blackmoon | 0f212b57e2233a19c2d89a4fffdbbf0d

Sharing

Copy URL

Twitter E-mail

General

Target

0f212b57e2233a19c2d89a4fffdbbf0d
Size

6.7MB
MD5

0f212b57e2233a19c2d89a4fffdbbf0d
SHA1

8f720fd2be5a828ceadf94d0ed25fa45c7016af2
SHA256

1fd5182fa9faea228d4e3850c8a3e6f2de458f61d19a907abe4ecf8a3fe8b893
SHA512

8dddbe3f80f1efa59a51e75d878a86a2f2423618fd3c8606ef0ab5da571ae9320411007249133eda524446c4ffa2dd02f6f767a78cd51869a854129bc9ac5e66
SSDEEP

98304:WYp0c8cNCsWVL4sCbO7xTnWgMG/158lKCkZ1XsDJFw7SFEk+JosO6uvSt:WYp1NgVL4HK00XcJFJFEkoos/uY

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

0f212b57e2233a19c2d89a4fffdbbf0d
.exe windows x86

74524015021a7aea83b275c229614d70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
SetActiveWindow
EndDialog
GetDlgCtrlID
GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
CreateWindowExA
SetMenuItemBitmaps
GetSubMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetActiveWindow
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
FindWindowA
GetSystemMetrics
IsWindowEnabled
EnableWindow
PostMessageA
GetWindow
PtInRect
GetMenuItemID
GetClipboardData
CreateDialogIndirectParamA
SetWindowTextA
GetDlgItem
ScreenToClient
GetWindowLongA
GetWindowTextLengthA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
DestroyIcon
CallWindowProcA
SetWindowLongA
GetParent
GetCursorPos
SetCaretPos
GetKeyState
DestroyCaret
CreateCaret
GetIconInfo
RedrawWindow
SetWindowRgn
IsRectEmpty
GetWindowTextW
GetDC
SetFocus
GetFocus
SetCapture
IsZoomed
SendMessageA
TrackMouseEvent
SetWindowLongW
GetWindowLongW
ReleaseDC
EndPaint
BeginPaint
SetCursor
CallWindowProcW
ReleaseCapture
SetTimer
UpdateLayeredWindow
KillTimer
DefWindowProcW
RegisterClassExW
LoadIconW
LoadCursorW
PostQuitMessage
OpenIcon
IsIconic
GetClassNameA
GetWindowTextA
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
MessageBoxA
DestroyWindow
MsgWaitForMultipleObjects
RemovePropW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowPos
GetPropW
SetForegroundWindow
MessageBeep
MoveWindow
SetPropW
GetWindowRect
IsWindow
PostMessageW
GetClassLongA
SystemParametersInfoA
UpdateWindow
ShowWindow
SendMessageW
GetMenu
CreateWindowExW

kernel32

HeapReAlloc
IsBadReadPtr
CreateDirectoryA
GetTickCount
GetModuleFileNameA
GetCommandLineA
GetFileSize
GetStartupInfoA
FindNextFileA
FindFirstFileA
FindClose
GetLocalTime
GetUserDefaultLCID
FormatMessageA
GetCurrentDirectoryA
SetCurrentDirectoryA
Sleep
FreeLibrary
LoadLibraryA
LCMapStringA
CreateFileA
HeapFree
UnmapViewOfFile
MapViewOfFile
HeapAlloc
HeapDestroy
WaitForSingleObject
FlushInstructionCache
GetCurrentProcess
GetProcAddress
RtlFillMemory
lstrlenA
DeleteFileA
TerminateProcess
OpenProcess
DeleteCriticalSection
Module32First
GetCurrentProcessId
CreateEventA
OpenEventA
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
ReadFile
WriteFile
SetWaitableTimer
CreateWaitableTimerA
CreateProcessA
CreatePipe
Process32Next
Process32First
GetTimeZoneInformation
FindResourceA
LoadResource
LockResource
lstrcatA
SetLastError
lstrcpyA
GetVersionExA
GetLastError
SetFilePointer
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateToolhelp32Snapshot
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
RtlMoveMemory
lstrcpyn
ExitProcess
MultiByteToWideChar
VirtualFree
GetModuleHandleW
VirtualAlloc
InitializeCriticalSection
GetTempPathA
GetWindowsDirectoryA
CloseHandle
CreateThread
GetVersion
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
MulDiv
LocalFree
FlushFileBuffers
lstrcpynA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
GetSystemTime
RaiseException
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
LCMapStringW
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
InterlockedExchange
GetModuleHandleA
GetProcessHeap
HeapCreate
LocalSize
CreateFileMappingA

gdi32

PtVisible
TextOutA
ExtTextOutA
Escape
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
RectVisible
GetDeviceCaps
GetStockObject
GetObjectA
GetTextExtentPoint32W
GetDIBits
GetObjectW
DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateRoundRectRgn
BitBlt

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
CryptCreateHash

comctl32

ImageList_GetIconSize
ord17
ImageList_GetIcon

iphlpapi

SendARP

shlwapi

PathFileExistsA
PathFindExtensionA
PathFindFileNameA

winmm

timeKillEvent
timeSetEvent

ws2_32

recv
connect
select
getsockopt
closesocket
WSAStartup
WSACleanup
gethostname
gethostbyname
socket
inet_addr
htons
ioctlsocket
setsockopt
send

shell32

SHBrowseForFolderA
DragAcceptFiles
ShellExecuteA
SHGetPathFromIDListA
Shell_NotifyIconA
DragFinish
SHGetSpecialFolderPathA
DragQueryFileA

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CLSIDFromString
OleRun
CoCreateInstance
CLSIDFromProgID

wininet

InternetCrackUrlA
InternetSetOptionA
InternetCanonicalizeUrlA
InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetGetConnectedState
InternetOpenUrlA

gdiplus

GdipDrawImageRectRect
GdipMeasureString
GdipCreateSolidFill
GdipLoadImageFromStream
GdipCreateBitmapFromScan0
GdipDrawRectangle
GdipDeletePen
GdipSetPenDashStyle
GdipDrawPath
GdipSetStringFormatMeasurableCharacterRanges
GdipCreateRegion
GdipMeasureCharacterRanges
GdipGetImageGraphicsContext
GdipFillRectangle
GdipDrawImageRect
GdipDeleteGraphics
GdipLoadImageFromFile
GdipGetStringFormatFlags
GdipSetStringFormatHotkeyPrefix
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipGetFamilyName
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetClipRegion
GdipSetClipRect
GdipGetVisibleClipBounds
GdipCreateImageAttributes
GdipDeleteBrush
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipResetClip
GdipDeleteStringFormat
GdipGetFontSize
GdipGetFontStyle
GdipDeletePath
GdipCloneBitmapArea
GdipGraphicsClear
GdipCreatePath
GdipGetRegionBounds
GdipDeleteRegion
GdipBitmapGetPixel
GdipDrawString
GdipAddPathArc
GdipClosePathFigure
GdipSetClipPath
GdipFillPath
GdipCreateLineBrushFromRect
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatTrimming
GdipCreateStringFormat
GdipDrawPolygon
GdipFillPolygon
GdipDeleteMatrix
GdipGetRegionScans
GdipGetRegionScansCount
GdipCreateMatrix
GdipCombineRegionRect
GdipSetStringFormatAlign
GdipGetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipGetFontHeight
GdipImageSelectActiveFrame
GdipCreateBitmapFromHICON
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipCreatePathGradientFromPath
GdipCreateRegionHrgn
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipGetImagePixelFormat

odbc32

ord30
ord43
ord8
ord18
ord39
ord29
ord76
ord36
ord31
ord9
ord41
ord75
ord24
ord12
ord72
ord19
ord20
ord32
ord11

imm32

ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext
ImmAssociateContext

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
VariantChangeType
SafeArrayUnaccessData

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

rasapi32

RasGetConnectStatusA
RasHangUpA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.5MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

74524015021a7aea83b275c229614d70

Headers

File Characteristics

Imports

user32

kernel32

gdi32

advapi32

comctl32

iphlpapi

shlwapi

winmm

ws2_32

shell32

ole32

wininet

gdiplus

odbc32

imm32

oledlg

oleaut32

winspool.drv

rasapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 5.5MB - Virtual size: 5.6MB

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 5.5MB - Virtual size: 5.6MB

.rsrc
Size: 28KB - Virtual size: 25KB