blackmoon | 58947119e881376ffcaa2239372d9490ff2b12fca11ad63cf88090600f5c6747

Sharing

Copy URL Twitter E-mail

General

Target

58947119e881376ffcaa2239372d9490ff2b12fca11ad63cf88090600f5c6747
Size

852KB
MD5

a11e9b5a37c577687832b797bf7c9f1e
SHA1

e5c744c8fbb76202382059908cbeafdef0f2c9d4
SHA256

58947119e881376ffcaa2239372d9490ff2b12fca11ad63cf88090600f5c6747
SHA512

c676e28da233c768790c70316cd1a2d4a6b88a0125fe44377297958fcaaf6d31665c411e6c2fd1c60cddec445618b0b30c2c5c85101bc7e7e88dc8038673ab8e
SSDEEP

12288:fYHDr1n3QU1qIbxvVp1YXXfD8eA40RAful5ypiOZC:fYjr1n3QqqYvVp1YfD8B40R2mypiOZ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

58947119e881376ffcaa2239372d9490ff2b12fca11ad63cf88090600f5c6747
.dll windows x86

336788e998d0e004c247e2df6c1528d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalDeleteAtom
GlobalAlloc
GlobalLock
LocalAlloc
LocalFree
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA
GetVersion
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
GetProcessVersion
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
lstrcmpiA
GetCurrentThread
Sleep
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
LCMapStringA
ReadProcessMemory
GetTickCount
DeleteFileA
CreateFileA
WriteFile
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
VirtualFreeEx
GetCurrentProcessId
MapViewOfFile
OpenFileMappingA
SetProcessWorkingSetSize
GlobalSize
WideCharToMultiByte
DuplicateHandle
GetCurrentProcess
RtlMoveMemory
VirtualAllocEx
TerminateProcess
OpenProcess
MultiByteToWideChar
GetCurrentThreadId
WriteProcessMemory
CloseHandle
SetWaitableTimer
CreateWaitableTimerA

user32

GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
GetMenuItemCount
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostQuitMessage
MsgWaitForMultipleObjects
GetWindowTextA
SetWindowTextA
GetDesktopWindow
GetWindow
IsWindowVisible
GetWindowThreadProcessId
AttachThreadInput
SetActiveWindow
GetGUIThreadInfo
ClientToScreen
SetCursorPos
PostMessageA
GetActiveWindow
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetDlgCtrlID
GetWindowRect

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetBkColor
SelectObject
RestoreDC
SaveDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
GetStockObject
DeleteDC
DeleteObject
GetDeviceCaps
CreateBitmap

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ws2_32

select
closesocket
htons
__WSAFDIsSet
socket
WSAStartup
WSACleanup
connect
send
inet_ntoa
shutdown
ioctlsocket
inet_addr
WSAGetLastError
recv
gethostbyname

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comctl32

ord17

Exports

Exports

RunDllHostCallBack

Sections

.text
Size: 672KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

336788e998d0e004c247e2df6c1528d7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

winspool.drv

comctl32

Exports

Exports

Sections

.text Size: 672KB - Virtual size: 671KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 120KB - Virtual size: 190KB

.rsrc Size: 4KB - Virtual size: 772B

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 672KB - Virtual size: 671KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 120KB - Virtual size: 190KB

.rsrc
Size: 4KB - Virtual size: 772B

.reloc
Size: 32KB - Virtual size: 31KB