blackmoon | 8cc9727b43afa50cf3aca00b2f6ffb20a54c698b02136330c693a895631daf6c

Sharing

Copy URL Twitter E-mail

General

Target

8cc9727b43afa50cf3aca00b2f6ffb20a54c698b02136330c693a895631daf6c
Size

488KB
MD5

36b4973db93133d76a4535b078478c73
SHA1

26d2f059e98b4b6e3d8fa7067c69ac065745ae01
SHA256

8cc9727b43afa50cf3aca00b2f6ffb20a54c698b02136330c693a895631daf6c
SHA512

08ec0c2b67448f94425b8e1a5305c6ad4450c79a45c2a4b4cee51fc3b26e29b992e8b2ecbd1786e64d87d3d65511f715791e19f1395f4acdd98fc2ababda979c
SSDEEP

3072:ZiwzBarqlShFimd4vDl7I/cRXWtNMXtZ47i3qMGVPJ2tk2dpRctgMOZ5avfKlAwj:ZiwzBqqu7yvDhmIWTesmlbSn

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

8cc9727b43afa50cf3aca00b2f6ffb20a54c698b02136330c693a895631daf6c
.exe windows x86

392e343f49182442181b180286eca57c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowDC
CallNextHookEx
EnumChildWindows
RedrawWindow
EnumThreadWindows
UnhookWindowsHookEx
SetWindowsHookExA
DrawTextA
GetWindow
PtInRect
EnumWindows
GetCursorPos
SystemParametersInfoA
DrawFocusRect
GetLastActivePopup
GetKeyState
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetSysColorBrush
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
GrayStringA
CreateDialogIndirectParamA
GetDlgCtrlID
GetWindowPlacement
GetForegroundWindow
GetMessagePos
GetMessageTime
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
FindWindowExA
GetClassNameA
GetWindowTextA
AdjustWindowRectEx
MapWindowPoints
InflateRect
FrameRect
CopyRect
GetMenuCheckMarkDimensions
OffsetRect
GetWindowThreadProcessId
PostMessageA
LoadIconA
LoadStringA
UnregisterClassA
PostThreadMessageA
BeginPaint
EndPaint
CallWindowProcA
GetAsyncKeyState
GetClientRect
DestroyWindow
DefWindowProcA
SendMessageA
DefMDIChildProcA
LoadCursorA
SetCursor
TrackMouseEvent
DestroyIcon
PostQuitMessage
SetWindowLongA
DestroyCursor
CreateWindowExA
GetWindowLongA
GetDlgItem
IsWindow
SetFocus
PeekMessageA
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
ReleaseDC
GetDC
GetDialogBaseUnits
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CreateDialogParamA
DialogBoxParamA
GetClassInfoExA
EndDialog
RegisterClassExA
SetActiveWindow
DispatchMessageA
TranslateMessage
IsDialogMessageA
TranslateAcceleratorA
GetMessageA
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
SetWindowPos
GetFocus
GetWindowRect
GetParent
ScreenToClient
InvalidateRect
ValidateRect
UpdateWindow
MoveWindow

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
CreateFileA
WriteFile
IsBadReadPtr
HeapReAlloc
ExitProcess
LocalSize
HeapAlloc
HeapFree
GetProcessHeap
RtlMoveMemory
GetModuleHandleA
lstrcpyn
CloseHandle
ReadProcessMemory
VirtualQueryEx
TerminateProcess
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcessId
InterlockedExchange
Process32First
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
SetErrorMode
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcpynA
FlushFileBuffers
LocalFree
MulDiv
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
lstrcmpiA
GetCurrentThreadId
GetVersion
FindResourceA
LoadResource
LockResource
lstrcatA
SetLastError
lstrlenA
lstrcpyA
Sleep
GetVersionExA
GetCurrentProcess
GetLastError
SetFilePointer
Process32Next

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetTextMetricsA
Ellipse
Arc
CreateEllipticRgnIndirect
SelectClipRgn
MoveToEx
LineTo
CreatePen
SetPixel
GetTextColor
GetTextExtentPoint32A
GetDeviceCaps
CreateCompatibleBitmap
GetPixel
SetBkMode
SetTextColor
CreatePatternBrush
CreateSolidBrush
StretchBlt
CreateRoundRectRgn
CombineRgn
ExtCreateRegion
BitBlt
SelectObject
DeleteDC
CreateDIBSection
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject
SetBkColor

shell32

DragAcceptFiles
Shell_NotifyIconA
DragFinish
ShellExecuteA
DragQueryFileA

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx

ole32

OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleInitialize
CreateStreamOnHGlobal
OleIsCurrentClipboard

atl

ord42

oledlg

ord8

olepro32

ord251

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VarR8FromBool
VarR8FromCy

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

msimg32

GradientFill

Sections

.text
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

392e343f49182442181b180286eca57c

Headers

File Characteristics

Imports

user32

kernel32

gdi32

shell32

comctl32

ole32

atl

oledlg

olepro32

oleaut32

winspool.drv

advapi32

msimg32

Sections

.text Size: 240KB - Virtual size: 236KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 24KB - Virtual size: 148KB

.rsrc Size: 196KB - Virtual size: 193KB

.text
Size: 240KB - Virtual size: 236KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 24KB - Virtual size: 148KB

.rsrc
Size: 196KB - Virtual size: 193KB