blackmoon | 5e34b52fb24804b7f2709926d57582f34f1d6b351284a15d52d0194635b2dc7e

Sharing

Copy URL

Twitter E-mail

General

Target

5e34b52fb24804b7f2709926d57582f34f1d6b351284a15d52d0194635b2dc7e
Size

1.2MB
MD5

7819aded07f95ebb40f51240514d6097
SHA1

3b0c674320f1e1e7401f8e49c0af22f10963a99f
SHA256

5e34b52fb24804b7f2709926d57582f34f1d6b351284a15d52d0194635b2dc7e
SHA512

c55ab9344ad0b6ee3c3ab6d5833ae1867b28efd97599b452d959a66543eb8e65b10ec1aa6377219a6d35c410643fb35084b9d77ef117c67c691dec1623c23e1f
SSDEEP

24576:EnXIlq0d3uCOle3bcSNR+Jr2zZ8zYzAKOorc+B2Cnoy2KFg:Et6dsMAKjcDWF

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5e34b52fb24804b7f2709926d57582f34f1d6b351284a15d52d0194635b2dc7e

Files

5e34b52fb24804b7f2709926d57582f34f1d6b351284a15d52d0194635b2dc7e
.exe windows x86

a87fc84c2f41ca6ee8937bf3c6d5da0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
FreeLibrary
GetCommandLineA
SetCurrentDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
RemoveDirectoryA
GetTempPathA
FindFirstFileA
FindNextFileA
SetFilePointer
GetEnvironmentVariableA
GetFileSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetStartupInfoA
GetFileAttributesA
GetTickCount
GetLocalTime
LCMapStringA
CreateFileA
WriteFile
CreateDirectoryA
SetFileAttributesA
GetModuleFileNameA
IsBadReadPtr
HeapReAlloc
ExitProcess
VirtualFree
GetProcAddress
LoadLibraryA
VirtualAlloc
MoveFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
HeapFree
HeapAlloc
GetProcessHeap
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessA
CreatePipe
GetCurrentThreadId
GetTempPathW
Module32First
GetSystemInfo
GetVersionExA
GetComputerNameA
GetQueuedCompletionStatus
CreateIoCompletionPort
WaitForSingleObject
TerminateThread
GetExitCodeThread
lstrcpynA
IsWow64Process
LocalSize
SetWaitableTimer
CreateWaitableTimerA
DeleteFileA
CreateDirectoryW
FindClose
FindNextFileW
DeleteFileW
lstrlenW
FindFirstFileW
CreateThread
GetCurrentProcessId
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
Process32Next
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
Process32First
lstrcpyn
GetFileAttributesW
QueryDosDeviceW
TerminateProcess
Process32NextW
Sleep
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
GetModuleHandleA
WideCharToMultiByte
RtlMoveMemory
SetLastError
GetNativeSystemInfo
CloseHandle
LocalFree
LocalAlloc
IsBadWritePtr
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
FlushFileBuffers
SetErrorMode
GetProcessVersion
FindResourceA
LoadResource
LockResource
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
InterlockedIncrement
lstrcpyA
lstrcatA
WritePrivateProfileStringA
InterlockedDecrement
GlobalFlags
OpenProcess
GetCurrentProcess
MulDiv
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
DeleteCriticalSection
lstrlenA
SetSystemPowerState
GetLastError
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
TlsAlloc
GlobalHandle
TlsFree

user32

GetWindowTextLengthW
GetWindowTextW
GetClassNameA
GetClientRect
PostMessageW
FindWindowExA
SendMessageA
GetWindowTextA
wsprintfA
EnableWindow
IsWindowEnabled
IsWindow
GetActiveWindow
SetForegroundWindow
ExitWindowsEx
PostQuitMessage
SetCursor
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
ClientToScreen
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
PtInRect
GetDlgCtrlID
SetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
GetWindowThreadProcessId
IsDialogMessageA
ShowWindow
GetWindowPlacement
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
MessageBoxA
PeekMessageA
SetClipboardData
GetWindowRect
EnumWindows
GetWindowInfo
MsgWaitForMultipleObjects
GetParent
IsWindowVisible
LoadBitmapA
MoveWindow
GetWindowLongA
SetWindowLongA
SetLayeredWindowAttributes
EnumChildWindows
SetWindowPos
RegisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
GetDesktopWindow
PostMessageA
GetMenu
GetSubMenu
GetMenuItemID
GetSystemMetrics
GetWindowTextLengthA
GetForegroundWindow
ReleaseDC
GetCursorInfo
GetIconInfo
DrawIcon
SetCursorPos
WindowFromPoint
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
PrintWindow
IsIconic
EnumDisplaySettingsA
DrawIconEx
FillRect
LoadImageA
SetFocus
GetWindow
SendMessageW
GetDC
CallWindowProcA
KillTimer
SetTimer
MapVirtualKeyA
SendInput
SetActiveWindow
AttachThreadInput
GetAncestor
GetFocus
GetCursorPos

advapi32

RegCreateKeyExA
OpenProcessToken
AllocateAndInitializeSid
GetTokenInformation
EqualSid
FreeSid
GetUserNameA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteA
SHChangeNotify
SHGetSpecialFolderPathW

ole32

OleUninitialize
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

gdiplus

GdiplusStartup

gdi32

CreateDIBSection
DeleteDC
SelectObject
DeleteObject
BitBlt
GdiFlush
GetObjectA
CreateCompatibleDC
CreateSolidBrush
GetPixel
SetPixelV
GetDIBits
SetDIBitsToDevice
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
GetStockObject
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape

ws2_32

send
closesocket
socket
WSACleanup
recv
gethostbyname
WSAStartup
setsockopt
connect
htons
inet_addr

psapi

GetModuleFileNameExA
GetProcessImageFileNameW

shlwapi

PathIsDirectoryW
PathMatchSpecA
PathFindExtensionA
PathFindFileNameA
PathFileExistsA

oleaut32

VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
OleLoadPicture
VariantChangeType
VariantCopy
SysAllocString
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comctl32

ord17

oledlg

ord8

Sections

.text
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 680KB - Virtual size: 777KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a87fc84c2f41ca6ee8937bf3c6d5da0f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

gdiplus

gdi32

ws2_32

psapi

shlwapi

oleaut32

winspool.drv

comctl32

oledlg

Sections

.text Size: 524KB - Virtual size: 521KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 680KB - Virtual size: 777KB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: 524KB - Virtual size: 521KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 680KB - Virtual size: 777KB

.rsrc
Size: 24KB - Virtual size: 20KB