blackmoon | 25dfd6d7bc78bb2f4a201ef22ba2a41d0883a3882ada71732c25b0551aede40e

Sharing

Copy URL Twitter E-mail

General

Target

25dfd6d7bc78bb2f4a201ef22ba2a41d0883a3882ada71732c25b0551aede40e
Size

316KB
MD5

c7caee99c8cca3ac8057169ed0773e2d
SHA1

d4b35b28c50433d935725b3e9d7fac84ddc2f64d
SHA256

25dfd6d7bc78bb2f4a201ef22ba2a41d0883a3882ada71732c25b0551aede40e
SHA512

253982e4746845345135c92d0b02edfaa53d5d18876d73d3fef77b907cd79f1844e19f78198aeb9fe83a6fcfefbd8165d2d84a2c007fa6e7660d74188f2f5277
SSDEEP

3072:WpCB2/EptgZErDe7wIzRVoLVnQ0hIIs1eQSQUiOKctEsUbQ3Py:aCB2/EptgZErDe7VMG0deL/RDAy

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

25dfd6d7bc78bb2f4a201ef22ba2a41d0883a3882ada71732c25b0551aede40e
.exe windows x86

d14f552d20934dd3b2539be6c33bbc8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GetModuleFileNameA
Sleep
CreateFileA
WriteFile
CloseHandle
IsBadReadPtr
HeapReAlloc
ExitProcess
LocalSize
HeapAlloc
HeapFree
GetProcessHeap
RtlMoveMemory
SetWaitableTimer
CreateWaitableTimerA
InterlockedExchange
SetEnvironmentVariableA
CreateProcessA
GetModuleHandleA
CompareStringW
CompareStringA
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
GetACP
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
SetErrorMode
GetTickCount
GetTimeZoneInformation
SetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
SetFilePointer
GetLastError
GetCurrentProcess
GetVersionExA
TerminateProcess
lstrcpyA
lstrlenA
MultiByteToWideChar
GlobalAlloc
lstrcatA
GetVersion
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
LocalFree
lstrcpynA
LocalAlloc
FlushFileBuffers
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion

user32

PtInRect
GetWindow
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
GetDlgCtrlID
GetWindowPlacement
GetForegroundWindow
GetMessagePos
GetMessageTime
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetCursorPos
AdjustWindowRectEx
MapWindowPoints
LoadIconA
GetSysColorBrush
LoadStringA
SystemParametersInfoA
GetDC
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
GetDialogBaseUnits
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CreateDialogParamA
DialogBoxParamA
GetClassInfoExA
RegisterClassExA
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageA
SetWindowPos
MoveWindow
ReleaseDC
MsgWaitForMultipleObjects
BeginPaint
EndPaint
CallWindowProcA
GetAsyncKeyState
DefWindowProcA
GetClientRect
EndDialog
DestroyWindow
SendMessageA
UpdateWindow
ValidateRect
DefMDIChildProcA
LoadCursorA
SetCursor
TrackMouseEvent
DestroyIcon
PostQuitMessage
SetWindowLongA
DestroyCursor
CreateWindowExA
GetWindowLongA
GetDlgItem
IsWindow
GetClassNameA
SetFocus
GetFocus
GetWindowRect
GetParent
ScreenToClient
InvalidateRect
UnregisterClassA

gdi32

DeleteObject
GetStockObject
GetObjectA
CreateCompatibleDC
CreateDIBSection
DeleteDC
SelectObject
BitBlt
CombineRgn
CreateRoundRectRgn
StretchBlt
CreateSolidBrush
CreatePatternBrush
ExtCreateRegion
GetDeviceCaps
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap

shell32

DragFinish
DragQueryFileA
DragAcceptFiles
Shell_NotifyIconA

atl

ord42

iphlpapi

GetAdaptersInfo

rasapi32

RasGetConnectStatusA
RasHangUpA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comctl32

ord17

wsock32

inet_addr
__WSAFDIsSet
accept
bind
listen
WSACleanup
WSAStartup
gethostname
select
closesocket
recv
send
connect
htons
ioctlsocket
gethostbyname
socket
getpeername
ntohs
htonl
recvfrom
sendto
getsockname

wininet

InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
InternetSetOptionA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetOpenA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d14f552d20934dd3b2539be6c33bbc8f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

atl

iphlpapi

rasapi32

winspool.drv

comctl32

wsock32

wininet

advapi32

Sections

.text Size: 176KB - Virtual size: 173KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 20KB - Virtual size: 180KB

.rsrc Size: 92KB - Virtual size: 91KB

.text
Size: 176KB - Virtual size: 173KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 20KB - Virtual size: 180KB

.rsrc
Size: 92KB - Virtual size: 91KB