blackmoon | 633f3cff1e259bf29ed64e290fb985fc754f944d64fb39f62c61d353ae0e94fa

Sharing

Copy URL Twitter E-mail

General

Target

633f3cff1e259bf29ed64e290fb985fc754f944d64fb39f62c61d353ae0e94fa
Size

3.5MB
MD5

9a8a9fb38f0f1ef047b626f527038670
SHA1

3f6875e42009ae4383e988966c461584e8ee1a82
SHA256

633f3cff1e259bf29ed64e290fb985fc754f944d64fb39f62c61d353ae0e94fa
SHA512

fbdc80a5e687ff79f35f929dc6e3df27b9426acc03711d0e6ba5c55bf4a1d2af5a7dd1b68f06007955869decab8e8f2eb0eabd271537c154c52bbd223fb126e1
SSDEEP

98304:47bDc0gUA5VccuVZ7TcBTQaW8q4lweCpm:WDCH2zncQPwEM

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

633f3cff1e259bf29ed64e290fb985fc754f944d64fb39f62c61d353ae0e94fa
.dll windows x86

ef1db86488db498976a13807260a8ed8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
FindFirstFileA
FindClose
WriteFile
LCMapStringA
GetUserDefaultLCID
DeleteFileA
GetCommandLineA
FreeLibrary
LoadLibraryA
SetFilePointer
GetTickCount
CreateFileA
GetFileSize
ReadFile
GetModuleFileNameA
GetPrivateProfileStringA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
MultiByteToWideChar
Wow64DisableWow64FsRedirection
GetCurrentThreadId
VirtualProtect
lstrcpyA
lstrcatA
MulDiv
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetModuleHandleA
TerminateProcess
OpenProcess
Process32Next
CloseHandle
Process32First
InitializeCriticalSection
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
CreateToolhelp32Snapshot
CreateThread
GetCurrentProcessId
RtlMoveMemory
Sleep
VirtualFree
VirtualAlloc
GetLocalTime
GlobalMemoryStatusEx
GetProcAddress
IsDebuggerPresent

user32

ClientToScreen
FindWindowA
CreateWindowStationA
SetLayeredWindowAttributes
SetWindowLongA
GetClassNameA
GetWindowTextA
IsWindowVisible
GetWindowLongA
MoveWindow
GetCursorPos
MsgWaitForMultipleObjects
MessageBoxA
GetWindowThreadProcessId
wsprintfA
DispatchMessageA
TranslateMessage
UnregisterHotKey
GetSystemMetrics
GetDC
GetDesktopWindow
GetWindowRect
ReleaseDC
PeekMessageA
GetMessageA
CallWindowProcA
CreateWindowExA
GetSysColor
LoadBitmapA
RegisterHotKey
ReleaseCapture
ScreenToClient
SendMessageA
SetCapture

advapi32

CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize

gdi32

DeleteObject
DeleteDC
GetDIBits
GetObjectA
StretchBlt
SetStretchBltMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
TranslateCharsetInfo
CreateFontA
GetDeviceCaps

shlwapi

PathFileExistsA

ws2_32

closesocket
socket
inet_addr
htons
connect
send
WSAStartup
inet_ntoa
recv
getsockname
ntohs
WSAAsyncSelect
select
WSACleanup
gethostbyname

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA

msvcrt

calloc
_except_handler3
memmove
realloc
strrchr
strchr
_atoi64
__CxxFrameHandler
srand
strtod
??3@YAXPAX@Z
??2@YAPAXI@Z
sprintf
atoi
_ftol
floor
_CIpow
free
malloc
strncpy
strncmp
modf
rand
_CIfmod

oleaut32

VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate

shell32

SHGetSpecialFolderPathA
DragAcceptFiles
DragFinish
DragQueryFileA

comctl32

ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_Add

Exports

Exports

ʮ��ʮ��

Sections

.text
Size: 392KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 608KB - Virtual size: 697KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sfsdf0
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef1db86488db498976a13807260a8ed8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

gdi32

shlwapi

ws2_32

wininet

msvcrt

oleaut32

shell32

comctl32

Exports

Exports

Sections

.text Size: 392KB - Virtual size: 388KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 608KB - Virtual size: 697KB

.sfsdf0 Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 12KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 668B

.text
Size: 392KB - Virtual size: 388KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 608KB - Virtual size: 697KB

.sfsdf0
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 668B