blackmoon | 1d91f071bdecc2372f0e0aeb1f986df77b361677ec44ec99fc06e231f86e4324

Sharing

Copy URL Twitter E-mail

General

Target

1d91f071bdecc2372f0e0aeb1f986df77b361677ec44ec99fc06e231f86e4324
Size

1.9MB
MD5

28aa6a62574961257199f39eff9ca939
SHA1

41104fa34cdc313634b08d1837e1bb1b05ad3d6f
SHA256

1d91f071bdecc2372f0e0aeb1f986df77b361677ec44ec99fc06e231f86e4324
SHA512

15e70384f44f7bbbc8cb7c54d30bc80870647063c7037e144d976ccf5131d2f7821f34597274728219d6a7cd96abc02c4ae55c0afc576329f9f2d8748bb82715
SSDEEP

24576:2n21TGTcf4N5sOkN9+elONg/21fWZXRbw5+jLCSTlKJwQRvf2FfWl8KuqGavkg3x:2n2bGX+s8KuqGaX0ToIBAUZLY

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

1d91f071bdecc2372f0e0aeb1f986df77b361677ec44ec99fc06e231f86e4324
.dll windows x86

a4a9c324e6a00980d42e034364c8daf1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
GetProcAddress
FreeLibrary
GetCommandLineA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
FormatMessageA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
GetModuleFileNameA
GetLocalTime
CreateFileA
WriteFile
CloseHandle
IsBadReadPtr
HeapReAlloc
ExitProcess
GetModuleHandleA
VirtualFree
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
OutputDebugStringA
GetTickCount
lstrcmpA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
GlobalDeleteAtom
LocalFree
LocalAlloc
GlobalHandle
TlsFree
GlobalReAlloc
LocalReAlloc
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetVersion
MulDiv
GlobalFlags
WritePrivateProfileStringA
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
GetCurrentProcess
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP
RtlUnwind
TerminateProcess
RaiseException
HeapSize
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetVersionExA
IsBadWritePtr
Sleep
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
SetStdHandle
InterlockedExchange
lstrlenA
lstrcmpiW
HeapDestroy
HeapCreate
lstrcmpW
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
RtlZeroMemory
lstrlenW
InitializeCriticalSection
VirtualProtect
VirtualQuery
HeapFree
GetProcessHeap
VirtualAlloc
RtlMoveMemory
SetEnvironmentVariableA
GetEnvironmentVariableA
GetCurrentProcessId
TlsSetValue
TlsGetValue
TlsAlloc
IsBadCodePtr
LoadLibraryA
GetTempPathA
GetACP
CreateEventA

user32

GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
IsDialogMessageA
SetForegroundWindow
SendDlgItemMessageA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetFocus

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
PtVisible
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
GetObjectA
GetStockObject
GetDeviceCaps
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
CreateBitmap

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegEnumKeyExA
RegOpenKeyA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegOpenKeyExA

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize

shlwapi

PathFileExistsA
StrToIntExW
StrToIntW

winhttp

WinHttpCrackUrl

oleaut32

VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SystemTimeToVariantTime
SysFreeString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime

oledlg

ord8

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

Exports

Exports

convercontent
decodecontent
delcache
initactivity

Sections

.text
Size: 824KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 824KB - Virtual size: 824KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sedata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4a9c324e6a00980d42e034364c8daf1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

shlwapi

winhttp

oleaut32

oledlg

winspool.drv

comctl32

Exports

Exports

Sections

.text Size: 824KB - Virtual size: 824KB

.rdata Size: 824KB - Virtual size: 824KB

.data Size: 108KB - Virtual size: 192KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: - Virtual size: 44KB

.sedata Size: 116KB - Virtual size: 116KB

.idata Size: 8KB - Virtual size: 8KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 824KB - Virtual size: 824KB

.rdata
Size: 824KB - Virtual size: 824KB

.data
Size: 108KB - Virtual size: 192KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: - Virtual size: 44KB

.sedata
Size: 116KB - Virtual size: 116KB

.idata
Size: 8KB - Virtual size: 8KB

.reloc
Size: 32KB - Virtual size: 32KB