blackmoon | 6e25c3466e07948547b326316ace7679c1b1a77cca44f8034e54c82576a7acbb

Sharing

Copy URL

Twitter E-mail

General

Target

6e25c3466e07948547b326316ace7679c1b1a77cca44f8034e54c82576a7acbb
Size

896KB
MD5

b068a82cca417765c8b77a8ad6802759
SHA1

798aabc0775a2ba201225ec59bf54e6eca027972
SHA256

6e25c3466e07948547b326316ace7679c1b1a77cca44f8034e54c82576a7acbb
SHA512

bf11ddc94f600437050bbbf8ebc2cc41e9b501014cf5bcfe225d738c7df68538e1326d8dce9b961a9ba854a31557e8719d29955ad24152fb0d4ca042f1c071e1
SSDEEP

24576:L3HRNKyqmHVqWQQqzkUh0zgw7ELtBATumpdbIH:bH3+AfpdK

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Files

6e25c3466e07948547b326316ace7679c1b1a77cca44f8034e54c82576a7acbb
.dll windows x86

12a25b79a67ebbdfc2fb2d544837d295

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
FreeLibrary
GetCommandLineA
GetCurrentDirectoryA
GetDiskFreeSpaceA
MulDiv
WriteFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetLocalTime
GetUserDefaultLCID
DeleteFileA
GetFileSize
ReadFile
GetModuleFileNameA
Sleep
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetTempPathA
GetVersionExA
VirtualProtectEx
LoadLibraryA
VirtualProtect
FlushInstructionCache
VirtualFree
lstrcpynA
CreateFileA
GetThreadTimes
OpenThread
RtlZeroMemory
lstrlenA
WriteProcessMemory
SetHandleInformation
GlobalSize
lstrcpyn
GlobalUnlock
GlobalLock
VirtualQueryEx
GetCurrentProcess
QueryDosDeviceA
GetLogicalDriveStringsA
DebugActiveProcessStop
ContinueDebugEvent
WaitForDebugEvent
DebugActiveProcess
CreateRemoteThread
VirtualFreeEx
GetSystemDirectoryA
GetTempFileNameA
VirtualAllocEx
CopyFileA
ReadProcessMemory
OpenProcess
WideCharToMultiByte
LocalSize
lstrlenW
LocalFree
LocalAlloc
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetLastError
LeaveCriticalSection
EnterCriticalSection
CreateThread
DeleteCriticalSection
Process32Next
Process32First
SetFilePointer
TerminateProcess
GlobalMemoryStatus
GetWindowsDirectoryA
lstrcpyA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
GetVersion
SetSystemPowerState
GlobalReAlloc
UnmapViewOfFile
MapViewOfFile
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
SetEndOfFile
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GlobalHandle
TlsFree
LocalReAlloc
SetErrorMode
GlobalFlags
WritePrivateProfileStringA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
InterlockedExchange
InitializeCriticalSection
HeapCreate
CreateIoCompletionPort
GetTickCount
ExitThread
GetCurrentThread
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
GlobalAlloc
lstrcmpiA
ExitProcess
VirtualAlloc
TlsSetValue
TlsGetValue
TlsAlloc
IsBadReadPtr
IsBadCodePtr
RtlMoveMemory
Module32Next
Module32First
CreateToolhelp32Snapshot
VirtualQuery
SetEnvironmentVariableA
GetEnvironmentVariableA
GetCurrentProcessId
GlobalFree
CloseHandle
TerminateThread
MultiByteToWideChar

shlwapi

PathFileExistsA
PathFindFileNameA

ws2_32

WSASocketA
closesocket
connect
inet_addr
htons
send
getsockname
recvfrom
htonl
ntohs
getpeername
WSACleanup
WSARecv
inet_ntoa
WSASend
gethostbyname
WSAStartup
gethostname
socket
sendto
listen
bind
accept
__WSAFDIsSet
select
recv

user32

GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
BeginPaint
EndPaint
UnhookWindowsHookEx
DestroyWindow
CreateDialogIndirectParamA
EndDialog
SendDlgItemMessageA
IsDialogMessageA
SetWindowTextA
GetDlgCtrlID
MoveWindow
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
GetMessagePos
GetMessageTime
RemovePropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
WinHelpA
GetCapture
GetTopWindow
PostQuitMessage
DefWindowProcA
CallNextHookEx
UnregisterClassA
GetSysColorBrush
LoadStringA
DestroyMenu
PostMessageA
CopyRect
SetRect
GetClientRect
InvalidateRect
ExitWindowsEx
SetForegroundWindow
SetActiveWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
EnableWindow
GetParent
PtInRect
GetWindowLongA
GetWindowTextA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
FindWindowA
IsWindow
SendMessageA
GetWindowRect
ValidateRect
SetWindowsHookExA
GetLastActivePopup
wvsprintfA
MessageBoxA
GetDesktopWindow
GetWindow
GetWindowThreadProcessId
GetClassNameA
GetWindowTextLengthW
IsWindowVisible
WaitForInputIdle
MsgWaitForMultipleObjects
PostThreadMessageA
GrayStringA
DrawTextA
TabbedTextOutA
SetCursor
LoadIconA
WindowFromDC
SetPropA
GetPropA
CallWindowProcA
GetSysColor
AdjustWindowRectEx
GetClassInfoA
GetCursorInfo
GetIconInfo
MapWindowPoints
LoadCursorA
GetDC
DrawIcon
ReleaseDC
CreateWindowStationA
CloseWindowStation
EnumWindows
RegisterWindowMessageA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetSystemMetrics

gdi32

SetBkMode
SetBkColor
CreateBitmap
CreatePalette
CreateDIBitmap
GetNearestPaletteIndex
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBrushIndirect
CreatePenIndirect
RestoreDC
SaveDC
SetWindowOrgEx
CreateFontIndirectA
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetStockObject
GetObjectA
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
GdiFlush
CreateDIBSection
Rectangle
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
LineTo
MoveToEx

advapi32

RegSetValueExA
RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA

ole32

OleIsCurrentClipboard
OleUninitialize
OleFlushClipboard
CoRevokeClassObject
OleInitialize
CLSIDFromProgID
CoRegisterMessageFilter
CoFreeUnusedLibraries
CLSIDFromString
CreateStreamOnHGlobal
GetHGlobalFromStream
CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
OleRun

wsock32

ord1141

gdiplus

GdiplusShutdown
GdiplusStartup
GdipDisposeImage
GdipCreateBitmapFromStream
GdipSaveImageToStream

psapi

GetModuleFileNameExA

oleaut32

VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
SysFreeString

oledlg

ord8

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

shell32

SHGetSpecialFolderPathA

comctl32

_TrackMouseEvent
ord17

Exports

Exports

_��ӳ��
c_hook_start
info

Sections

.text
Size: 548KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12a25b79a67ebbdfc2fb2d544837d295

Headers

File Characteristics

Imports

kernel32

shlwapi

ws2_32

user32

gdi32

advapi32

ole32

wsock32

gdiplus

psapi

oleaut32

oledlg

winspool.drv

shell32

comctl32

Exports

Exports

Sections

.text Size: 548KB - Virtual size: 547KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 252KB - Virtual size: 455KB

.rsrc Size: 4KB - Virtual size: 352B

.reloc Size: 52KB - Virtual size: 50KB

.text
Size: 548KB - Virtual size: 547KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 252KB - Virtual size: 455KB

.rsrc
Size: 4KB - Virtual size: 352B

.reloc
Size: 52KB - Virtual size: 50KB