blackmoon | 4ddc01b122a8f380425aef714fa75aa56a1cbb965452d5a308fb47bdf02d395f

Sharing

Copy URL

Twitter E-mail

General

Target

4ddc01b122a8f380425aef714fa75aa56a1cbb965452d5a308fb47bdf02d395f
Size

1.2MB
MD5

8ded0a8b1e5af185aea61ec821c68814
SHA1

e02daa278457d8e44db8b5064645fb700ec8758e
SHA256

4ddc01b122a8f380425aef714fa75aa56a1cbb965452d5a308fb47bdf02d395f
SHA512

8a4c18c2d87fcdbf3c43d425bb2b6bc671e0c8eaeced689b30fb8323fc6f12e884b09345dcfbcf119bf6d31b0e7b9d80acd5924c58a14e1d79d7b5f3d93e8a9f
SSDEEP

24576:e57tlWr1z74/kYkQkl91IpHmsryfTFuKiUR5Z3F1q2:emH4csGsSZj3F7

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Files

4ddc01b122a8f380425aef714fa75aa56a1cbb965452d5a308fb47bdf02d395f
.exe windows x86

4ecdeca6291fe0f1cd8e2d6ed3850e90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetCommandLineA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
SetFileAttributesA
LCMapStringA
GetStdHandle
WriteFile
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLocalTime
FindClose
FindFirstFileA
FindNextFileA
DeleteFileA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetLastError
Sleep
GetModuleHandleA
CreateThread
WideCharToMultiByte
lstrlenW
GetTickCount
CloseHandle
IsDebuggerPresent
CreateEventA
OpenEventA
CreateMutexA
SetWaitableTimer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetCurrentProcess
MultiByteToWideChar
MulDiv
lstrcatA
lstrcpyA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
LocalAlloc
LocalFree
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
GlobalFlags
InterlockedDecrement
InterlockedIncrement
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
SetErrorMode
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP
RtlUnwind
TerminateProcess
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
CreateWaitableTimerA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetCurrentProcessId
VirtualFree
VirtualAlloc
Process32Next
Process32First
CreateFileA
GetDiskFreeSpaceExA
GlobalMemoryStatusEx
Module32Next
CreateToolhelp32Snapshot
GetFileAttributesA
VirtualProtect

user32

ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
PtInRect
GetDlgCtrlID
GetWindow
ClientToScreen
UnhookWindowsHookEx
GetMenuItemCount
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
SetMenuItemBitmaps
GetTopWindow
EnableMenuItem
CopyRect
GetClientRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
UnregisterHotKey
SetCapture
ReleaseCapture
RegisterHotKey
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
SetCursor
PeekMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetWindowTextA
LoadBitmapA
GetSysColor
GetDC
CreateWindowExA
CallWindowProcA
SetForegroundWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
EnableWindow
GetCapture
CheckMenuItem
GetClassNameA
GetWindowThreadProcessId
CreateWindowStationA
FindWindowExA
GetParent
GetWindowTextLengthW
GetWindowTextW
GetWindowInfo
SetLayeredWindowAttributes
GetCursorPos
GetAsyncKeyState
SendInput
MessageBoxA
wsprintfA
GetWindowTextLengthA
GetWindowLongA
SetWindowPos
ScreenToClient
GetWindowRect
SetWindowLongA
ShowWindow
PostMessageA
GetSystemMetrics
OpenClipboard
EmptyClipboard
CloseClipboard
CreateDialogIndirectParamA
UpdateWindow
GetMessageA
SendMessageA
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
UnregisterClassA

advapi32

RegEnumKeyA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA

shell32

ShellExecuteA
DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderPathA

gdi32

SelectObject
SetBkColor
RestoreDC
SetTextColor
SetMapMode
SaveDC
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
GetStockObject
GetObjectA
ScaleWindowExtEx
GetClipBox
DeleteDC
CreateBitmap
TranslateCharsetInfo
GetDeviceCaps
DeleteObject
CreateFontA
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

ws2_32

recv
getsockname
ntohs
htons
send
WSACleanup
socket
closesocket
gethostbyname
connect
select
inet_addr
WSAAsyncSelect
WSAStartup

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

shlwapi

PathFileExistsA

comctl32

ord17
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Add
ImageList_EndDrag

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 812KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ecdeca6291fe0f1cd8e2d6ed3850e90

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

gdi32

ws2_32

winspool.drv

shlwapi

comctl32

Sections

.text Size: 384KB - Virtual size: 383KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 812KB - Virtual size: 912KB

.rsrc Size: 4KB - Virtual size: 596B

.text
Size: 384KB - Virtual size: 383KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 812KB - Virtual size: 912KB

.rsrc
Size: 4KB - Virtual size: 596B