blackmoon | 96447cf0b0bfadc701a8bd1f0769a4a15a27e764ab98eb29fc6d3ec266d61a15

Sharing

Copy URL

Twitter E-mail

General

Target

96447cf0b0bfadc701a8bd1f0769a4a15a27e764ab98eb29fc6d3ec266d61a15
Size

1.0MB
MD5

8657027bf0a394fe95a8ca6afb5e690b
SHA1

48873f5b6e30ac12d63ce49bb9737d653f770ae4
SHA256

96447cf0b0bfadc701a8bd1f0769a4a15a27e764ab98eb29fc6d3ec266d61a15
SHA512

31153c0ac4a2f2d0fb67d50406d2796a4a6f638fa8feaf6427eee303b1d4dfd5915873b00220b3c6bc86d20247c27b2e614d3c2edd7cea8991c90c08001f9669
SSDEEP

24576:iyeLi4j7G8f/pHPZdFajjVdVojzpTPDo:irL5G4KVdVojlT0

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
96447cf0b0bfadc701a8bd1f0769a4a15a27e764ab98eb29fc6d3ec266d61a15

Files

96447cf0b0bfadc701a8bd1f0769a4a15a27e764ab98eb29fc6d3ec266d61a15
.exe windows x86

5dd1e46f48c136c37930418d82aa071f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
FreeLibrary
GetCommandLineA
GetTickCount
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
SetFilePointer
CreateDirectoryA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
SetCurrentDirectoryA
DeleteFileA
GetUserDefaultLCID
GetFileSize
ReadFile
CreateFileA
WriteFile
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
LoadLibraryA
GetModuleHandleA
FlushInstructionCache
GetCurrentProcess
GetProcAddress
Sleep
WideCharToMultiByte
lstrcpynA
lstrcpyn
lstrlenA
CloseHandle
CreateThread
GlobalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
GetACP
GetLocalTime
GetSystemTime
RaiseException
TerminateProcess
RtlUnwind
GetOEMCP
GetCPInfo
SetErrorMode
GetProcessVersion
FindResourceA
LoadResource
LockResource
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcatA
WritePrivateProfileStringA
GlobalFlags
MulDiv
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
FlushFileBuffers
DeleteCriticalSection
LocalAlloc
lstrcpyA
GetLastError
LocalFree
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
SetLastError
GetTimeZoneInformation
GlobalUnlock
GlobalLock
GlobalAlloc
RtlMoveMemory
MultiByteToWideChar
GetModuleHandleW
VirtualFree
VirtualAlloc

user32

ShowWindow
PostMessageA
OpenIcon
IsWindow
GetWindowRect
SetPropW
MoveWindow
MessageBeep
SetForegroundWindow
SystemParametersInfoA
CreateWindowExW
SendMessageW
UpdateWindow
GetClassLongA
GetPropW
SetWindowPos
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
RemovePropW
LoadIconW
RegisterClassExW
DefWindowProcW
PostQuitMessage
SendMessageA
CreateIconFromResource
CallWindowProcA
SetTimer
KillTimer
GetWindowInfo
EnumWindows
GetWindowThreadProcessId
GetWindowTextA
GetClassNameA
LoadCursorW
UpdateLayeredWindow
ReleaseCapture
CallWindowProcW
SetCursor
BeginPaint
EndPaint
ReleaseDC
GetWindowLongW
SetWindowLongW
TrackMouseEvent
DestroyWindow
IsZoomed
SetCapture
GetFocus
SetFocus
GetDC
GetWindowTextW
IsRectEmpty
SetWindowRgn
RedrawWindow
GetIconInfo
wvsprintfA
GetKeyState
DestroyIcon
GetCursorPos
GetParent
CreateCaret
DestroyCaret
SetCaretPos
IsIconic
MessageBoxA
wsprintfA
DispatchMessageA
GetMessageA
PeekMessageA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
EndDialog
CreateDialogIndirectParamA
DestroyMenu
PostThreadMessageA
UnregisterClassA
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
MapWindowPoints
GetSysColor
SetActiveWindow
AdjustWindowRectEx
GetClientRect
SetWindowTextA
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExA
IsWindowVisible
ValidateRect
CallNextHookEx
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
GetSystemMetrics
PtInRect
GetDlgCtrlID
GetWindow
ClientToScreen
UnhookWindowsHookEx
GetMenuItemCount
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect

gdi32

GetObjectW
DeleteDC
SelectObject
CreateDIBSection
GetDIBits
CreateRoundRectRgn
BitBlt
CreateBitmap
SaveDC
RestoreDC
GetTextExtentPoint32W
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
GetObjectA
GetStockObject
CreateCompatibleDC
GetClipBox
DeleteObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
ScaleWindowExtEx

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
CryptAcquireContextA
CryptCreateHash
RegOpenKeyA
RegQueryValueExA
RegCloseKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext

comctl32

ImageList_GetIcon
ord17
ImageList_GetIconSize

wininet

InternetGetCookieA
InternetSetCookieA
InternetGetConnectedState
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA

winmm

PlaySoundA

gdiplus

GdipFillPolygon
GdipDrawPolygon
GdipCombineRegionRect
GdipCreateMatrix
GdipGetRegionScansCount
GdipSetStringFormatAlign
GdipGetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipGetFontHeight
GdipImageSelectActiveFrame
GdipCreateBitmapFromHICON
GdipGetPropertyItem
GdipGetRegionScans
GdipDeleteMatrix
GdipCreateStringFormat
GdipGetStringFormatTrimming
GdipGetStringFormatHotkeyPrefix
GdipGetPropertyItemSize
GdipGetStringFormatFlags
GdipMeasureString
GdipDrawImageRectRect
GdipLoadImageFromStream
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImageRect
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipImageGetFrameCount
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipCreatePathGradientFromPath
GdipCreateRegionHrgn
GdipGetImagePixelFormat
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipDrawString
GdipBitmapGetPixel
GdipDeleteRegion
GdipGetRegionBounds
GdipMeasureCharacterRanges
GdipCreateRegion
GdipSetStringFormatMeasurableCharacterRanges
GdipDrawPath
GdipSetPenDashStyle
GdipDeletePen
GdipDrawRectangle
GdipFillRectangle
GdipCreateLineBrushFromRect
GdipCreateSolidFill
GdipDeleteBrush
GdipFillPath
GdipSetClipPath
GdipClosePathFigure
GdipAddPathArc
GdipCreatePath
GdipGraphicsClear
GdipCloneBitmapArea
GdipDeletePath
GdipGetFontStyle
GdipGetFontSize
GdipDeleteStringFormat
GdipResetClip
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipGetVisibleClipBounds
GdipSetClipRect
GdipSetClipRegion
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipGetFamilyName
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdiplusStartup
GdipGetImageHeight
GdipSetStringFormatHotkeyPrefix

ole32

CLSIDFromProgID
CoCreateInstance
OleRun
CLSIDFromString
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal

shell32

ShellExecuteA
Shell_NotifyIconA

shlwapi

PathFileExistsA
PathFindExtensionA

dbghelp

MakeSureDirectoryPathExists

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext
ImmAssociateContext

atl

ord47
ord42

oledlg

ord8

oleaut32

SafeArrayAllocData
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocDescriptor
VariantInit

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

rasapi32

RasHangUpA
RasGetConnectStatusA

wsock32

WSACleanup
closesocket
recv
send
WSAStartup
select

Sections

.text
Size: 600KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 336KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5dd1e46f48c136c37930418d82aa071f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

wininet

winmm

gdiplus

ole32

shell32

shlwapi

dbghelp

imm32

atl

oledlg

oleaut32

winspool.drv

rasapi32

wsock32

Sections

.text Size: 600KB - Virtual size: 597KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 336KB - Virtual size: 446KB

.rsrc Size: 92KB - Virtual size: 88KB

.text
Size: 600KB - Virtual size: 597KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 336KB - Virtual size: 446KB

.rsrc
Size: 92KB - Virtual size: 88KB