blackmoon | 8a8672134b3d28fb38c32251bd183b2451afb20cf1adaf1a466b48825cdb8363

Sharing

Copy URL

Twitter E-mail

General

Target

8a8672134b3d28fb38c32251bd183b2451afb20cf1adaf1a466b48825cdb8363
Size

51KB
MD5

874fec6c3822f0c0a7e40fd5706d0c68
SHA1

3d03dd1f7f92bd31e0f091260879d35c19c6c46c
SHA256

8a8672134b3d28fb38c32251bd183b2451afb20cf1adaf1a466b48825cdb8363
SHA512

5be77947aeb7dd78030627b060c7d0f2dc526ee5231523663b45b3adf34cdcea29017035085e3810adb3826913be62d852f57cced5308d9b724a88f0c4a35960
SSDEEP

768:VCzG3Tdm5RuKhYGIuA6tVYhQdLHW8yTVxETnftKDu2ok+yGzPg7HaS2M:VicTdOnuGIPQRWLTDgp2ok+fPCaSh

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/防ping端口检测.exe	family_blackmoon

Files

8a8672134b3d28fb38c32251bd183b2451afb20cf1adaf1a466b48825cdb8363
.7z
防ping端口检测.exe
.exe windows x86

791d5a7e1939a1f39df11cef9d6e675b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
LCMapStringA
FlushFileBuffers
SetStdHandle
LCMapStringW
SetFilePointer
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
RaiseException
VirtualAlloc
GetProcAddress
WriteFile
GetCommandLineA
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetVersion
GetStartupInfoA
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
CloseHandle
GetTickCount
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
LocalAlloc
GetCurrentThreadId
LocalFree
lstrcpynA
RtlMoveMemory
lstrcpyn
MulDiv
VirtualFree
GetModuleHandleA

user32

SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
SetForegroundWindow
TrackPopupMenu
GetMenuStringA
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
GetSystemMenu
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
CreatePopupMenu
CreateMenu
KillTimer
SetTimer
GetDialogBaseUnits
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
InsertMenuA
DialogBoxParamA
RegisterClassExA
GetClassInfoExA
RegisterWindowMessageA
DrawMenuBar
GetMessageA
IsWindow
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
LoadIconA
GetDC
ReleaseDC
DestroyIcon
PostQuitMessage
SetWindowPos
BeginPaint
EndPaint
SendMessageA
CallWindowProcA
GetAsyncKeyState
DefWindowProcA
GetClientRect
EndDialog
DestroyWindow
DefMDIChildProcA
SetCursor
TrackMouseEvent
SetWindowLongA
UnhookWindowsHookEx
GetMenuItemCount
LoadMenuA
AppendMenuA
DestroyMenu
CreateDialogParamA
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageA
MoveWindow
ScreenToClient
GetParent
UpdateWindow
ValidateRect
InvalidateRect
GetWindowRect
GetFocus
SetFocus
GetClassNameA
GetDlgItem
GetWindowLongA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
CheckMenuItem

gdi32

GetDeviceCaps
DeleteObject
GetStockObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetObjectA
StretchBlt
CreateSolidBrush
CreatePatternBrush
CreateRoundRectRgn
SetTextColor
SetBkColor
CreateFontA

ws2_32

WSACleanup
WSAStartup
WSAGetLastError
setsockopt
getpeername
getsockname
inet_ntoa
ntohs
recvfrom
sendto
accept
listen
recv
send
closesocket
__WSAFDIsSet
select
connect
gethostbyname
bind
htons
WSASetLastError
inet_addr
htonl
socket

shell32

DragFinish
DragAcceptFiles
Shell_NotifyIconA
DragQueryFileA

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��L�u�
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

791d5a7e1939a1f39df11cef9d6e675b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

shell32

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 72KB

.rsrc Size: 60KB - Virtual size: 57KB

Size: 60KB - Virtual size: 60KB

��L�u� Size: 20KB - Virtual size: 20KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 72KB

.rsrc
Size: 60KB - Virtual size: 57KB

��L�u�
Size: 20KB - Virtual size: 20KB