blackmoon | 4b1fd0791fab045e03d8f8441817bc6e

Sharing

Copy URL Twitter E-mail

General

Target

4b1fd0791fab045e03d8f8441817bc6e
Size

6.7MB
MD5

4b1fd0791fab045e03d8f8441817bc6e
SHA1

67760dce14b159afcdf04022e1c2bb84b7f4f5ed
SHA256

bc284da73e85344668d2c26de67ebd08a9c56c477543e9552f1ca5f988cff960
SHA512

9f2b1e0cec1ddcd6ebd6b8169124f0f7e480b00fede907b0406a0f5ed5a4443039f8e5ea91dada7349c83658fda9d4cbbed05510e0beb897662d96033ee5111f
SSDEEP

98304:s9EzuCsWVL4rCbO7xTnWgMG/158lKCkZ1XsDJFw7SFEk+JosOEvv1:cYugVL4uK00XcJFJFEkoosjv

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

4b1fd0791fab045e03d8f8441817bc6e
.exe windows x86

d270d1669a3fae8e5b368c2046c44971

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
SetActiveWindow
EndDialog
GetDlgCtrlID
GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
CreateWindowExA
SetMenuItemBitmaps
GetSubMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetActiveWindow
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
FindWindowA
GetSystemMetrics
IsWindowEnabled
EnableWindow
PostMessageA
GetWindow
PtInRect
GetMenuItemID
GetClipboardData
CreateDialogIndirectParamA
SetWindowTextA
GetDlgItem
ScreenToClient
GetWindowLongA
GetWindowTextLengthA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
DestroyIcon
CallWindowProcA
SetWindowLongA
GetParent
GetCursorPos
SetCaretPos
GetKeyState
DestroyCaret
CreateCaret
GetIconInfo
RedrawWindow
SetWindowRgn
IsRectEmpty
GetWindowTextW
GetDC
SetFocus
GetFocus
SetCapture
IsZoomed
SendMessageA
TrackMouseEvent
SetWindowLongW
GetWindowLongW
ReleaseDC
EndPaint
BeginPaint
SetCursor
CallWindowProcW
ReleaseCapture
SetTimer
UpdateLayeredWindow
KillTimer
DefWindowProcW
RegisterClassExW
LoadIconW
LoadCursorW
PostQuitMessage
OpenIcon
IsIconic
GetClassNameA
GetWindowTextA
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
MessageBoxA
DestroyWindow
MsgWaitForMultipleObjects
RemovePropW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowPos
GetPropW
SetForegroundWindow
MessageBeep
MoveWindow
SetPropW
GetWindowRect
IsWindow
PostMessageW
GetClassLongA
SystemParametersInfoA
UpdateWindow
ShowWindow
SendMessageW
GetMenu
CreateWindowExW

kernel32

HeapReAlloc
IsBadReadPtr
CreateDirectoryA
GetTickCount
GetModuleFileNameA
GetCommandLineA
GetFileSize
GetStartupInfoA
FindNextFileA
FindFirstFileA
FindClose
GetLocalTime
GetUserDefaultLCID
FormatMessageA
GetCurrentDirectoryA
SetCurrentDirectoryA
Sleep
FreeLibrary
LoadLibraryA
LCMapStringA
CreateFileMappingA
CreateFileA
HeapFree
UnmapViewOfFile
MapViewOfFile
HeapAlloc
HeapDestroy
DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
GetProcAddress
RtlFillMemory
lstrlenA
DeleteFileA
TerminateProcess
OpenProcess
Module32First
GetCurrentProcessId
CreateEventA
OpenEventA
WideCharToMultiByte
ReadFile
WriteFile
SetWaitableTimer
CreateWaitableTimerA
CreateProcessA
CreatePipe
Process32Next
GetTimeZoneInformation
FindResourceA
LoadResource
LockResource
lstrcatA
SetLastError
lstrcpyA
GetVersionExA
GetLastError
SetFilePointer
CompareStringA
CompareStringW
SetEnvironmentVariableA
Process32First
CreateToolhelp32Snapshot
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
RtlMoveMemory
ExitProcess
LocalSize
MultiByteToWideChar
VirtualFree
VirtualAlloc
GetModuleHandleW
GetTempPathA
GetWindowsDirectoryA
CloseHandle
CreateThread
GetVersion
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
MulDiv
LocalFree
FlushFileBuffers
lstrcpynA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
GetSystemTime
RaiseException
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
LCMapStringW
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
InterlockedExchange
GetModuleHandleA
GetProcessHeap
InitializeCriticalSection
lstrcpyn
HeapCreate

gdi32

PtVisible
TextOutA
ExtTextOutA
Escape
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
RectVisible
GetDeviceCaps
GetStockObject
GetObjectA
GetTextExtentPoint32W
GetDIBits
GetObjectW
DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateRoundRectRgn
BitBlt

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
CryptCreateHash

comctl32

ImageList_GetIconSize
ord17
ImageList_GetIcon

iphlpapi

SendARP

shlwapi

PathFileExistsA
PathFindExtensionA
PathFindFileNameA

winmm

timeKillEvent
timeSetEvent

ws2_32

recv
connect
select
getsockopt
closesocket
WSAStartup
WSACleanup
gethostname
gethostbyname
socket
inet_addr
htons
ioctlsocket
setsockopt
send

shell32

SHBrowseForFolderA
DragAcceptFiles
ShellExecuteA
SHGetPathFromIDListA
Shell_NotifyIconA
DragFinish
SHGetSpecialFolderPathA
DragQueryFileA

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CLSIDFromString
OleRun
CoCreateInstance
CLSIDFromProgID

wininet

InternetCrackUrlA
InternetSetOptionA
InternetCanonicalizeUrlA
InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetGetConnectedState
InternetOpenUrlA

gdiplus

GdipDrawImageRectRect
GdipMeasureString
GdipCreateSolidFill
GdipLoadImageFromStream
GdipCreateBitmapFromScan0
GdipDrawRectangle
GdipDeletePen
GdipSetPenDashStyle
GdipDrawPath
GdipSetStringFormatMeasurableCharacterRanges
GdipCreateRegion
GdipMeasureCharacterRanges
GdipGetImageGraphicsContext
GdipFillRectangle
GdipDrawImageRect
GdipDeleteGraphics
GdipLoadImageFromFile
GdipGetStringFormatFlags
GdipSetStringFormatHotkeyPrefix
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipGetFamilyName
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetClipRegion
GdipSetClipRect
GdipGetVisibleClipBounds
GdipCreateImageAttributes
GdipDeleteBrush
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipResetClip
GdipDeleteStringFormat
GdipGetFontSize
GdipGetFontStyle
GdipDeletePath
GdipCloneBitmapArea
GdipGraphicsClear
GdipCreatePath
GdipGetRegionBounds
GdipDeleteRegion
GdipBitmapGetPixel
GdipDrawString
GdipAddPathArc
GdipClosePathFigure
GdipSetClipPath
GdipFillPath
GdipCreateLineBrushFromRect
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatTrimming
GdipCreateStringFormat
GdipDrawPolygon
GdipFillPolygon
GdipDeleteMatrix
GdipGetRegionScans
GdipGetRegionScansCount
GdipCreateMatrix
GdipCombineRegionRect
GdipSetStringFormatAlign
GdipGetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipGetFontHeight
GdipImageSelectActiveFrame
GdipCreateBitmapFromHICON
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipCreatePathGradientFromPath
GdipCreateRegionHrgn
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipGetImagePixelFormat

odbc32

ord30
ord43
ord8
ord18
ord39
ord29
ord76
ord36
ord31
ord9
ord41
ord75
ord24
ord12
ord72
ord19
ord20
ord32
ord11

imm32

ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext
ImmAssociateContext

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
VariantChangeType
SafeArrayUnaccessData

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

rasapi32

RasGetConnectStatusA
RasHangUpA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.5MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d270d1669a3fae8e5b368c2046c44971

Headers

File Characteristics

Imports

user32

kernel32

gdi32

advapi32

comctl32

iphlpapi

shlwapi

winmm

ws2_32

shell32

ole32

wininet

gdiplus

odbc32

imm32

oledlg

oleaut32

winspool.drv

rasapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 5.5MB - Virtual size: 5.6MB

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 5.5MB - Virtual size: 5.6MB

.rsrc
Size: 28KB - Virtual size: 25KB