blackmoon | c633820dcc53595bb956125ca723c7b2a4bc9b1baf44534c9597910185052cda

Sharing

Copy URL

Twitter E-mail

General

Target

c633820dcc53595bb956125ca723c7b2a4bc9b1baf44534c9597910185052cda
Size

244KB
MD5

17782ef70085b3d7fe63a6cc4ad315cb
SHA1

18564fa1323633d905571b9b4b9dea51e0d0b5a9
SHA256

c633820dcc53595bb956125ca723c7b2a4bc9b1baf44534c9597910185052cda
SHA512

6d5e22e4d058555344d37b2f96455ca56f40076472d1872b5b03bbf35eeffc4e68202cc2becd0611ccff0930eb88a91370cd28d5307b5c5fe1be87021800205f
SSDEEP

3072:nFXMiTZOek0drM6a4VsBGcddZ2G3xebtvZxsmz:nFXMiTZxdrpK1vEZA

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Files

c633820dcc53595bb956125ca723c7b2a4bc9b1baf44534c9597910185052cda
.exe windows x86

c08cd11d2e3a7eb165995b072f7df9e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetCurrentProcess
ExitProcess
RtlMoveMemory
VirtualAlloc
VirtualFree
GetStartupInfoA
CreateProcessA
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
GetProcAddress
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
CloseHandle
OpenProcess
MultiByteToWideChar
GetProcessHeap
HeapFree
HeapAlloc
InterlockedExchange
LocalSize
lstrlenA
HeapReAlloc
IsBadReadPtr
GetVersionExA
WideCharToMultiByte
GlobalFree
GlobalUnlock
GetCPInfo
GetOEMCP
LCMapStringA
GetModuleFileNameA
GetCommandLineA
GetCurrentDirectoryA
RtlUnwind
GlobalAlloc
SetErrorMode
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetStdHandle
GetTickCount
GlobalLock
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
lstrcpynA
FlushFileBuffers
LocalFree
MulDiv
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetVersion
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
WriteFile
SetFilePointer
GetLastError
TerminateProcess
Sleep
FreeLibrary
lstrcpyA
LoadLibraryA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
RaiseException

user32

TrackPopupMenu
TrackMouseEvent
DestroyIcon
SetWindowLongA
LoadCursorA
DefMDIChildProcA
ReleaseCapture
SetCapture
DefWindowProcA
DestroyWindow
GetClientRect
GetAsyncKeyState
GetMessageA
GetFocus
IsChild
GetParent
SendMessageA
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
IsWindow
LoadIconA
FindWindowA
SetTimer
GetWindowThreadProcessId
KillTimer
PostQuitMessage
CreateWindowExA
ShowWindow
BeginPaint
SystemParametersInfoA
GetCursorPos
PtInRect
GetWindow
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
CreateDialogIndirectParamA
EndDialog
GetDlgCtrlID
SendDlgItemMessageA
GetWindowPlacement
GetForegroundWindow
GetMessagePos
GetMessageTime
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
PeekMessageA
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
CallWindowProcA
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
ReleaseDC
GetDC
RegisterClassExA
SetActiveWindow
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
IsWindowVisible
SetParent
PostMessageA
SetWindowPos
MoveWindow
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
GetWindowRect
SetFocus
GetClassNameA
GetDlgItem
GetWindowLongA
DestroyCursor
EndPaint
SetCursor

gdi32

SetBkMode
SetBkColor
SetTextColor
CreatePatternBrush
CreateSolidBrush
StretchBlt
SetStretchBltMode
CreateRoundRectRgn
CombineRgn
ExtCreateRegion
BitBlt
SelectObject
DeleteDC
CreateDIBSection
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject
GetDeviceCaps
CreateBitmap
SaveDC
RestoreDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

shell32

DragQueryFileA
DragAcceptFiles
Shell_NotifyIconA
DragFinish

ole32

OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

atl

ord42
ord47

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
VarR8FromCy
VarR8FromBool
SafeArrayCreate

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c08cd11d2e3a7eb165995b072f7df9e7

Headers

File Characteristics

Imports

shlwapi

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

atl

oledlg

oleaut32

winspool.drv

comctl32

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 24KB - Virtual size: 133KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 24KB - Virtual size: 133KB

.rsrc
Size: 12KB - Virtual size: 8KB