blackmoon | 194af0266a7966a528382549997259dd790888d8be0cfba5f24840eac408409e

Sharing

Copy URL Twitter E-mail

General

Target

194af0266a7966a528382549997259dd790888d8be0cfba5f24840eac408409e
Size

260KB
MD5

61778c9d597d6438e7d3f26a9f81042c
SHA1

64a1876db21eff17452cd1022333a4d33129e651
SHA256

194af0266a7966a528382549997259dd790888d8be0cfba5f24840eac408409e
SHA512

a3eef4725b54fd4243b85d8cdcc6193c9f503cf84a96b1d1fc532c08b9b92a654c47387a7461cfcfc7c557fbd69af650b60c98b99c8bdc4dbac39985f2990c7c
SSDEEP

3072:1si2L/ZKufk4IELPVrhhK6dJH5qmihg2IwxWISUW7RAhIjzUt216eDlpZestr4Dr:1sLrkCLPj7kthg2IwxvSUW9Gyz/aD7b

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

194af0266a7966a528382549997259dd790888d8be0cfba5f24840eac408409e
.exe windows x86

5cef382fb8a0cabc77b7e4b8809b1cb4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
GetCommandLineA
LCMapStringA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
RaiseException
LCMapStringW
GetProcAddress
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetVersion
GetStartupInfoA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
CloseHandle
GetEnvironmentVariableA
GetLocalTime
SetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCurrentThreadId
RtlZeroMemory
LocalSize
lstrcpynA
ReadProcessMemory
GetCurrentProcess
RtlMoveMemory
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
WriteFile
MulDiv

user32

SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
InsertMenuA
SetMenuItemInfoA
AppendMenuA
DestroyMenu
CreatePopupMenu
CreateMenu
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
DialogBoxParamA
DispatchMessageA
CheckMenuItem
GetMenuItemCount
SetMenuInfo
TranslateMessage
MenuItemFromPoint
GetMessageA
CreateDialogParamA
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
LoadIconA
IsWindow
GetDC
ReleaseDC
SetWindowLongA
GetWindowLongA
LoadCursorA
SetCursor
GetCapture
GetClientRect
ReleaseCapture
InvalidateRect
SetCapture
BeginPaint
DrawTextA
EndPaint
CallWindowProcA
SendMessageA
IsIconic
RegisterClassExA
GetMenuDefaultItem
GetSubMenu
GetMenuInfo
GetMenuState
GetMenuCheckMarkDimensions
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
TranslateAcceleratorA
GetSysColor
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageA
SetWindowPos
MoveWindow
ScreenToClient
GetWindowRect
UpdateWindow
ValidateRect
GetFocus
SetFocus
GetDlgItem
DefWindowProcA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PostQuitMessage
UnregisterClassA
DestroyIcon
DestroyWindow
EndDialog
FillRect
DestroyAcceleratorTable
GetAsyncKeyState
GetParent
ClientToScreen
DefFrameProcA
GetCursorPos
wvsprintfA
CreateWindowExA
GetWindowTextA
RemoveMenu

gdi32

GetObjectA
CreateFontA
CreatePatternBrush
CreateSolidBrush
SetBkColor
GetStockObject
SetBkMode
SetTextColor
SelectObject
CreateFontIndirectA
DeleteObject
GetDeviceCaps

shell32

ShellExecuteA
Shell_NotifyIconA

advapi32

CryptAcquireContextA
CryptReleaseContext
RegOpenKeyA
RegQueryValueExA
RegCloseKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash

wininet

InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
InternetReadFile
DeleteUrlCacheEntryA
HttpQueryInfoA

ole32

CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize

comctl32

InitCommonControlsEx

oleaut32

VariantClear
LoadTypeLi
RegisterTypeLi
SafeArrayCreate
SysAllocString
SafeArrayDestroy

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5cef382fb8a0cabc77b7e4b8809b1cb4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

wininet

ole32

comctl32

oleaut32

Sections

.text Size: 204KB - Virtual size: 203KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 24KB - Virtual size: 77KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 204KB - Virtual size: 203KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 24KB - Virtual size: 77KB

.rsrc
Size: 20KB - Virtual size: 16KB