blackmoon | 7965d7c90112cd9db7bf72ffdf8552338e05edcda2c867796581e4b18829e51c

Sharing

Copy URL

Twitter E-mail

General

Target

7965d7c90112cd9db7bf72ffdf8552338e05edcda2c867796581e4b18829e51c
Size

348KB
MD5

71e5174bd57134ca904a64d02bfa7780
SHA1

9e68865d2cbb30fa6dc8c9ad4f1fe6cc0d78c57d
SHA256

7965d7c90112cd9db7bf72ffdf8552338e05edcda2c867796581e4b18829e51c
SHA512

1875b07e932f32b03178b6eac3bcae66658c220824b407ddb4f9bdc55b8341853eaff2653caeba10701bdb82182cf1a15c237d584360886e585ce03fa6b54f75
SSDEEP

6144:cBO4djrqO9RFtnRpukWQcJEyp5AWZQ1Sk0OW:azjeIRpHCF5AWZQ6

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

7965d7c90112cd9db7bf72ffdf8552338e05edcda2c867796581e4b18829e51c
.exe windows x86

23213a8947f96776c3652fd3e404af5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
CreateThread
FileTimeToSystemTime
GetTickCount
GetTimeZoneInformation
SetLastError
InterlockedIncrement
InterlockedDecrement
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
GetLastError
lstrcpynA
EnterCriticalSection
lstrcpyA
FreeLibrary
LocalAlloc
LoadLibraryA
InitializeCriticalSection
LeaveCriticalSection
HeapFree
GlobalLock
FileTimeToLocalFileTime
DuplicateHandle
GetCurrentProcess
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetProcAddress
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
lstrcmpiA
GetFileAttributesA
GetFileSize
GetFileTime
lstrcmpA
GetCurrentThreadId
TlsAlloc
GlobalFree
GlobalHandle
TlsFree
GlobalReAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
IsBadWritePtr
VirtualAlloc
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStdHandle
SetHandleCount
LCMapStringW
TerminateProcess
GetFileType
LCMapStringA
GetModuleFileNameA
GetCommandLineA
Sleep
DeleteFileA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CreateFileA
WriteFile
CloseHandle
IsBadReadPtr
HeapReAlloc
LocalSize
ExitProcess
DeleteCriticalSection
HeapAlloc
SetStdHandle
HeapSize
GlobalAlloc
GetACP
GetLocalTime
GetProcessHeap
RtlMoveMemory
GlobalUnlock
GetModuleHandleA
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatA
GetVersion
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
GetDialogBaseUnits
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CreateDialogParamA
DialogBoxParamA
GetClassInfoExA
RegisterClassExA
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageA
MoveWindow
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
GetParent
GetWindowRect
GetFocus
SetFocus
GetClassNameA
IsWindow
GetDlgItem
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
PtInRect
GetSysColorBrush
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
LoadIconA
MapWindowPoints
AdjustWindowRectEx
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetDlgCtrlID
GetMessagePos
GetForegroundWindow
GetWindow
SystemParametersInfoA
GetWindowPlacement
GetLastActivePopup
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
CopyRect
GetKeyState
CallNextHookEx
SetWindowsHookExA
CharUpperA
GetMessageTime
GetWindowLongA
CreateWindowExA
DestroyCursor
SetWindowLongA
PostQuitMessage
DestroyIcon
TrackMouseEvent
SetCursor
LoadCursorA
DefMDIChildProcA
SendMessageA
DestroyWindow
EndDialog
GetClientRect
DefWindowProcA
GetAsyncKeyState
CallWindowProcA
EndPaint
BeginPaint
FindWindowA
SetWindowPos

gdi32

StretchBlt
CreateRoundRectRgn
CombineRgn
ExtCreateRegion
BitBlt
SelectObject
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject
CreatePatternBrush
DeleteDC
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps

atl

ord42

shell32

DragAcceptFiles
Shell_NotifyIconA
DragFinish
DragQueryFileA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA

rasapi32

RasGetConnectStatusA
RasGetEntryDialParamsA
RasEnumEntriesA
RasEnumConnectionsA
RasHangUpA
RasDialA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

wsock32

select
closesocket
recv
send
connect
gethostname
ioctlsocket
gethostbyname
WSASetLastError
socket
setsockopt
WSACleanup
WSAStartup
htons

wininet

InternetCanonicalizeUrlA
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
FtpDeleteFileA
FtpRenameFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpPutFileA
FtpGetFileA
InternetFindNextFileA
FtpFindFirstFileA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA

Sections

.text
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

23213a8947f96776c3652fd3e404af5f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

atl

shell32

advapi32

rasapi32

comdlg32

winspool.drv

comctl32

wsock32

wininet

Sections

.text Size: 200KB - Virtual size: 200KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 108KB - Virtual size: 108KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 200KB - Virtual size: 200KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 108KB - Virtual size: 108KB

.rsrc
Size: 4KB - Virtual size: 4KB