blackmoon | 70693752257969d6820956edddec307bfad59653a78e864181c176cae7c53583

Sharing

Copy URL Twitter E-mail

General

Target

70693752257969d6820956edddec307bfad59653a78e864181c176cae7c53583
Size

796KB
MD5

646bebf0aa0db54590cec342430d2f70
SHA1

de8cf1d3d43afd0cee6a3e023966b295caf78698
SHA256

70693752257969d6820956edddec307bfad59653a78e864181c176cae7c53583
SHA512

4a09db568d171d06b796116b251cd807a20f3c97694e6b88d348470e0a5c5a804c9be5324433f142233d93d28aa110ba7a8da9c6f4d51f858807c613a02be4c5
SSDEEP

24576:w59Baf3gwGvDCy0uP3kwqaINwnDj558yptI:wOzuvkwqxm3W

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

70693752257969d6820956edddec307bfad59653a78e864181c176cae7c53583
.dll windows x86

3a67a8b652c217d4005ced2f1ae8d6ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
SetFilePointer
ReadFile
DeleteFileA
GetSystemDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
CreateRemoteThread
ReadProcessMemory
VirtualProtect
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
OpenThread
WriteProcessMemory
LoadLibraryExA
FreeLibrary
IsDebuggerPresent
GetVersionExA
GetTempPathA
CopyFileA
QueryDosDeviceA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
GetPrivateProfileStringA
GetTickCount
WritePrivateProfileStringA
GetCommandLineA
LCMapStringA
GetProcAddress
DeleteCriticalSection
CreateThread
CloseHandle
GetLogicalDriveStringsA
LoadLibraryA

user32

PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
KillTimer
SetTimer
CallNextHookEx
SetWindowsHookExA
GetWindowThreadProcessId
FindWindowA
MsgWaitForMultipleObjects
PostThreadMessageA
GetMessageA

shlwapi

PathFileExistsA
PathFindFileNameA

msvcrt

_stricmp
_strnicmp
tolower
??3@YAXPAX@Z
??2@YAPAXI@Z
sprintf
atoi
_ftol
_CIfmod
strncpy
strncmp
floor
srand
rand
strrchr
strchr
modf
free
malloc
memmove
__CxxFrameHandler

Exports

Exports

OsThunkD3dContextCreate
OsThunkD3dContextDestroy
OsThunkD3dContextDestroyAll
OsThunkD3dDrawPrimitives2
OsThunkD3dValidateTextureStageState
OsThunkDdAddAttachedSurface
OsThunkDdAlphaBlt
OsThunkDdAttachSurface
OsThunkDdBeginMoCompFrame
OsThunkDdBlt
OsThunkDdCanCreateD3DBuffer
OsThunkDdCanCreateSurface
OsThunkDdColorControl
OsThunkDdCreateD3DBuffer
OsThunkDdCreateDirectDrawObject
OsThunkDdCreateMoComp
OsThunkDdCreateSurface
OsThunkDdCreateSurfaceEx
OsThunkDdCreateSurfaceObject
OsThunkDdDeleteDirectDrawObject
OsThunkDdDeleteSurfaceObject
OsThunkDdDestroyD3DBuffer
OsThunkDdDestroyMoComp
OsThunkDdDestroySurface
OsThunkDdEndMoCompFrame
OsThunkDdFlip
OsThunkDdFlipToGDISurface
OsThunkDdGetAvailDriverMemory
OsThunkDdGetBltStatus
OsThunkDdGetDC
OsThunkDdGetDriverInfo
OsThunkDdGetDriverState
OsThunkDdGetDxHandle
OsThunkDdGetFlipStatus
OsThunkDdGetInternalMoCompInfo
OsThunkDdGetMoCompBuffInfo
OsThunkDdGetMoCompFormats
OsThunkDdGetMoCompGuids
OsThunkDdGetScanLine
OsThunkDdLock
OsThunkDdLockD3D
OsThunkDdQueryDirectDrawObject
OsThunkDdQueryMoCompStatus
OsThunkDdReenableDirectDrawObject
OsThunkDdReleaseDC
OsThunkDdRenderMoComp
OsThunkDdResetVisrgn
OsThunkDdSetColorKey
OsThunkDdSetExclusiveMode
OsThunkDdSetGammaRamp
OsThunkDdSetOverlayPosition
OsThunkDdUnattachSurface
OsThunkDdUnlock
OsThunkDdUnlockD3D
OsThunkDdUpdateOverlay
OsThunkDdWaitForVerticalBlank
_OsThunkDdCreateFuckTencent

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 612KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a67a8b652c217d4005ced2f1ae8d6ee

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 152KB - Virtual size: 148KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 70KB

.vmp0 Size: 612KB - Virtual size: 611KB

.reloc Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 152KB - Virtual size: 148KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 70KB

.vmp0
Size: 612KB - Virtual size: 611KB

.reloc
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB