blackmoon | 8c8d3dac402c33ed2c582ee7e87d87ecdba18a8bcf49f20dca9bca76955d10ef

Sharing

Copy URL Twitter E-mail

General

Target

8c8d3dac402c33ed2c582ee7e87d87ecdba18a8bcf49f20dca9bca76955d10ef
Size

772KB
MD5

bdba0e59bbaf5be9313e395e06174163
SHA1

9e41b67b2d3cf4d78df76ed8c8008f0aa538d82a
SHA256

8c8d3dac402c33ed2c582ee7e87d87ecdba18a8bcf49f20dca9bca76955d10ef
SHA512

4c21167eeeead14994b3534396e22d53bb6e2440770f57494f469c0db3b97d3b842e4f6c51f0f7809abf9e60d605ecfdf2b6718944129820bd1d0c9cd41ec778
SSDEEP

12288:udRIzqQg5JWVVznpybGMSxFunUug0gPAOSIDimlaurFI7jM9l+m3zW8KCdAjS3mb:mRIzqQgXNbClaiFCjm+m3zWuUS3mpBH

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

8c8d3dac402c33ed2c582ee7e87d87ecdba18a8bcf49f20dca9bca76955d10ef
.dll windows x86

fe18a98d1a3ed8a8898f85e40b36bb7a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
DeleteFileA
GetFileSize
ReadFile
GetCurrentDirectoryA
GetDiskFreeSpaceA
MulDiv
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetLocalTime
GetUserDefaultLCID
Sleep
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
QueryDosDeviceA
GetLogicalDriveStringsA
VirtualFreeEx
GetSystemDirectoryA
GetTempFileNameA
VirtualAllocEx
CopyFileA
GetTempPathA
GetVersionExA
VirtualProtect
FlushInstructionCache
GetCurrentProcess
VirtualFree
lstrcpynA
CreateFileA
GetThreadTimes
OpenThread
RtlZeroMemory
lstrlenA
LocalFree
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateThread
HeapCreate
CreateIoCompletionPort
GetTickCount
LocalAlloc
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
MultiByteToWideChar
Process32Next
Process32First
WriteFile
SetFilePointer
TerminateProcess
GlobalMemoryStatus
GetWindowsDirectoryA
lstrcpyA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
GetVersion
DeleteCriticalSection
SetSystemPowerState
GlobalReAlloc
UnmapViewOfFile
MapViewOfFile
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
SetEndOfFile
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GlobalHandle
TlsFree
LocalReAlloc
SetErrorMode
GlobalFlags
WritePrivateProfileStringA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
InterlockedExchange
GlobalSize
lstrcpyn
GlobalUnlock
GlobalLock
OpenProcess
WideCharToMultiByte
lstrlenW
GetLastError
ExitThread
GetCurrentThread
GetProcAddress
GetModuleHandleA
GlobalFree
GetCurrentThreadId
GlobalAlloc
lstrcmpiA
ExitProcess
VirtualAlloc
TlsSetValue
TlsGetValue
TlsAlloc
IsBadReadPtr
IsBadCodePtr
RtlMoveMemory
CloseHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
VirtualQuery
SetEnvironmentVariableA
GetEnvironmentVariableA
GetCurrentProcessId

shlwapi

PathFileExistsA
PathFindFileNameA

ws2_32

htonl
WSACleanup
WSAStartup
WSASend
htons
inet_addr
connect
closesocket
WSASocketA
inet_ntoa
getsockname
recvfrom
gethostbyname
send
WSARecv
gethostname
socket
sendto
listen
bind
accept
__WSAFDIsSet
select
recv
getpeername
ntohs

user32

RegisterClipboardFormatA
ClientToScreen
BeginPaint
EndPaint
UnhookWindowsHookEx
DestroyWindow
CreateDialogIndirectParamA
EndDialog
SendDlgItemMessageA
IsDialogMessageA
SetWindowTextA
GetDlgCtrlID
MoveWindow
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
GetMessagePos
GetMessageTime
RemovePropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
WinHelpA
GetCapture
GetTopWindow
AdjustWindowRectEx
MapWindowPoints
LoadIconA
UnregisterClassA
GetSysColorBrush
LoadStringA
EnableMenuItem
GetMenuCheckMarkDimensions
DestroyMenu
TabbedTextOutA
WindowFromDC
SetPropA
GetPropA
CallWindowProcA
GetSysColor
GetClassInfoA
DefWindowProcA
LoadCursorA
PostMessageA
CopyRect
SetRect
GetClientRect
InvalidateRect
ExitWindowsEx
SetForegroundWindow
SetActiveWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
EnableWindow
GetParent
PtInRect
GetWindowLongA
GetWindowTextA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
FindWindowA
IsWindow
SendMessageA
GetWindowRect
LoadBitmapA
GetMenuState
ModifyMenuA
wvsprintfA
MessageBoxA
GetDesktopWindow
GetWindow
GetWindowThreadProcessId
GetClassNameA
GetWindowTextLengthW
IsWindowVisible
GetCursorInfo
GetIconInfo
GetDC
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
SetMenuItemBitmaps
CheckMenuItem
SetWindowsHookExA
GetLastActivePopup
SetCursor
PostQuitMessage
GrayStringA
PostThreadMessageA
DrawTextA
DrawIcon
ReleaseDC
EnumWindows
RegisterWindowMessageA
wsprintfA
GetSystemMetrics
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA

gdi32

SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkMode
SetBkColor
CreateBitmap
CreatePalette
CreateDIBitmap
GetNearestPaletteIndex
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBrushIndirect
CreatePenIndirect
RestoreDC
SaveDC
SetWindowOrgEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
GdiFlush
CreateDIBSection
Rectangle
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
GetObjectA
GetStockObject
LineTo
CreateFontIndirectA
MoveToEx

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA

ole32

OleIsCurrentClipboard
CoInitializeSecurity
OleFlushClipboard
CoCreateInstance
CoSetProxyBlanket
OleRun
CLSIDFromProgID
CoRevokeClassObject
OleInitialize
CoInitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
OleUninitialize
CoRegisterMessageFilter
CoFreeUnusedLibraries

psapi

GetModuleFileNameExA

gdiplus

GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipDisposeImage
GdiplusStartup
GdiplusShutdown

mswsock

AcceptEx

oleaut32

VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
SysFreeString
VarR8FromCy
RegisterTypeLi

oledlg

ord8

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

shell32

SHGetSpecialFolderPathA

comctl32

_TrackMouseEvent
ord17

Exports

Exports

info

Sections

.text
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe18a98d1a3ed8a8898f85e40b36bb7a

Headers

File Characteristics

Imports

kernel32

shlwapi

ws2_32

user32

gdi32

advapi32

ole32

psapi

gdiplus

mswsock

oleaut32

oledlg

winspool.drv

shell32

comctl32

Exports

Exports

Sections

.text Size: 516KB - Virtual size: 515KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 160KB - Virtual size: 365KB

.rsrc Size: 4KB - Virtual size: 352B

.reloc Size: 52KB - Virtual size: 48KB

.text
Size: 516KB - Virtual size: 515KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 160KB - Virtual size: 365KB

.rsrc
Size: 4KB - Virtual size: 352B

.reloc
Size: 52KB - Virtual size: 48KB