blackmoon | 329a6da20d49e1f03a95b5bbe7fcfb39d70f0cf687013845069bea1cec4a2a94

Sharing

Copy URL Twitter E-mail

General

Target

329a6da20d49e1f03a95b5bbe7fcfb39d70f0cf687013845069bea1cec4a2a94
Size

4.2MB
MD5

3b1640f47b13cb0d8fea1cbaffb09dd8
SHA1

dd89d83004af9492c5983ad9c968ccf6fbf1de7e
SHA256

329a6da20d49e1f03a95b5bbe7fcfb39d70f0cf687013845069bea1cec4a2a94
SHA512

f7e9bd502a4f60b44f7a478b94bba7e03881da898ce6d8ea371dc635f7921abd39ecb42cb176cf60201bfb0c8e451b1e53b3f2ad7519cb9cc21093dedaba0b27
SSDEEP

49152:rm67cvDgYGERUAhZjNGlY+/bM/dPy+cT/8ks22ur9tpaGADCjSkAl2+A7U4hYtf:y67cvDXGsUgG1/Q/g+ZmiPDC+kAEG4

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

329a6da20d49e1f03a95b5bbe7fcfb39d70f0cf687013845069bea1cec4a2a94
.exe windows x86

dadd57b31ba1dce00c02319cde2b533a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
LCMapStringA
LoadLibraryA
GetCommandLineA
SetFilePointer
MoveFileA
FormatMessageA
GetUserDefaultLCID
SetFileAttributesA
DeleteFileA
CreateDirectoryA
GetPrivateProfileStringA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
WriteFile
GetFileSize
ReadFile
GetTickCount
WritePrivateProfileStringA
GetModuleFileNameA
IsBadReadPtr
HeapReAlloc
ExitProcess
lstrcmpiW
lstrcmpW
HeapCreate
HeapDestroy
InterlockedDecrement
InterlockedIncrement
InterlockedExchangeAdd
RtlZeroMemory
VirtualFree
HeapAlloc
HeapFree
GetProcessHeap
VirtualAlloc
VirtualQueryEx
lstrcpyn
InitializeCriticalSection
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
lstrcpyA
IsBadCodePtr
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetModuleHandleA
GetFileAttributesW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SetWaitableTimer
CreateWaitableTimerA
CreateFileA
GetCurrentProcessId
FindClose
FindFirstFileW
QueryDosDeviceW
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
lstrlenW
lstrlenA
MultiByteToWideChar
InterlockedExchange
RtlMoveMemory
CloseHandle
LocalFree
LocalAlloc
OpenProcess
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetLastError
CreateThread
DeleteCriticalSection
Sleep
GetTimeZoneInformation
SetLastError
TerminateProcess
lstrcatA
LockResource
LoadResource
FindResourceA
GetVersion
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
lstrcpynA
FlushFileBuffers
MulDiv
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentProcess

user32

SendDlgItemMessageA
IsDialogMessageA
SetFocus
GetWindowPlacement
IsIconic
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
SetWindowsHookExA
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
GetSysColorBrush
TabbedTextOutA
UnregisterClassA
PostThreadMessageA
GetMenuItemCount
DestroyMenu
GetLastActivePopup
PostMessageA
PostQuitMessage
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetWindowTextA
GetCursorPos
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
GetDC
ReleaseDC
ClientToScreen
GetClassNameA
GetWindowRect
SetWindowTextA
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
GetDlgCtrlID
EndDialog
CreateDialogIndirectParamA
DestroyWindow
UnhookWindowsHookEx
GrayStringA
DrawTextA
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
SetActiveWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
CallNextHookEx
LoadStringA
ValidateRect
GetSystemMetrics
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowThreadProcessId
GetClientRect
GetPropA
SetPropA
CreateIconFromResource
IsWindow
CallWindowProcA
FindWindowA
RegisterWindowMessageA
SendMessageA
FindWindowExA
SetWindowLongA
GetDesktopWindow
SetForegroundWindow
SetWindowPos
MsgWaitForMultipleObjects
PostMessageW
SetCursor
LoadCursorA

advapi32

RegQueryValueExA
RegCloseKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegOpenKeyA

shell32

SHAppBarMessage
SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
Shell_NotifyIconA

ole32

OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

gdi32

RectVisible
TextOutA
Escape
GetClipBox
PtVisible
ScaleWindowExtEx
GetStockObject
GetObjectA
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
ExtTextOutA
SelectObject
DeleteDC
DeleteObject

wininet

InternetGetConnectedState
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenA

shlwapi

PathIsDirectoryW
StrToIntExW
StrToIntW
PathFileExistsA

psapi

GetProcessImageFileNameW

gdiplus

GdiplusStartup
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipGetImageWidth
GdipDisposeImage
GdiplusShutdown

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit

rasapi32

RasGetConnectStatusA
RasHangUpA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

wsock32

send
recv
closesocket
select
WSACleanup
WSAStartup

Sections

umqZX
Size: 668KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

FVfnDS
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

iNwxY
Size: 3.5MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

byGHw
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dadd57b31ba1dce00c02319cde2b533a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

gdi32

wininet

shlwapi

psapi

gdiplus

oledlg

oleaut32

rasapi32

winspool.drv

comctl32

wsock32

Sections

umqZX Size: 668KB - Virtual size: 664KB

FVfnDS Size: 32KB - Virtual size: 28KB

iNwxY Size: 3.5MB - Virtual size: 3.7MB

byGHw Size: 20KB - Virtual size: 17KB

umqZX
Size: 668KB - Virtual size: 664KB

FVfnDS
Size: 32KB - Virtual size: 28KB

iNwxY
Size: 3.5MB - Virtual size: 3.7MB

byGHw
Size: 20KB - Virtual size: 17KB