blackmoon | 7b71f26fc78c4f4f6c6871d0874fa9c21d6ebaf768b5c606d418813764100a98

Sharing

Copy URL Twitter E-mail

General

Target

7b71f26fc78c4f4f6c6871d0874fa9c21d6ebaf768b5c606d418813764100a98
Size

856KB
MD5

b1aee502a4ee0560c01856646274b740
SHA1

3cbb246a89cff2b9d731be06853f057bc7ad12fc
SHA256

7b71f26fc78c4f4f6c6871d0874fa9c21d6ebaf768b5c606d418813764100a98
SHA512

e07a934775d05b937d4f6c739c143d4c0b9ebbe5bc09a769d6066016a248c38561d32aa1bdaf24520c2478a8c09f070e342673d18e04e0a123a3ca9338d29f67
SSDEEP

12288:QA9esCEIhlHFf5D6eQnegMian+l1uBrTMLiKpR2LpCETR5nWFpPoSBN:QA9esCzblfR5xiiRFYfbx

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

7b71f26fc78c4f4f6c6871d0874fa9c21d6ebaf768b5c606d418813764100a98
.dll windows x86

a954a2ed1f9b7e68b741787047cc154a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

kernel32

GetVersion
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
FlushFileBuffers
lstrcpynA
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
lstrcatA
SetLastError
GlobalAlloc
MultiByteToWideChar
lstrlenA
lstrcpyA
Sleep
LocalFree
LocalAlloc
VirtualFreeEx
CloseHandle
WaitForSingleObject
ResumeThread
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
TerminateProcess
GetLastError
SetFilePointer
IsBadReadPtr
GlobalLock
GlobalUnlock
GlobalFree
CreateToolhelp32Snapshot
Process32First
GetCurrentProcess
Process32Next
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetCurrentThreadId
OpenFileMappingA
LoadLibraryA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcessId
VirtualProtect
FreeLibrary
GetProcAddress
LoadLibraryExA
GetVersionExA
GetCommandLineA
LCMapStringA
GetModuleFileNameA
GetTickCount
WriteFile
CreateFileA
GetFileSize
ReadFile
GlobalFlags

shlwapi

PathFileExistsA

user32

GetDlgCtrlID
SetWindowTextA
GetMenuItemCount
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
ValidateRect
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PostMessageA
PostQuitMessage
GetParent
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetWindowTextA
GetCursorPos
GetDlgItem
ShowWindow
SystemParametersInfoA
GetDC
ReleaseDC
FindWindowA
GetWindowThreadProcessId
GetClassNameA
SendMessageA
GetWindowRect
GetSystemMetrics
DestroyWindow
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
KillTimer
CallNextHookEx
SetWindowsHookExA
CallWindowProcA
GetAsyncKeyState
SetTimer
DestroyMenu
ModifyMenuA
SetWindowLongA

gdi32

DeleteDC
SelectObject
GetDeviceCaps
Escape
TextOutA
RectVisible
PtVisible
GetObjectA
GetStockObject
CreateBitmap
SaveDC
RestoreDC
ExtTextOutA
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
DeleteObject

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

Exports

Exports

ȡ��ǰFPS
ִ�з��ش��1

Sections

.text
Size: 288KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 504KB - Virtual size: 627KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a954a2ed1f9b7e68b741787047cc154a

Headers

File Characteristics

Imports

winmm

kernel32

shlwapi

user32

gdi32

advapi32

shell32

winspool.drv

comctl32

Exports

Exports

Sections

.text Size: 288KB - Virtual size: 284KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 504KB - Virtual size: 627KB

.rsrc Size: 4KB - Virtual size: 664B

.reloc Size: 36KB - Virtual size: 34KB

.text
Size: 288KB - Virtual size: 284KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 504KB - Virtual size: 627KB

.rsrc
Size: 4KB - Virtual size: 664B

.reloc
Size: 36KB - Virtual size: 34KB