError
GetProfileStringA
CreateDirectoryA
GetSystemDirectoryA
EnumResourceNamesA
CopyFileA
Sleep
GetWindowsDirectoryA
GetTempPathA
GlobalMemoryStatus
Module32First
Module32Next
OpenProcess
InterlockedExchange
TerminateProcess
GetDriveTypeA
GetVolumeInformationA
GetLastError
GetFileSize
FindFirstFileA
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
FindNextFileA
FindClose
DeleteFileA
MultiByteToWideChar
GlobalAlloc
LoadLibraryExA
FindResourceA
LoadResource
LockResource
SizeofResource
lstrcpyA
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
WriteFile
ReadFile
SetFilePointer
GetLocaleInfoA
GetSystemDefaultLangID
GetTimeZoneInformation
CreateFileA
DeviceIoControl
lstrlenA
GetVersion
GetVersionExA
LoadLibraryA
GetProcAddress
GetCurrentProcess
FreeLibrary
QueryPerformanceCounter
QueryPerformanceFrequency
TlsFree
DuplicateHandle
MulDiv
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
VerLanguageNameA
GetModuleFileNameA
GetCommandLineA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
CloseHandle
Process32Next
Process32First
VirtualAlloc
CreateToolhelp32Snapshot

user32

DrawTextA
TabbedTextOutA
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
PostMessageA
PostQuitMessage
WindowFromPoint
GetParent
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
EnumWindows
GetWindowTextA
FindWindowExA
IsRectEmpty
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
ChangeDisplaySettingsA
EnumDisplaySettingsA
SendMessageTimeoutA
FindWindowA
GetWindowThreadProcessId
SetCursorPos
mouse_event
keybd_event
OpenClipboard
EmptyClipboard
LoadCursorA
CloseClipboard
GetClassNameA
IsWindow
SendMessageA
GrayStringA
GetWindowRect
ReleaseCapture
SetCapture
GetSystemMetrics
LoadImageA
VkKeyScanExA
GetDC
ReleaseDC
GetKeyboardLayout
SendDlgItemMessageA
GetMenuItemCount
SetWindowTextA
GetDlgCtrlID
LoadStringA
UnregisterClassA
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
LoadBitmapA
DestroyWindow
GetKeyboardState
GetMenu
GetSubMenu
GetMenuItemID
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
IsIconic
GetWindowPlacement
SetFocus
SetWindowPos
IsDialogMessageA
LoadIconA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
UnhookWindowsHookEx
CharUpperA
DestroyMenu
GetDesktopWindow
GetSysColorBrush
SetClipboardData
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
RegisterClassA

gdi32

ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
GetObjectA
RealizePalette
GetDIBits
CreateDCA
CreateCompatibleBitmap
GetPixel
GetDeviceCaps
RemoveFontResourceA
AddFontResourceA
EnumFontFamiliesExA
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
SelectPalette
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
Escape

iphlpapi

GetAdaptersInfo
SendARP

shlwapi

PathAppendA
SHDeleteValueA
SHDeleteKeyA
PathFileExistsA

mpr

WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum
WNetCancelConnection2A
WNetAddConnection2A

winmm

mciSendStringA
waveOutGetDevCapsA
waveOutGetNumDevs

ws2_32

inet_addr
gethostbyname
gethostname
inet_ntoa
gethostbyaddr
WSACleanup
closesocket
connect
sendto
socket
WSAStartup
htons

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

comdlg32

GetFileTitleA
PrintDlgA

winspool.drv

EnumPrintersA
ClosePrinter
DocumentPropertiesA
OpenPrinterA
SetPrinterA
GetPrinterA

advapi32

RegCloseKey
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
AddAce
InitializeAcl
FreeSid
AllocateAndInitializeSid
RegGetKeySecurity
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegDeleteValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
RegDeleteKeyA
RegCreateKeyA
GetTokenInformation
GetLengthSid
RegOpenKeyExA
CopySid

shell32

ShellExecuteA
SHChangeNotify
SHEmptyRecycleBinA
SHGetSpecialFolderPathA

comctl32

ord17

ole32

CoCreateInstance
CoCreateGuid

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

Exports

Exports

Start

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

797b9fba1a3e37c57b364fc10664c39c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

iphlpapi

shlwapi

mpr

winmm

ws2_32

version

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

wininet

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 225KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 132KB - Virtual size: 138KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 228KB - Virtual size: 225KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 132KB - Virtual size: 138KB

.reloc
Size: 24KB - Virtual size: 20KB