blackmoon | f1795ebaa9939a42dc106b0fe804c3a2b1fcf12ce9a649bf420ce1353edc2806

Sharing

Copy URL Twitter E-mail

General

Target

f1795ebaa9939a42dc106b0fe804c3a2b1fcf12ce9a649bf420ce1353edc2806
Size

1.8MB
MD5

eecc333bd1d1c7802228bd16e9881974
SHA1

d305c5b6db6b477f37293be833657126db163c5c
SHA256

f1795ebaa9939a42dc106b0fe804c3a2b1fcf12ce9a649bf420ce1353edc2806
SHA512

3cfbff3350249f14937df93b457ce980b44d70addcce3fe3359ccb0cf95c7099b42397d6426b4720a61180be6f10bc32295655433aeb7f7d8ee573fe6932627e
SSDEEP

24576:dvEUBdc3s/VLOwrbpn3bh8/9eNrFk0ESUyb6yi3KmLDvop2P6xyAxNbmTBN4uq9k:dXDM8rsHK4DwWyNb6ik

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

f1795ebaa9939a42dc106b0fe804c3a2b1fcf12ce9a649bf420ce1353edc2806
.exe windows x86

845734ff8bacbe5000011c4ab9bd759e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
FreeLibrary
GetModuleFileNameA
GetCommandLineA
FormatMessageA
GetUserDefaultLCID
GetFileSize
WriteFile
WritePrivateProfileStringA
GetPrivateProfileStringA
RemoveDirectoryA
DeleteFileA
GetTickCount
FindClose
FindFirstFileA
FindNextFileA
ReadFile
SetFilePointer
CreateFileA
Sleep
IsBadReadPtr
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
LocalSize
lstrlenW
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetNativeSystemInfo
GetProcessHeap
CreateThread
CreateEventA
OpenEventA
CreateFileMappingA
OpenFileMappingA
CreateMutexA
GetCurrentProcessId
Module32Next
CreateToolhelp32Snapshot
VirtualProtect
DeviceIoControl
GlobalSize
GlobalMemoryStatusEx
GetComputerNameA
TerminateProcess
GetModuleHandleW
CloseHandle
SetWaitableTimer
CreateWaitableTimerW
HeapFree
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
VirtualFree
VirtualAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MoveFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
UnhandledExceptionFilter
HeapSize
GetSystemTime
SetErrorMode
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcatA
GlobalFlags
MulDiv
LocalReAlloc
GlobalReAlloc
GlobalHandle
LocalAlloc
lstrcpyA
lstrcpynA
LocalFree
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
LCMapStringW
IsBadCodePtr
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
RaiseException
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
RtlUnwind
GetVersion
GetLocalTime
UnmapViewOfFile
MapViewOfFile
ReleaseMutex
WaitForSingleObject
TerminateThread
GetExitCodeThread
GetVolumeInformationA
InitializeCriticalSection
lstrcpyn
QueryPerformanceFrequency
QueryPerformanceCounter
LeaveCriticalSection
CreateDirectoryA
RtlMoveMemory
IsDebuggerPresent
EnterCriticalSection
GetCurrentProcess
GetLastError
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
lstrlenA
GetTempPathA

user32

LoadCursorW
LookupIconIdFromDirectoryEx
RegisterClassExW
DefWindowProcW
SetCursor
SendMessageA
GetAsyncKeyState
IntersectRect
InvalidateRect
UpdateLayeredWindow
ReleaseCapture
PostMessageW
IsZoomed
IsIconic
GetPropA
LoadCursorFromFileW
SetTimer
PtInRect
ReleaseDC
SetCaretPos
GetCursorPos
GetWindowRect
CallWindowProcW
TrackMouseEvent
ShowWindow
BeginPaint
EndPaint
SetCapture
GetFocus
SetFocus
SetWindowLongW
SetWindowPos
SetPropA
GetClassLongW
GetWindowTextW
GetParent
SetWindowRgn
MoveWindow
GetSystemMetrics
RemovePropA
SetForegroundWindow
MessageBoxA
wsprintfA
DispatchMessageA
GetMessageA
PeekMessageA
DispatchMessageW
TranslateMessage
GetMessageW
EnableWindow
IsWindowEnabled
GetForegroundWindow
GetActiveWindow
SetActiveWindow
IsWindow
PostQuitMessage
PostMessageA
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
GetDlgCtrlID
GetWindow
ClientToScreen
UnhookWindowsHookEx
GetMenuItemCount
KillTimer
GetDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
GetWindowPlacement
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
GetClassNameW
SystemParametersInfoA
SendMessageW
CreateWindowExW
MsgWaitForMultipleObjects
CopyImage
CreateIconFromResourceEx
CreateWindowStationA
GetClassNameA
GetWindowTextA
IsWindowVisible
GetWindowLongA
GetWindowThreadProcessId
SetWindowTextA

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconW
ShellExecuteA

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CLSIDFromProgID
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CLSIDFromString
StringFromGUID2
CreateStreamOnHGlobal

gdi32

CreateDIBSection
CreateCompatibleDC
BitBlt
SelectObject
DeleteObject
DeleteDC
CreateRoundRectRgn
CreateRectRgn
GetDIBits
GetObjectA
GetStockObject
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps

wsock32

closesocket
send
recv
getsockname
ntohs
WSAAsyncSelect
select
socket
WSACleanup
gethostbyname
connect
ioctlsocket
WSAStartup
htons

gdiplus

GdipBitmapLockBits
GdipSetTextRenderingHint
GdipCreateStringFormat
GdipSetStringFormatHotkeyPrefix
GdipDeleteStringFormat
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipDeleteBrush
GdipMeasureString
GdipGetFontHeight
GdipCreateSolidFill
GdipGetTextRenderingHint
GdipCreateBitmapFromScan0
GdipCloneBitmapArea
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipGetStringFormatAlign
GdipGetStringFormatTrimming
GdipGetStringFormatFlags
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipSaveImageToStream
GdipDeleteGraphics
GdipGetImagePixelFormat
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipSetPenDashStyle
GdipDeletePen
GdipDrawRectangle
GdipSetClipRegion
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateImageAttributes
GdiplusStartup
GdipDrawImageRect
GdipSetClipRect
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRect
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipGraphicsClear
GdipResetClip
GdipDisposeImage
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateFont
GdipGetFontStyle
GdipGetFontSize
GdipGetFamilyName
GdipLoadImageFromStream
GdipDrawString
GdipSetStringFormatMeasurableCharacterRanges
GdipCreateRegion
GdipMeasureCharacterRanges
GdipGetRegionBounds
GdipDeleteRegion
GdipCreateRegionHrgn
GdipDrawPath
GdipDeletePath
GdipCreatePath
GdipAddPathArc
GdipClosePathFigure
GdipFillPath
GdipCreateLineBrush
GdipCreatePen2
GdipFillPolygon
GdipDrawPolygon
GdipCreatePathGradientFromPath
GdipGetCompositingQuality
GdipCreateHBITMAPFromBitmap
GdipSetClipPath
GdipBitmapUnlockBits

oleaut32

VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
OleLoadPicture

imm32

ImmAssociateContext
ImmGetContext

oledlg

ord8

shlwapi

PathFileExistsA

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA

rasapi32

RasHangUpA
RasGetConnectStatusA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

wininet

InternetCloseHandle
InternetSetOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetConnectA
InternetOpenA

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 720KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

845734ff8bacbe5000011c4ab9bd759e

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

gdi32

wsock32

gdiplus

oleaut32

imm32

oledlg

shlwapi

advapi32

rasapi32

winspool.drv

comctl32

wininet

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 720KB - Virtual size: 864KB

.rsrc Size: 4KB - Virtual size: 684B

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 720KB - Virtual size: 864KB

.rsrc
Size: 4KB - Virtual size: 684B