blackmoon | 873e6e582217c98d57ff5cf21c544489185a0aef8b86e0f1778f1e164c69fcbd

Sharing

Copy URL

Twitter E-mail

General

Target

873e6e582217c98d57ff5cf21c544489185a0aef8b86e0f1778f1e164c69fcbd
Size

1.1MB
MD5

5d497074da94eeeded7d4557eba73e10
SHA1

d61eb79d508b3729e9343a48e16ad098c3f6c4cb
SHA256

873e6e582217c98d57ff5cf21c544489185a0aef8b86e0f1778f1e164c69fcbd
SHA512

5b0bca86bd2d61e03c008c63446376a766af320575509e250a56a9d175c7f471fca5e937cb100c639fab9d08a65931ed219e0c4bef3fcdf82294f5024d4c4bc2
SSDEEP

12288:9MdkE0oB/ja5a1E9QBq/sha9r37fo+Xa//zG91fw4iiFfPdhohXPDQ2KG6CSQ:9MkE0Sa5cbBnhGfBX8K7fF7qfRKGtSQ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

873e6e582217c98d57ff5cf21c544489185a0aef8b86e0f1778f1e164c69fcbd
.dll windows x86

67fdb98f506a791c07eea9ee84eed0e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetTickCount
GetTimeZoneInformation
SetLastError
GlobalFree
GlobalUnlock
GlobalLock
GetFileAttributesA
SetFilePointer
GetCurrentProcess
GetVersionExA
GetDriveTypeA
TerminateProcess
InterlockedDecrement
lstrcpyA
lstrlenA
MultiByteToWideChar
GlobalAlloc
lstrcatA
GetLocaleInfoA
GetVersion
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
WideCharToMultiByte
LocalFree
lstrcpynA
LocalAlloc
FlushFileBuffers
SetEndOfFile
GetFullPathNameA
GlobalHandle
GlobalReAlloc
LocalReAlloc
SetErrorMode
GlobalFlags
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
GetSystemTime
RaiseException
GetACP
HeapSize
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetEnvironmentVariableW
SetEnvironmentVariableA
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
LCMapStringW
SetUnhandledExceptionFilter
IsBadCodePtr
CompareStringA
CompareStringW
GetLocaleInfoW
InterlockedExchange
CreateSemaphoreA
InterlockedIncrement
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
WriteFile
ReadFile
GetWindowsDirectoryA
OpenEventA
OpenFileMappingA
MapViewOfFile
SetEvent
WaitForSingleObject
UnmapViewOfFile
GetLastError
CreateFileA
WaitNamedPipeA
SetNamedPipeHandleState
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GetLocalTime
GetPrivateProfileStringA
DeleteFileA
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap

user32

GetMenuCheckMarkDimensions
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
UnregisterClassA
GetDlgCtrlID
GetMenuItemCount
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
GetClassLongA
CreateWindowExA
LoadBitmapA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
SetWindowTextA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetParent
GetWindow
PtInRect
IsWindowVisible
SetCursor
PostMessageA
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
PostQuitMessage
GetWindowLongA
GetWindowTextA
FindWindowExA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
GetSystemMetrics
SystemParametersInfoA
GetDC
ReleaseDC
GetClassNameA
SendMessageA
GetWindowRect
SetPropA

gdi32

TextOutA
GetClipBox
ScaleWindowExtEx
PtVisible
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutA
Escape
GetStockObject
GetObjectA
SetWindowExtEx
RectVisible
GetDeviceCaps
SelectObject
DeleteDC
DeleteObject

shlwapi

PathFileExistsA

ws2_32

setsockopt
send
recv
getservbyname
connect
WSAGetLastError
getpeername
gethostbyname
WSACleanup
WSAStartup
inet_ntoa
select
socket
closesocket
ntohs
inet_addr
htons
shutdown

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegEnumValueA

rasapi32

RasHangUpA
RasGetConnectStatusA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
FtpPutFileA
FtpGetFileA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA

shell32

ShellExecuteA

Exports

Exports

ftp_��
ftp_�ϴ�
ftp_��
ftp_��
��
��ȡ��¼
��ȡ��ݿ�
��ȡid
��ȡ�û�
��̳
��̳��
ģ��_ȡ�м��ı��
ȡ��ǰʱ��
ȡʱ��
ȡ�û��Ϣ
��ʾ��Ϣ
��Ӽ�¼
Ѱ�Ҽ�¼
��֤��̳

Sections

.text
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 716KB - Virtual size: 909KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

67fdb98f506a791c07eea9ee84eed0e8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shlwapi

ws2_32

advapi32

rasapi32

winspool.drv

comctl32

wininet

shell32

Exports

Exports

Sections

.text Size: 236KB - Virtual size: 234KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 716KB - Virtual size: 909KB

.reloc Size: 40KB - Virtual size: 36KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 236KB - Virtual size: 234KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 716KB - Virtual size: 909KB

.reloc
Size: 40KB - Virtual size: 36KB

.rmnet
Size: 60KB - Virtual size: 60KB