blackmoon | 4a2d5dcbce4a131e76bbcab1e134b9d5f159d3b28cc9372522943359e519d76c

Sharing

Copy URL Twitter E-mail

General

Target

4a2d5dcbce4a131e76bbcab1e134b9d5f159d3b28cc9372522943359e519d76c
Size

464KB
MD5

9b857f7687c0d916bb9d3fd32ef15bdc
SHA1

9d611d989502c3a00459b93e1f28a0292f94fe68
SHA256

4a2d5dcbce4a131e76bbcab1e134b9d5f159d3b28cc9372522943359e519d76c
SHA512

731ee713a5148203bfcd5f1df3aafbd637f605e369c4bdf3f88f7fdb17c1d275e039de6cf7fe040545d9d29a495a6359492e29c187c94e35ee08f3d5e4524b04
SSDEEP

12288:5nizWny8nqyCxY7waoc1ZoI6go0G2WQn8I:50x+wao5phpQ7

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

4a2d5dcbce4a131e76bbcab1e134b9d5f159d3b28cc9372522943359e519d76c
.dll windows x86

810eaa50c6cc5ded32be8ab07b239989

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
GetCommandLineA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
GetStartupInfoA
CreateProcessA
WaitForSingleObject
RemoveDirectoryA
GetTickCount
FindClose
FindFirstFileA
FindNextFileA
DeleteFileA
GetModuleFileNameA
IsBadReadPtr
HeapReAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
lstrcmpiW
MultiByteToWideChar
lstrcmpW
HeapFree
HeapAlloc
RtlZeroMemory
RtlMoveMemory
LocalFree
LocalAlloc
GetNumberFormatA
GetLocaleInfoA
Module32Next
Module32First
VirtualProtect
VirtualQueryEx
ReadProcessMemory
SetWaitableTimer
CreateWaitableTimerA
WideCharToMultiByte
lstrlenW
TerminateProcess
OpenProcess
GetCurrentProcess
FreeLibrary
VirtualFreeEx
VirtualAllocEx
CreateThread
CreateRemoteThread
CloseHandle
Process32Next
CreateToolhelp32Snapshot
WriteProcessMemory
GetProcAddress
LoadLibraryA
MoveFileA
CreateDirectoryA
GetCurrentProcessId
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetVersion
MulDiv
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
WriteFile
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle

user32

GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
TabbedTextOutA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetDlgCtrlID
GetWindowRect
PtInRect
UnregisterClassA
UnhookWindowsHookEx
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
GetWindowLongA
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
SetForegroundWindow
GrayStringA
UpdateWindow
DrawTextA
SetActiveWindow
GetActiveWindow
IsWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
GetClassInfoA
GetWindowThreadProcessId
SetWindowLongA
GetDesktopWindow
GetWindow
GetClassNameA
GetWindowTextLengthW
GetWindowTextW
MsgWaitForMultipleObjects
CallWindowProcA
PeekMessageA
GetMessageA
MessageBoxTimeoutA
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage

gdi32

GetDeviceCaps
PtVisible
RectVisible
TextOutA
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
GetObjectA
GetStockObject
CreateBitmap
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
Escape
ExtTextOutA

advapi32

InitializeAcl
CryptEncrypt
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptGetKeyParam
CryptDestroyKey
CryptSetKeyParam
CryptDecrypt
CryptReleaseContext
CryptImportKey
CryptAcquireContextA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
SetSecurityInfo

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleRun
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

wininet

InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetSetOptionA
InternetOpenA

shlwapi

StrToIntW
PathFileExistsA
StrToIntExW

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comctl32

ord17

shell32

SHGetSpecialFolderPathA

Exports

Exports

CloseDriver
DefDriverProc
DriverCallback
DrvGetModuleHandle
GetDriverModuleHandle
NotifyCallbackData
OpenDriver
PlaySound
PlaySoundA
PlaySoundW
SendDriverMessage
WOW32DriverCallback
WOW32ResolveMultiMediaHandle
WOWAppExit
aux32Message
auxGetDevCapsA
auxGetDevCapsW
auxGetNumDevs
auxGetVolume
auxOutMessage
auxSetVolume
joy32Message
joyConfigChanged
joyGetDevCapsA
joyGetDevCapsW
joyGetNumDevs
joyGetPos
joyGetPosEx
joyGetThreshold
joyReleaseCapture
joySetCapture
joySetThreshold
mci32Message
mciDriverNotify
mciDriverYield
mciExecute
mciFreeCommandResource
mciGetCreatorTask
mciGetDeviceIDA
mciGetDeviceIDFromElementIDA
mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
mciGetDriverData
mciGetErrorStringA
mciGetErrorStringW
mciGetYieldProc
mciLoadCommandResource
mciSendCommandA
mciSendCommandW
mciSendStringA
mciSendStringW
mciSetDriverData
mciSetYieldProc
mid32Message
midiConnect
midiDisconnect
midiInAddBuffer
midiInClose
midiInGetDevCapsA
midiInGetDevCapsW
midiInGetErrorTextA
midiInGetErrorTextW
midiInGetID
midiInGetNumDevs
midiInMessage
midiInOpen
midiInPrepareHeader
midiInReset
midiInStart
midiInStop
midiInUnprepareHeader
midiOutCacheDrumPatches
midiOutCachePatches
midiOutClose
midiOutGetDevCapsA
midiOutGetDevCapsW
midiOutGetErrorTextA
midiOutGetErrorTextW
midiOutGetID
midiOutGetNumDevs
midiOutGetVolume
midiOutLongMsg
midiOutMessage
midiOutOpen
midiOutPrepareHeader
midiOutReset
midiOutSetVolume
midiOutShortMsg
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamPause
midiStreamPosition
midiStreamProperty
midiStreamRestart
midiStreamStop
mixerClose
mixerGetControlDetailsA
mixerGetControlDetailsW
mixerGetDevCapsA
mixerGetDevCapsW
mixerGetID
mixerGetLineControlsA
mixerGetLineControlsW
mixerGetLineInfoA
mixerGetLineInfoW
mixerGetNumDevs
mixerMessage
mixerOpen
mixerSetControlDetails
mmDrvInstall
mmGetCurrentTask
mmTaskBlock
mmTaskCreate
mmTaskSignal
mmTaskYield
mmioAdvance
mmioAscend
mmioClose
mmioCreateChunk
mmioDescend
mmioFlush
mmioGetInfo
mmioInstallIOProcA
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRead
mmioRenameA
mmioRenameW
mmioSeek
mmioSendMessage
mmioSetBuffer
mmioSetInfo
mmioStringToFOURCCA
mmioStringToFOURCCW
mmioWrite
mmsystemGetVersion
mod32Message
mxd32Message
sndPlaySoundA
sndPlaySoundW
tid32Message
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetSystemTime
timeGetTime
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
waveInGetErrorTextW
waveInGetID
waveInGetNumDevs
waveInGetPosition
waveInMessage
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInStop
waveInUnprepareHeader
waveOutBreakLoop
waveOutClose
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutGetErrorTextA
waveOutGetErrorTextW
waveOutGetID
waveOutGetNumDevs
waveOutGetPitch
waveOutGetPlaybackRate
waveOutGetPosition
waveOutGetVolume
waveOutMessage
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutSetPitch
waveOutSetPlaybackRate
waveOutSetVolume
waveOutUnprepareHeader
waveOutWrite
wid32Message
wod32Message
��_ȡʮ��ı�
��_ʮ��ı��
��_ʮ��ı��ֽڼ�

Sections

.text
Size: 324KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

810eaa50c6cc5ded32be8ab07b239989

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

wininet

shlwapi

oledlg

oleaut32

winspool.drv

comctl32

shell32

Exports

Exports

Sections

.text Size: 324KB - Virtual size: 321KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 72KB - Virtual size: 156KB

.rsrc Size: 4KB - Virtual size: 664B

.reloc Size: 28KB - Virtual size: 24KB

.text
Size: 324KB - Virtual size: 321KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 72KB - Virtual size: 156KB

.rsrc
Size: 4KB - Virtual size: 664B

.reloc
Size: 28KB - Virtual size: 24KB