blackmoon | 407c153fb6b461ede36d52da7f84a42c04e3b7da5635071378f0f2219c238e60

Sharing

Copy URL Twitter E-mail

General

Target

407c153fb6b461ede36d52da7f84a42c04e3b7da5635071378f0f2219c238e60
Size

3.9MB
MD5

72616cc6b6cdc13b1400122c7e9e9884
SHA1

24b20fbe6c1009e1f7a2ececb9a95c8588426eb7
SHA256

407c153fb6b461ede36d52da7f84a42c04e3b7da5635071378f0f2219c238e60
SHA512

9555592e3fb92b804b062ea630e26640ab6e8cee43a1b3afc9ff0a1a2784f07687e97968b721e70f86e67f8a979c57461dbbf71cbbd1b8db98267a74a688954f
SSDEEP

98304:kjnRIkew7x2MQxf7VLfHX3hD25xf8yX0icb:kjRIkeYQFxfxr3EOyS

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

407c153fb6b461ede36d52da7f84a42c04e3b7da5635071378f0f2219c238e60
.exe windows x86

9d430cb8e8ebaf2d726023be211a226c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalMemoryStatusEx
Module32Next
CreateToolhelp32Snapshot
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetFileAttributesA
UnhandledExceptionFilter
GetDiskFreeSpaceExA
GetACP
TerminateProcess
HeapSize
RaiseException
RtlUnwind
CreateFileA
Process32First
Process32Next
SetHandleCount
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
VirtualAlloc
VirtualFree
GetCurrentProcessId
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetStdHandle
WriteFile
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTickCount
GetLocalTime
FindClose
FindFirstFileA
FindNextFileA
DeleteFileA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCommandLineA
GetModuleHandleA
Sleep
IsDebuggerPresent
CreateEventA
OpenEventA
CreateMutexA
SetWaitableTimer
CreateWaitableTimerA
UnmapViewOfFile
FreeEnvironmentStringsA
VirtualProtect
CloseHandle
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetCurrentThreadId
LocalAlloc
LocalFree
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalLock
GlobalReAlloc
GlobalAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
GetVersion
SetLastError
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetProcessVersion
lstrcmpA
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
ReadFile
SetFilePointer
FlushFileBuffers

user32

DrawTextA
GrayStringA
DispatchMessageA
IsWindowVisible
GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
TranslateMessage
CallWindowProcA
GetSystemMetrics
PeekMessageA
OpenClipboard
EmptyClipboard
CloseClipboard
CreateDialogIndirectParamA
UpdateWindow
GetMessageA
SendMessageA
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
ShowWindow
SetWindowLongA
GetWindowRect
ScreenToClient
SetWindowPos
GetWindowLongA
GetWindowTextLengthA
wsprintfA
MessageBoxA
GetWindowInfo
CreateWindowStationA
EnableWindow
GetParent
IsWindowEnabled
GetForegroundWindow
SetForegroundWindow
SetWindowsHookExA
CallNextHookEx
GetKeyState
UnhookWindowsHookEx
LoadStringA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
TabbedTextOutA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetDlgCtrlID
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
PtInRect
ClientToScreen
DestroyMenu

advapi32

RegEnumKeyA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegOpenKeyA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

WSAStartup
closesocket
socket
htons
inet_addr
connect
gethostbyname
send
recv
getsockname
ntohs
WSAAsyncSelect
select
WSACleanup

gdi32

ExtTextOutA
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetStockObject
GetObjectA
Escape

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 348KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.6MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d430cb8e8ebaf2d726023be211a226c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

gdi32

winspool.drv

comctl32

Sections

.text Size: 348KB - Virtual size: 344KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 3.6MB - Virtual size: 3.7MB

.rsrc Size: 4KB - Virtual size: 596B

.text
Size: 348KB - Virtual size: 344KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 3.6MB - Virtual size: 3.7MB

.rsrc
Size: 4KB - Virtual size: 596B