blackmoon | 867ddad0e7a4b7ce642b355ab74653a3adaac0f780b088b8aca09987a3b2b5e3

Sharing

Copy URL Twitter E-mail

General

Target

867ddad0e7a4b7ce642b355ab74653a3adaac0f780b088b8aca09987a3b2b5e3
Size

3.2MB
MD5

850ded57d555de224525623495745c4b
SHA1

458db597174253346415fb55310869350d747751
SHA256

867ddad0e7a4b7ce642b355ab74653a3adaac0f780b088b8aca09987a3b2b5e3
SHA512

420da59a8a1937dc7581e23ace380dc65a94a9680e4ef2d886192b5e909c78cee3db09f46f913a6ccd87be852b95eef9cb553d839697623e866995a0e4d3025d
SSDEEP

98304:0LRlnPnwF6VijVlIvFLF8NY1IW9LB3gYFCUg6zmqUIp:wDnPnJYjeJAWxx4UP1Uc

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/Clouds.dll	family_blackmoon

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/date/dm.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/date/dm.dll	upx

Files

867ddad0e7a4b7ce642b355ab74653a3adaac0f780b088b8aca09987a3b2b5e3
.zip
Clouds.dll
.dll windows x86

3830d5bace0158eb96ac232f458bd5f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMenuItemCount
SetWindowTextA
GetDlgCtrlID
UnregisterClassA
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
UnhookWindowsHookEx
GrayStringA
TabbedTextOutA
ClientToScreen
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
DrawTextA
SendDlgItemMessageA
IsDialogMessageA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PostMessageA
PostQuitMessage
UnregisterHotKey
ScreenToClient
RegisterHotKey
LoadBitmapA
GetSysColor
CreateWindowExA
CallWindowProcA
GetParent
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetWindowTextA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
GetDC
ReleaseDC
GetClassNameA
IsWindow
SendMessageA
GetWindowRect
ReleaseCapture
SetCapture
GetSystemMetrics
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
MessageBoxTimeoutA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
MsgWaitForMultipleObjects

kernel32

GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
GlobalFree
GlobalUnlock
GlobalLock
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GetPrivateProfileStringA
GetLocalTime
GetTickCount
WritePrivateProfileStringA
GetModuleFileNameA
GetEnvironmentVariableA
GetProcessHeap
Sleep
GetExitCodeThread
GetVolumeInformationA
CloseHandle
DeviceIoControl
lstrcpyn
CreateFileA
TerminateProcess
GlobalAlloc
InterlockedExchange
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcpynA
FlushFileBuffers
LocalFree
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
MulDiv
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersion
WriteFile
SetFilePointer
GetLastError
GetCurrentProcess
GetVersionExA
lstrcpyA
lstrlenA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
CreateThread

gdi32

GetDeviceCaps
GetObjectA
GetStockObject
SelectObject
DeleteDC
DeleteObject
CreateFontA
TranslateCharsetInfo
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBitmap
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC

ole32

OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CLSIDFromProgID
CoRevokeClassObject
OleFlushClipboard
OleRun
CoCreateInstance
OleIsCurrentClipboard
CLSIDFromString
CoRegisterMessageFilter

iphlpapi

GetAdaptersInfo

oledlg

ord8

oleaut32

SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
VariantChangeType
SysAllocString
SafeArrayDestroy
VariantClear

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

shell32

DragFinish
DragQueryFileA
DragAcceptFiles

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_BeginDrag

Exports

Exports

ApiCall
Areg
Checktime
Discount
GetInfo
ISreg
Initialization
Inquiry
JData
QTime
Reg
Tie
Timingbox
Tips
Trial

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c0
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MSN.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.textbss
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
date/SkinH_VB6.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

.Hmily
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.52PoJie
Size: 96KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
date/bd.txt
date/dm.dll
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
CBFunA
CBFunB
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 684KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 753KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
date/skinh.she
下载说明.htm
.html .js
使用说明.doc
.doc windows office2003
软件说明.txt

Sharing

General

Malware Config

Signatures

Files

3830d5bace0158eb96ac232f458bd5f8

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ole32

iphlpapi

oledlg

oleaut32

winspool.drv

advapi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 28KB - Virtual size: 142KB

.c0 Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 12KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 692B

Headers

File Characteristics

Sections

.textbss Size: - Virtual size: 1.8MB

.text Size: 8KB - Virtual size: 8KB

.data Size: 316KB - Virtual size: 316KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

File Characteristics

Exports

Exports

Sections

.Hmily Size: - Virtual size: 228KB

.52PoJie Size: 96KB - Virtual size: 112KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 684KB

UPX1 Size: 753KB - Virtual size: 756KB

.rsrc Size: 50KB - Virtual size: 52KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 28KB - Virtual size: 142KB

.c0
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 692B

.textbss
Size: - Virtual size: 1.8MB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 316KB - Virtual size: 316KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.Hmily
Size: - Virtual size: 228KB

.52PoJie
Size: 96KB - Virtual size: 112KB

UPX0
Size: - Virtual size: 684KB

UPX1
Size: 753KB - Virtual size: 756KB

.rsrc
Size: 50KB - Virtual size: 52KB