blackmoon | d3857ae15c29dc9f363e3c03d041d5c80e4db2389ff6be8e5e4c5cb6c6f44bce

Sharing

Copy URL

Twitter E-mail

General

Target

d3857ae15c29dc9f363e3c03d041d5c80e4db2389ff6be8e5e4c5cb6c6f44bce
Size

812KB
MD5

983aaf29f19ab36a7a942d08b5b15c0c
SHA1

c2d1c7a947116581ad96ac20331d01c1725663b3
SHA256

d3857ae15c29dc9f363e3c03d041d5c80e4db2389ff6be8e5e4c5cb6c6f44bce
SHA512

a2ae99a09575858eb50e4dcdd2df896d1bf18702f5fd9390fa266944885333d220ff967e846153fac6fa05b789f39b2c1ed59e788fe832c230ef760582a1007f
SSDEEP

12288:rTmV7sQs3DVDYLMk0SZcMSOkKq8JfCbu1TwUduiNeNaR:ralQDNgskq8JfCMjnNeN

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

d3857ae15c29dc9f363e3c03d041d5c80e4db2389ff6be8e5e4c5cb6c6f44bce
.dll windows x86

28aff1e833b0c3a90b7da8cb8438c959

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
FreeLibrary
GetModuleFileNameA
GetCommandLineA
GetVersionExA
CreateFileA
WriteFile
GetPrivateProfileStringA
SetLocalTime
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
WideCharToMultiByte
MultiByteToWideChar
GetLocalTime
WritePrivateProfileStringA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
ReadProcessMemory
VirtualQueryEx
GetCurrentProcessId
WriteProcessMemory
GetCurrentProcess
Sleep
CreateThread
GetCurrentThreadId
RtlMoveMemory
VirtualAllocEx
lstrcpyn
GetProcAddress
LoadLibraryA
OpenProcess
SetWaitableTimer
CreateWaitableTimerA
Module32First
CloseHandle
Process32Next
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
TerminateProcess
RtlUnwind
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
InterlockedIncrement
GlobalFlags
MulDiv
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
InterlockedDecrement
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
lstrlenA
Process32First
CreateToolhelp32Snapshot
VirtualQuery
GetModuleFileNameW
VirtualProtect
IsDebuggerPresent
VirtualFree
VirtualAlloc
CreateFileW
GetLastError
SetLastError
ReadFile
LocalFree
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateThread
GetVersion
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
LoadRegTypeLi
SysAllocStringLen
SafeArrayGetElement
VariantCopyInd
SafeArrayCreateVector

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
MessageBoxA
wsprintfA
ClientToScreen
EndDialog
CreateDialogIndirectParamA
DestroyMenu
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
UpdateWindow
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
RegisterWindowMessageA
CopyRect
GetTopWindow
GetCapture
MapVirtualKeyA
EnumChildWindows
ShowWindow
GetForegroundWindow
PostMessageA
SendMessageA
MoveWindow
GetWindowRect
CallWindowProcA
MsgWaitForMultipleObjects
GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
IsWindowVisible
EnumWindows
ReleaseDC
GetDC
GetClientRect
GetSystemMetrics
GetWindowDC
IsRectEmpty
GetParent
GetWindowInfo
PostQuitMessage
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnhookWindowsHookEx
UnregisterClassA
PtInRect
GetDlgCtrlID
GetWindow
SetWindowTextA
GetMenuItemCount
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
WinHelpA
IsDialogMessageA
SetWindowLongA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetTextColor
GetStockObject
DeleteDC
DeleteObject
GetDIBits
GetObjectA
BitBlt
SetViewportOrgEx
CreateDIBSection
CreateCompatibleDC
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetPixel
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetMapMode
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

advapi32

OpenProcessToken
RegOpenKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
LookupPrivilegeValueA
AdjustTokenPrivileges

ole32

CoInitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoTaskMemFree
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

wininet

InternetTimeToSystemTime
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA

mfc42

ord2396
ord5199
ord1089
ord3922
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord2915
ord3346
ord3081
ord3738
ord561
ord815
ord5500
ord1132
ord1131
ord4698
ord5307
ord5289
ord5714
ord4226
ord2486
ord446
ord743
ord825
ord941
ord537
ord6354
ord823
ord5300
ord5302
ord3262
ord1575
ord1176
ord1116
ord800
ord860
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord1601
ord540
ord4003
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord4079

msvcrt

wcstombs
__dllonexit
_initterm
wcschr

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

oledlg

ord8

Exports

Exports

hookcallNpc
hookejcall

Sections

.text
Size: 620KB - Virtual size: 617KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28aff1e833b0c3a90b7da8cb8438c959

Headers

File Characteristics

Imports

kernel32

oleaut32

user32

gdi32

advapi32

ole32

wininet

mfc42

msvcrt

winspool.drv

comctl32

oledlg

Exports

Exports

Sections

.text Size: 620KB - Virtual size: 617KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 96KB - Virtual size: 156KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 52KB - Virtual size: 48KB

.text
Size: 620KB - Virtual size: 617KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 96KB - Virtual size: 156KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 52KB - Virtual size: 48KB