blackmoon | 3c023fdeff122f7e586cb8667632a076ee43b63a128f1fa1771a2774e0be23c9

Sharing

Copy URL

Twitter E-mail

General

Target

3c023fdeff122f7e586cb8667632a076ee43b63a128f1fa1771a2774e0be23c9
Size

752KB
MD5

1a3420431507f9aa7c0a2710a5c6a81d
SHA1

dc00377b132db6ef43e9588edf41dc7f721de8c5
SHA256

3c023fdeff122f7e586cb8667632a076ee43b63a128f1fa1771a2774e0be23c9
SHA512

971dcf732acaffc2c3a7dd0300f2215ff713b2fc8a80275a5693bbbae5ade18980e3254199c7fdbe9dcf9704b59be6c1dd6108d1193529d22b94f5e4a1ec6501
SSDEEP

12288:+dEJummMYGAXFdmCDbCXd6mkCRVFhvaPruqq:+dEJummMYJFdmIbCXdDkKVFhvIry

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
3c023fdeff122f7e586cb8667632a076ee43b63a128f1fa1771a2774e0be23c9

Files

3c023fdeff122f7e586cb8667632a076ee43b63a128f1fa1771a2774e0be23c9
.exe windows x86

633c519874ed98b44926c1051d826743

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
GetCommandLineA
SetFilePointer
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetModuleFileNameA
CreateFileA
GetFileSize
ReadFile
CloseHandle
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
VirtualFree
UnhandledExceptionFilter
FileTimeToSystemTime
Sleep
GetTickCount
GetTimeZoneInformation
SetLastError
InterlockedIncrement
InterlockedDecrement
lstrlenA
GetLastError
VirtualAlloc
EnterCriticalSection
lstrcpyA
FreeLibrary
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GlobalUnlock
GlobalLock
FileTimeToLocalFileTime
DuplicateHandle
GetCurrentProcess
WriteFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetProcAddress
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
lstrcmpiA
GetFileAttributesA
GetFileTime
lstrcmpA
GetCurrentThreadId
TlsAlloc
GlobalFree
GlobalHandle
TlsFree
GlobalReAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStdHandle
SetHandleCount
LCMapStringW
TerminateProcess
GetFileType
SetStdHandle
HeapSize
GlobalAlloc
GetACP
GetLocalTime
RtlZeroMemory
lstrcmpiW
lstrcmpW
GetSystemInfo
lstrlenW
LocalSize
LocalAlloc
LocalFree
lstrcpynW
RtlMoveMemory
GetModuleHandleW
WideCharToMultiByte
lstrcpynA
MultiByteToWideChar
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue

user32

LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsWindow
IsDialogMessageW
GetClassNameA
PostQuitMessage
BeginPaint
EndPaint
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoW
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuStringW
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuW
GetMenuItemCount
AppendMenuW
DestroyMenu
LoadMenuW
GetSystemMenu
CreatePopupMenu
CreateMenu
CharLowerW
CharUpperW
RegisterClassExW
LoadCursorW
RegisterWindowMessageW
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongW
GetClassLongW
SetWindowRgn
CopyImage
DestroyCursor
RemovePropW
GetPropW
SetPropW
MessageBoxW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageW
SetWindowPos
MoveWindow
ScreenToClient
GetParent
UpdateWindow
ValidateRect
InvalidateRect
GetWindowRect
GetFocus
SetFocus
GetClassNameW
GetDlgItem
GetWindowLongW
CreateWindowExW
SetWindowLongW
DestroyIcon
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
CallWindowProcW
PtInRect
LoadCursorA
GetSysColorBrush
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
LoadIconA
MapWindowPoints
AdjustWindowRectEx
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessagePos
GetForegroundWindow
GetWindow
SetWindowLongA
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
GetLastActivePopup
GetWindowLongA
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
CopyRect
SendMessageA
GetKeyState
CallNextHookEx
SetWindowsHookExA
CharUpperA
GetWindowTextA
PostMessageA
SetWindowTextA
GetMessageTime
TrackMouseEvent
SetCursor
DefMDIChildProcW
SendMessageW
DefWindowProcW
DestroyWindow
GetClientRect
GetAsyncKeyState
GetMessageW

gdi32

CreateRoundRectRgn
CreatePatternBrush
CreateSolidBrush
StretchBlt
GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetStockObject
DeleteObject
SetBkColor
GetDeviceCaps
PtVisible
SetTextColor
TextOutA
ExtTextOutA
Escape
CreateBitmap
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
RectVisible

comdlg32

GetSaveFileNameW
GetFileTitleA
GetOpenFileNameW

shell32

DragQueryFileW
Shell_NotifyIconW
DragAcceptFiles
DragFinish
StrRStrIW
StrStrW
StrRStrW
StrStrIW

shlwapi

StrTrimW
PathAddBackslashW

winmm

PlaySoundA

rasapi32

RasDialA
RasHangUpA
RasEnumConnectionsA
RasEnumEntriesA
RasGetEntryDialParamsA
RasGetConnectStatusA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

wsock32

WSACleanup
WSAStartup
htons
ioctlsocket
gethostbyname
WSASetLastError
socket
setsockopt
gethostname
select
closesocket
recv
send
connect

wininet

FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetConnectA
InternetSetOptionA
InternetCloseHandle
FtpGetCurrentDirectoryA
FtpPutFileA
FtpGetFileA
InternetFindNextFileA
FtpFindFirstFileA
InternetOpenA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA

Sections

.text
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 292KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

633c519874ed98b44926c1051d826743

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

shlwapi

winmm

rasapi32

winspool.drv

comctl32

wsock32

wininet

Sections

.text Size: 252KB - Virtual size: 250KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 292KB - Virtual size: 345KB

.rsrc Size: 172KB - Virtual size: 172KB

.text
Size: 252KB - Virtual size: 250KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 292KB - Virtual size: 345KB

.rsrc
Size: 172KB - Virtual size: 172KB