blackmoon | 7dc7d098534e56e27f8cc511e3b151bad0746ccf1171ccf71866819ec8f74643

Sharing

Copy URL Twitter E-mail

General

Target

7dc7d098534e56e27f8cc511e3b151bad0746ccf1171ccf71866819ec8f74643
Size

648KB
MD5

685451cf2c199e0200497192354d8254
SHA1

73cda72a9ad9c6118edc609ed19685730037e70d
SHA256

7dc7d098534e56e27f8cc511e3b151bad0746ccf1171ccf71866819ec8f74643
SHA512

059116b8b1d36e6b9c9d818e2884b7f5a3d20895ee9229de8f714ce71cc081f296c17d08d4def8e751e6d82b176f6effb0df72d1a88323547aba2fd5f09e0d3f
SSDEEP

12288:f/c9+0QmZLAdg9mEK2zD5JfpnBdA480QIUzqa2ijABjQiFFD3/F:f/c9pxqg9mEK2ztZpBdA48/IUTINlx

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

7dc7d098534e56e27f8cc511e3b151bad0746ccf1171ccf71866819ec8f74643
.exe windows x86

9aa0cb1bf252ddc0887a5a814a3ef144

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
MapViewOfFile
LockFileEx
LockFile
LocalFree
LoadLibraryW
HeapValidate
HeapSize
HeapDestroy
HeapCreate
GetVersionExA
GetTickCount
GetTempPathW
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileW
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileW
AreFileApisANSI
InterlockedCompareExchange
DeleteCriticalSection
MulDiv
lstrcatA
lstrcpyA
GetCurrentThreadId
CreateThread
lstrcmpiA
lstrcmpA
SetEndOfFile
GlobalAlloc
GlobalLock
LocalAlloc
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
lstrlenA
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
InterlockedIncrement
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
SetErrorMode
GetCurrentProcess
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
TerminateProcess
RaiseException
GetACP
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetEnvironmentVariableA
VirtualFree
VirtualAlloc
IsBadWritePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
Sleep
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WriteFile
CloseHandle
CreateWaitableTimerA
SetWaitableTimer
MultiByteToWideChar
WideCharToMultiByte
RtlMoveMemory
LocalSize
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
ReadFile
SetFilePointer
GetFileSize
CreateFileA
GetFileAttributesA
CreateDirectoryA
GetModuleFileNameA
GetLocalTime
IsBadReadPtr
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleA
lstrcmpW
lstrlenW
GlobalDeleteAtom
RtlZeroMemory
HeapAlloc
GetProcessHeap
GetTimeFormatA
GetDateFormatA
FreeConsole
GetStdHandle
GetCurrentThread
AllocConsole

user32

TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
ReleaseDC
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
PostMessageA
PostQuitMessage
UnregisterHotKey
SetWindowLongA
SetCapture
SendMessageA
ScreenToClient
ReleaseCapture
RegisterHotKey
LoadBitmapA
GetSysColor
GetDC
GetCursorPos
CreateWindowExA
CallWindowProcA
MsgWaitForMultipleObjects
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetMenuItemCount
UnhookWindowsHookEx
AdjustWindowRectEx
UnregisterClassA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA

shlwapi

StrToIntW
StrToIntExW
PathFileExistsA

ws2_32

WSAGetLastError
connect
bind
inet_addr
select
socket
WSAStartup
recvfrom
recv
sendto
__WSAFDIsSet
closesocket
send
htons
ntohs
inet_ntoa
getsockname
getpeername
ioctlsocket
setsockopt
WSACleanup
accept
listen

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetBkColor
SetWindowExtEx
ScaleWindowExtEx
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
TranslateCharsetInfo
GetClipBox
GetDeviceCaps
CreateFontA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
GetStockObject
DeleteObject

oleaut32

VariantTimeToSystemTime

shell32

DragQueryFileA
DragFinish
DragAcceptFiles

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_BeginDrag

Sections

.text
Size: 556KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9aa0cb1bf252ddc0887a5a814a3ef144

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

ws2_32

gdi32

oleaut32

shell32

winspool.drv

comctl32

Sections

.text Size: 556KB - Virtual size: 553KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 48KB - Virtual size: 133KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 556KB - Virtual size: 553KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 48KB - Virtual size: 133KB

.rsrc
Size: 4KB - Virtual size: 664B