blackmoon | 76a66840bc3a3bb6c5b23dfb29695ab74830c2cb26aaed073c6ba07694df3107

Sharing

Copy URL Twitter E-mail

General

Target

76a66840bc3a3bb6c5b23dfb29695ab74830c2cb26aaed073c6ba07694df3107
Size

1.1MB
MD5

7916728d3d004d91daf3b4e5e9c2ca51
SHA1

b398baa57199300a8ab4603feeb504934ddad4e7
SHA256

76a66840bc3a3bb6c5b23dfb29695ab74830c2cb26aaed073c6ba07694df3107
SHA512

00802aa4834cef6bce982401fe025996b3dfb3acd54f6656fa8474abe16742c1f954aa52cbcd62ca606dc7a3a42b863ed377396a7b8bc435e2b0b160ed8c9f9e
SSDEEP

24576:JF4iEBxfHNOhHY+CC51gr0cfkrLp1sIAqBbopw0wQ:JKHNOhHiC5Pcfk7s/qB

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

76a66840bc3a3bb6c5b23dfb29695ab74830c2cb26aaed073c6ba07694df3107
.exe windows x86

dc075b336d9945c793b7b2beb9f04433

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_ftol
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z

kernel32

GetCommandLineA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetModuleFileNameA
Sleep
CreateFileA
WriteFile
CloseHandle
MoveFileA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
lstrlenA
ReadProcessMemory
GetCurrentProcess
LocalFree
RtlFillMemory
LocalAlloc
FindResourceA
LoadLibraryExA
RtlMoveMemory
lstrcpyn
LocalSize
GetModuleHandleA
LoadResource
LockResource
SizeofResource
lstrcpyA
GlobalAlloc
MultiByteToWideChar
DeleteFileA
FindClose
FindNextFileA
RemoveDirectoryA
CopyFileA
TlsFree
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetVersion
DeviceIoControl
GetTimeZoneInformation
GetSystemDefaultLangID
GetLocaleInfoA
SetFilePointer
ReadFile
Process32Next
Process32First
CreateToolhelp32Snapshot
GlobalFree
GlobalUnlock
GlobalSize
VerLanguageNameA
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
MulDiv
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
lstrcpynA
GetFullPathNameA
GetFileTime
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetSystemTime
GetLocalTime
HeapSize
GetACP
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadCodePtr
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentThreadId
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
WinExec
lstrcatA
WriteProfileStringA
SetLastError
GetProfileStringA
CreateDirectoryA
GetSystemDirectoryA
EnumResourceNamesA
SetFileAttributesA
GetWindowsDirectoryA
GetTempPathA
GlobalMemoryStatus
Module32First
Module32Next
OpenProcess
InterlockedExchange
TerminateProcess
GetDriveTypeA
GetVolumeInformationA
GetLastError
GetFileSize
FindFirstFileA
GetFileAttributesA
GlobalLock

user32

RegisterClassExA
LoadIconA
LoadCursorA
MoveWindow
BeginPaint
EndPaint
InvalidateRect
GetParent
SendMessageA
TrackMouseEvent
IsDialogMessageA
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
MapWindowPoints
GetSysColorBrush
DestroyMenu
CharUpperA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
GetClassInfoExA
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
PostMessageA
WindowFromPoint
GetWindow
PtInRect
EnumWindows
FindWindowExA
IsRectEmpty
GetCursorPos
GetDlgItem
SystemParametersInfoA
ChangeDisplaySettingsA
EnumDisplaySettingsA
SendMessageTimeoutA
FindWindowA
GetWindowThreadProcessId
SetCursorPos
mouse_event
keybd_event
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClassNameA
GetDesktopWindow
ReleaseCapture
EnableWindow
GetSystemMetrics
LoadImageA
VkKeyScanExA
GetKeyboardLayout
SendDlgItemMessageA
GetMenuItemCount
GetDlgCtrlID
LoadStringA
UnregisterClassA
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
LoadBitmapA
GetKeyboardState
DefWindowProcA
IsWindow
GetWindowTextLengthA
GetWindowTextA
SetMenuItemBitmaps
SetCapture
GetDC
GetSysColor
FillRect
PeekMessageA
wsprintfA
MessageBoxA
SetWindowPos
SetWindowRgn
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
EqualRect
IntersectRect
GetWindowLongA
SetWindowLongA
PostQuitMessage
CreateWindowExA
ReleaseDC
CallWindowProcA
GetWindowRect
IsWindowVisible
ShowWindow
UpdateWindow
SetWindowTextA

gdi32

SelectPalette
RealizePalette
SelectObject
CreateCompatibleDC
BitBlt
DeleteDC
CreateSolidBrush
StretchBlt
CreatePatternBrush
DeleteObject
SetBkColor
TextOutA
SetTextColor
CreateDIBitmap
CreateRectRgn
GetPixel
CombineRgn
GetDIBits
CreateDCA
CreateCompatibleBitmap
GetDeviceCaps
RemoveFontResourceA
AddFontResourceA
EnumFontFamiliesExA
GetStockObject
Escape
GetObjectA
ExtTextOutA
RectVisible
PtVisible
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
CreateBitmap

advapi32

InitializeSecurityDescriptor
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
RegOpenKeyExA
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
RegOpenKeyA
RegQueryValueExA
RegCloseKey
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
AddAce
InitializeAcl
FreeSid
AllocateAndInitializeSid
RegGetKeySecurity
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
SetSecurityDescriptorDacl

msimg32

TransparentBlt

iphlpapi

GetAdaptersInfo
SendARP

shlwapi

SHDeleteKeyA
SHDeleteValueA
PathAppendA
PathFileExistsA

mpr

WNetCancelConnection2A
WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA
WNetAddConnection2A

winmm

waveOutGetNumDevs
mciSendStringA
waveOutGetDevCapsA

ws2_32

gethostbyname
gethostname
WSAStartup
gethostbyaddr
WSACleanup
closesocket
connect
htons
socket
sendto
inet_addr
inet_ntoa

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

comdlg32

GetFileTitleA
PrintDlgA

winspool.drv

SetPrinterA
ClosePrinter
DocumentPropertiesA
EnumPrintersA
OpenPrinterA
GetPrinterA

shell32

SHGetSpecialFolderPathA
SHChangeNotify
ShellExecuteA
SHEmptyRecycleBinA

comctl32

ord17

ole32

CoCreateInstance
CoCreateGuid

wininet

InternetCloseHandle
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
InternetGetConnectedState
InternetOpenA
InternetOpenUrlA

Sections

.text
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 812KB - Virtual size: 811KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dc075b336d9945c793b7b2beb9f04433

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

msimg32

iphlpapi

shlwapi

mpr

winmm

ws2_32

version

comdlg32

winspool.drv

shell32

comctl32

ole32

wininet

Sections

.text Size: 260KB - Virtual size: 257KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 812KB - Virtual size: 811KB

.text
Size: 260KB - Virtual size: 257KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 812KB - Virtual size: 811KB