blackmoon | c8a6a909e81abe41f741410ff4792f36d0060a14b6dce9fcb10e6acbc1578f34

Sharing

Copy URL Twitter E-mail

General

Target

c8a6a909e81abe41f741410ff4792f36d0060a14b6dce9fcb10e6acbc1578f34
Size

772KB
MD5

3e95313580354bc9411a856d5f6e635b
SHA1

ca849a5961adefc5ef050ed6c8b67fabc1e8c691
SHA256

c8a6a909e81abe41f741410ff4792f36d0060a14b6dce9fcb10e6acbc1578f34
SHA512

5e262c65eb26c8361db2489bc855c2f48b53cf81fb47a2b852acfe4e98ee82fa12c521892d2073ff8ad640c78a7995726d04791a80df3384fbe4d0e726ea294e
SSDEEP

6144:2CAsQPHIlAIlV6fT+O7Ek72V1KSCuqIjajxsP51xcetsk45ax8VH6F8B2k1GzwQs:luoAIlgaOYZV8VKfcrl5FJ6kAwQ/O9

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

c8a6a909e81abe41f741410ff4792f36d0060a14b6dce9fcb10e6acbc1578f34
.dll windows x86

ac866e0f71f15de62525a634cd334c7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
FindClose
FindFirstFileA
FindNextFileA
CreateFileA
WriteFile
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
lstrlenA
ReadProcessMemory
GetCurrentProcess
LocalFree
RtlFillMemory
LocalAlloc
RtlMoveMemory
lstrcpyn
LocalSize
GetModuleHandleA
GetCurrentThreadId
DeleteFileA
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
TerminateProcess
OpenProcess
CloseHandle
GetLastError
CreateMutexA
GetTickCount
WaitForSingleObject
TlsFree
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetVersion
DeviceIoControl
GetTimeZoneInformation
GetSystemDefaultLangID
GetLocaleInfoA
SetFilePointer
ReadFile
GlobalFree
GlobalUnlock
GlobalSize
GlobalLock
lstrcpyA
SizeofResource
LockResource
LoadResource
FindResourceA
LoadLibraryExA
GlobalAlloc
MultiByteToWideChar
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
GetFileSize
GetVolumeInformationA
GetDriveTypeA
InterlockedExchange
Module32Next
GlobalMemoryStatus
GetTempPathA
GetWindowsDirectoryA
CopyFileA
VerLanguageNameA
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
MulDiv
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
lstrcpynA
GetFullPathNameA
GetFileTime
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetSystemTime
GetLocalTime
HeapSize
GetACP
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadCodePtr
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
WinExec
lstrcatA
WriteProfileStringA
SetLastError
GetProfileStringA
CreateDirectoryA
GetSystemDirectoryA
EnumResourceNamesA

user32

SendMessageA
PostMessageA
SetParent
GetForegroundWindow
GetWindowTextA
FindWindowExA
DispatchMessageA
AttachThreadInput
SetWindowTextA
GetWindowThreadProcessId
SetFocus
GetWindowRect
GetAsyncKeyState
IsWindow
KillTimer
TranslateMessage
GetMessageA
SetTimer
GetFocus
IsDialogMessageA
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
MapWindowPoints
GetSysColorBrush
DestroyMenu
CharUpperA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
WindowFromPoint
GetWindow
PtInRect
EnumWindows
IsRectEmpty
GetDlgItem
SystemParametersInfoA
ChangeDisplaySettingsA
EnumDisplaySettingsA
SendMessageTimeoutA
FindWindowA
SetCursorPos
mouse_event
keybd_event
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClassNameA
GetDesktopWindow
ReleaseCapture
SetCapture
GetSystemMetrics
LoadImageA
VkKeyScanExA
GetKeyboardLayout
SendDlgItemMessageA
GetMenuItemCount
GetDlgCtrlID
LoadStringA
UnregisterClassA
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
LoadBitmapA
GetKeyboardState
PeekMessageA
GetCursorPos
wsprintfA
MessageBoxA
SetWindowPos
SetWindowRgn
DestroyWindow
EqualRect
IntersectRect
SetWindowLongA
GetWindowLongA
PostQuitMessage
CreateWindowExA
GetWindowTextLengthA
EnableWindow
UpdateWindow
ShowWindow
IsWindowVisible
CallWindowProcA
ReleaseDC
FillRect
GetSysColor
GetDC
GetClassInfoExA
RegisterClassExA
LoadIconA
LoadCursorA
MoveWindow
BeginPaint
EndPaint
InvalidateRect
GetParent
TrackMouseEvent
DefWindowProcA

gdi32

RestoreDC
CreateBitmap
RealizePalette
OffsetViewportOrgEx
SetViewportExtEx
SetMapMode
SaveDC
SelectPalette
GetDIBits
CreateDCA
CreateCompatibleBitmap
GetDeviceCaps
RemoveFontResourceA
AddFontResourceA
EnumFontFamiliesExA
Escape
GetObjectA
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateSolidBrush
StretchBlt
CreatePatternBrush
DeleteObject
SetBkColor
TextOutA
SetTextColor
CreateDIBitmap
CreateRectRgn
GetPixel
CombineRgn
CreateFontA
GetStockObject
SetViewportOrgEx
ExtTextOutA
RectVisible
PtVisible
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx

shell32

SHEmptyRecycleBinA
SHChangeNotify
SHGetSpecialFolderPathA
ShellExecuteA

msimg32

TransparentBlt

iphlpapi

GetAdaptersInfo
SendARP

shlwapi

PathFileExistsA
SHDeleteValueA
SHDeleteKeyA
PathAppendA

mpr

WNetAddConnection2A
WNetEnumResourceA
WNetCloseEnum
WNetCancelConnection2A
WNetOpenEnumA

winmm

waveOutGetNumDevs
mciSendStringA
waveOutGetDevCapsA

ws2_32

inet_addr
select
send
WSASetLastError
setsockopt
sendto
socket
htons
connect
closesocket
WSACleanup
gethostbyaddr
WSAStartup
gethostbyname
gethostname
inet_ntoa
recv

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

comdlg32

GetFileTitleA
PrintDlgA

winspool.drv

GetPrinterA
ClosePrinter
SetPrinterA
OpenPrinterA
EnumPrintersA
DocumentPropertiesA

advapi32

GetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
RegOpenKeyExA
CopySid
GetLengthSid
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
AddAce
InitializeAcl
FreeSid
AllocateAndInitializeSid
RegGetKeySecurity
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegCloseKey

comctl32

ord17

ole32

CoCreateInstance
CoCreateGuid

wininet

FindFirstUrlCacheEntryA
InternetOpenA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
InternetOpenUrlA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
FtpDeleteFileA
FtpRenameFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpPutFileA
FtpGetFileA
InternetFindNextFileA
FtpFindFirstFileA
InternetReadFile
HttpQueryInfoA
InternetGetConnectedState

rasapi32

RasEnumEntriesA
RasGetEntryDialParamsA
RasEnumConnectionsA
RasDialA
RasGetConnectStatusA
RasHangUpA

Exports

Exports

?LogInit@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?LogRealMsg@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0_NPAPAEPAI@Z
?YL_Log@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H0PBDZZ

Sections

.text
Size: 432KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac866e0f71f15de62525a634cd334c7b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msimg32

iphlpapi

shlwapi

mpr

winmm

ws2_32

version

comdlg32

winspool.drv

advapi32

comctl32

ole32

wininet

rasapi32

Exports

Exports

Sections

.text Size: 432KB - Virtual size: 428KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 232KB - Virtual size: 235KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 432KB - Virtual size: 428KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 232KB - Virtual size: 235KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 32KB - Virtual size: 31KB