blackmoon | d99acfbf1d8bbb5644d1a8fbf80a6feacfe1e551dfa0743fa0d1a13f02308024

Sharing

Copy URL Twitter E-mail

General

Target

d99acfbf1d8bbb5644d1a8fbf80a6feacfe1e551dfa0743fa0d1a13f02308024
Size

1.5MB
MD5

031e996643738f22dcbc7022b4e3a251
SHA1

5f7a436510336dc991f919259ad6da202e00df45
SHA256

d99acfbf1d8bbb5644d1a8fbf80a6feacfe1e551dfa0743fa0d1a13f02308024
SHA512

24c05e1bf43d304e04361a0c7df98fad0beae4e57d1618dbe8055b3fab29ad154fdb813f7638da107a7e9e61e0ff88a6447d9021a05b43ef33881bc143786981
SSDEEP

24576:wcZs04ggTCFvZslrCFVYoG1o4CSMwvzPnPrqpTEwf2FfWl8KuqGavkg3NyNIbbbV:wJO8zeZh+s8KuqGaX0ToIBAUZLY

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

d99acfbf1d8bbb5644d1a8fbf80a6feacfe1e551dfa0743fa0d1a13f02308024
.dll windows x86

a85d3d7d1df3e839b3342bee89c8350f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
CreateWaitableTimerA
LCMapStringA
MoveFileA
SetFilePointer
GlobalLock
GlobalUnlock
GetUserDefaultLCID
GetLocalTime
GetModuleFileNameA
DeleteFileA
GetFileSize
ReadFile
GetTempPathA
GetTickCount
HeapReAlloc
VirtualProtect
FlushInstructionCache
FreeLibrary
LoadLibraryExA
lstrcmpA
InterlockedDecrement
InterlockedIncrement
GetThreadTimes
OpenThread
LoadLibraryA
VirtualFree
ExitThread
GetCurrentThread
GetProcAddress
GlobalFree
GetCurrentThreadId
IsBadReadPtr
lstrcmpiA
Module32Next
Module32First
CreateToolhelp32Snapshot
VirtualQuery
RtlZeroMemory
IsBadWritePtr
CreateThread
WriteFile
CreateFileA
FindClose
FindFirstFileA
ReadProcessMemory
IsBadStringPtrA
LeaveCriticalSection
EnterCriticalSection
ExitProcess
HeapAlloc
HeapFree
GetProcessHeap
lstrlenA
GlobalAlloc
VirtualAlloc
SetEnvironmentVariableA
GetEnvironmentVariableA
GetCurrentProcessId
TlsSetValue
TlsGetValue
TlsAlloc
IsBadCodePtr
WriteProcessMemory
lstrlenW
MultiByteToWideChar
lstrcpyn
RtlMoveMemory
OpenProcess
InitializeCriticalSection
CloseHandle
VirtualQueryEx
GetModuleHandleA
GetCommandLineA
QueryDosDeviceA
GetLogicalDriveStringsA
VirtualFreeEx
GetSystemDirectoryA
WideCharToMultiByte
VirtualAllocEx
CopyFileA
IsWow64Process
GetCurrentProcess
SetWaitableTimer
DeleteCriticalSection
GetWindowsDirectoryA
GetLastError
GetACP
GlobalDeleteAtom
LocalAlloc
LocalFree
GlobalHandle
TlsFree
GlobalReAlloc
LocalReAlloc
SetErrorMode
lstrcatA
lstrcpyA
GetVersion
MulDiv
GlobalFlags
WritePrivateProfileStringA
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
FlushFileBuffers
GetCPInfo
GetOEMCP
RtlUnwind
TerminateProcess
RaiseException
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
GetVersionExA

user32

SendDlgItemMessageA
IsDialogMessageA
SetFocus
GetSystemMetrics
GetWindowPlacement
SystemParametersInfoA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
SetWindowTextA
ClientToScreen
GetDlgCtrlID
GetWindowRect
PtInRect
UnregisterClassA
UnhookWindowsHookEx
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuItemCount
GetPropA
MsgWaitForMultipleObjects
PostMessageA
IsWindowVisible
ShowWindow
IsIconic
SetWindowPos
IsWindow
FindWindowExA
GetWindowThreadProcessId
GetDesktopWindow
GetWindow
GetClassNameA
GetWindowTextA
GetWindowLongA
SetWindowLongA
CallWindowProcA
wvsprintfA
MessageBoxA
EnumWindows
GetAncestor
RegisterWindowMessageA
wsprintfA
DispatchMessageA
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
SetCursor
SendMessageA
PostQuitMessage
SetForegroundWindow
SetActiveWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
TranslateMessage
GetMessageA
ReleaseDC
GetDC
PeekMessageA

ole32

OleInitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
CoInitialize
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID

gdi32

RectVisible
CreateBitmap
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetStockObject
GetObjectA
GetDeviceCaps
PtVisible
TextOutA
ExtTextOutA
Escape

shlwapi

PathFileExistsA
PathFindExtensionA
PathIsDirectoryA
PathRemoveBlanksA
PathFindFileNameA

dbghelp

MakeSureDirectoryPathExists

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comctl32

ord17

Exports

Exports

_��ӳ��

Sections

.text
Size: 628KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 824KB - Virtual size: 822KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a85d3d7d1df3e839b3342bee89c8350f

Headers

File Characteristics

Imports

kernel32

user32

ole32

gdi32

shlwapi

dbghelp

oledlg

oleaut32

advapi32

shell32

winspool.drv

comctl32

Exports

Exports

Sections

.text Size: 628KB - Virtual size: 627KB

.rdata Size: 824KB - Virtual size: 822KB

.data Size: 52KB - Virtual size: 149KB

.rsrc Size: 4KB - Virtual size: 664B

.reloc Size: 40KB - Virtual size: 38KB

.text
Size: 628KB - Virtual size: 627KB

.rdata
Size: 824KB - Virtual size: 822KB

.data
Size: 52KB - Virtual size: 149KB

.rsrc
Size: 4KB - Virtual size: 664B

.reloc
Size: 40KB - Virtual size: 38KB