blackmoon | ff8f37b126b75f51a0a462ff0653ba4d2f1294c0f97e3bb44c3593a15c494e89

Sharing

Copy URL Twitter E-mail

General

Target

ff8f37b126b75f51a0a462ff0653ba4d2f1294c0f97e3bb44c3593a15c494e89
Size

280KB
MD5

6e8e6bf8374ba19addebeb69afb3c7d9
SHA1

5a3786fd256021b2939ed5a4c4423160bea151b1
SHA256

ff8f37b126b75f51a0a462ff0653ba4d2f1294c0f97e3bb44c3593a15c494e89
SHA512

281bb4ec7ec9f6adf9217f94959f2fc438fa487fae3677af85f6f31289d2e287de6b153c74386aa6997e360130733fb6cb75db0a7c76eb827431866839fa2258
SSDEEP

3072:PYufyIxQWlmAGxpJQFOEI3i755Y2DeaZSaG2wlas3osupkNmItc:PY47CMO1u7ZnG2Ealp

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

ff8f37b126b75f51a0a462ff0653ba4d2f1294c0f97e3bb44c3593a15c494e89
.exe windows x86

f54c4ad58932e09d3659ab0b24e4e6c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetCommandLineA
LCMapStringA
FormatMessageA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
VirtualProtect
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
GetExitCodeThread
VirtualFreeEx
WaitForSingleObject
CreateToolhelp32Snapshot
WideCharToMultiByte
SetEnvironmentVariableA
CompareStringW
CompareStringA
Sleep
GetTickCount
GetTimeZoneInformation
SetLastError
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
CloseHandle
lstrlenA
InterlockedIncrement
InterlockedDecrement
LocalFree
GetLastError
lstrcpynA
EnterCriticalSection
lstrcpyA
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GetCurrentProcess
WriteFile
SetFilePointer
FlushFileBuffers
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
MulDiv
GlobalFlags
WritePrivateProfileStringA
lstrcatA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
LockResource
LoadResource
FindResourceA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
TerminateProcess
RaiseException
GetSystemTime
GetLocalTime
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
MultiByteToWideChar

user32

TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
ReleaseDC
AdjustWindowRectEx
SetActiveWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
GetMenuItemCount
UnhookWindowsHookEx
ClientToScreen
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
GetSystemMetrics
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
IsWindow
SetWindowTextA
GetDC
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowTextA
GetWindow
GetDesktopWindow
GetMenu

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetMapMode
RectVisible
PtVisible
GetObjectA
GetStockObject
SetTextColor
SetBkColor
SelectObject
RestoreDC
TextOutA
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
Escape
ExtTextOutA
CreateBitmap

ole32

CoInitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoUninitialize
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit

rasapi32

RasHangUpA
RasGetConnectStatusA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comctl32

ord17

wsock32

WSAStartup
WSACleanup
gethostname
select
closesocket
recv
send
connect
htons
ioctlsocket
gethostbyname
WSASetLastError
socket
setsockopt

wininet

InternetCloseHandle

Sections

.text
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f54c4ad58932e09d3659ab0b24e4e6c9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

advapi32

oledlg

oleaut32

rasapi32

winspool.drv

comctl32

wsock32

wininet

Sections

.text Size: 220KB - Virtual size: 216KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 28KB - Virtual size: 136KB

.rsrc Size: 4KB - Virtual size: 408B

.text
Size: 220KB - Virtual size: 216KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 28KB - Virtual size: 136KB

.rsrc
Size: 4KB - Virtual size: 408B