blackmoon | cecb0732c52040f5b3e7c928911856e27729ef6dfba2aaa4330f8729142189e0

Sharing

Copy URL

Twitter E-mail

General

Target

cecb0732c52040f5b3e7c928911856e27729ef6dfba2aaa4330f8729142189e0
Size

736KB
MD5

2a379ac1a65a9ca1153ec00a88ae5882
SHA1

cef33943cd3be1f1bc795faba7027d9a0fee0ed9
SHA256

cecb0732c52040f5b3e7c928911856e27729ef6dfba2aaa4330f8729142189e0
SHA512

dfcc891560b339a10ac189aeaeacf92e2304728d67eea27411b2ee0ae8e6af1f7a194766238afa8b04537f831baac7354771f141a2c878f9e92e287e143145f3
SSDEEP

12288:1oOQsWr7hnaKhoqzkwk7tbl1EBC3YNHJv2G8A//glm:1oOQsWrta+oWW7tbDEBC+v2U/S

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
cecb0732c52040f5b3e7c928911856e27729ef6dfba2aaa4330f8729142189e0

Files

cecb0732c52040f5b3e7c928911856e27729ef6dfba2aaa4330f8729142189e0
.dll windows x86

78ca13856facd193b79dce4a851299ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
FreeLibrary
GetCommandLineA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
SetFilePointer
GetFileSize
ReadFile
GetModuleFileNameA
GetTickCount
IsBadReadPtr
HeapReAlloc
ExitProcess
lstrcmpA
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
lstrcmpW
RtlZeroMemory
Module32Next
Module32First
HeapFree
HeapCreate
WriteFile
CreateFileA
LoadLibraryA
VirtualFree
VirtualAlloc
RtlFillMemory
HeapAlloc
GetProcessHeap
lstrlenA
IsBadStringPtrA
lstrlenW
lstrcpyn
lstrcpyA
RtlMoveMemory
GetCurrentDirectoryA
GetLocalTime
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
DuplicateHandle
GetProcessHandleCount
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
CreateProcessA
WideCharToMultiByte
MultiByteToWideChar
VirtualQueryEx
GetCurrentProcess
lstrcpynA
CloseHandle
SetWaitableTimer
CreateWaitableTimerA
InterlockedExchange
InterlockedCompareExchange
GetSystemInfo
VirtualQuery
VirtualProtect
SetStdHandle
IsBadCodePtr
Sleep
GetStringTypeW
GetStringTypeA
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
GlobalDeleteAtom
LocalAlloc
LocalFree
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatA
GetVersion
MulDiv
GlobalFlags
WritePrivateProfileStringA
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
FlushFileBuffers
GetStringTypeExA
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
TerminateProcess
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType

user32

LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnhookWindowsHookEx
UnregisterClassA
PtInRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetMenuItemCount
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
GetMenuState
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
GetWindowLongA
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
SetForegroundWindow
MsgWaitForMultipleObjects
GetInputState
SetPropA
GetWindowThreadProcessId
EnumWindows
GetWindowTextLengthA
GetWindowTextA
GetClassNameA
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
ReleaseDC
GetWindowRect
GetDesktopWindow
GetDC
SetActiveWindow
GetActiveWindow
IsWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow

gdi32

ScaleWindowExtEx
GetClipBox
SetWindowExtEx
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetBkColor
RestoreDC
SaveDC
CreateBitmap
Escape
DeleteObject
DeleteDC
GetDIBits
GetObjectA
StretchBlt
SetStretchBltMode

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA

shlwapi

PathFindFileNameA
PathFindExtensionA
PathRemoveBlanksA
StrToIntW
StrToIntExW
PathIsDirectoryA
PathFileExistsA

ws2_32

WSAAsyncSelect
ntohs
getsockname
recv
select
inet_ntoa
gethostbyname
send
connect
htons
inet_addr
socket
WSAStartup
closesocket
WSACleanup

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ole32

OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

wininet

InternetSetOptionA
HttpOpenRequestA
InternetCloseHandle
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetConnectA
InternetOpenA

dbghelp

MakeSureDirectoryPathExists

oledlg

ord8

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

shell32

SHGetSpecialFolderPathA

Exports

Exports

VX_AccepteTransfer
VX_AgreeFriendVerify
VX_AgreeGroupInvite
VX_AgreeGroupInviteByte
VX_BuildingGroup
VX_CloseMoodConnect
VX_DecryptImage
VX_DecryptImageByte
VX_DeleteFriend
VX_Destroy
VX_Exec
VX_ExecByte
VX_FormatJson
VX_Forward
VX_GetAllGroupMemberCount
VX_GetAllGroupMemberCountByte
VX_GetContact
VX_GetContactByte
VX_GetDetailInfoByWxid
VX_GetDetailInfoByWxidByte
VX_GetGroupMember
VX_GetGroupMemberByte
VX_GetGroupMemberDetailInfo
VX_GetGroupMemberDetailInfoByte
VX_GetHeadimgByWxid
VX_GetHeadimgByWxidByte
VX_GetLastError
VX_GetLastErrorByte
VX_GetLocalVX
VX_GetMsgReceiveTime
VX_GetNameByWxid
VX_GetNameByWxidByte
VX_GetUpate
VX_Init
VX_InviteInGroup
VX_InviteInGroupByLink
VX_Login
VX_LoginByStorage
VX_LoginQrcode
VX_ModifyFriendNote
VX_ModifyGroupName
VX_ModifyGroupNotice
VX_MoveOutContract
VX_OffAutoSaveMediaFile
VX_OffHistoryMsg
VX_OffNotDisturb
VX_OffTopContact
VX_OnAutoSaveMediaFile
VX_OnHistoryMsg
VX_OnNotDisturb
VX_OnTopContact
VX_QuitGroup
VX_RefreshContact
VX_RefreshLoginQRcode
VX_RemoveGroupMember
VX_RevokeMsg
VX_SaveToContract
VX_ScanIntoGroupByte
VX_SearchAccount
VX_SendCardMsg
VX_SendCollectedMsg
VX_SendEmojiMsg
VX_SendFileMsg
VX_SendGroupMsgAndAt
VX_SendGroupMsgAndAtByByteHex
VX_SendImageMsg
VX_SendLinkMsg
VX_SendMessageRecord
VX_SendMiniProgram
VX_SendTextMsg
VX_SendTextMsgByByteHex
VX_SendVideoMsg
VX_SendXmlMsg
VX_SetCacheDirectory
VX_SetCallBackMsgOutType
VX_SetChatStartupDirectory
VX_SetCurrentDirectory
VX_SetMoodPath
VX_SetMsgReceiveTime
VX_SetOutCharset
VX_SetReconnectFlag
VX_WxidToChatNum
VX_WxidToChatNumByte

Sections

.text
Size: 604KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78ca13856facd193b79dce4a851299ee

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

ws2_32

version

ole32

wininet

dbghelp

oledlg

winspool.drv

comctl32

shell32

Exports

Exports

Sections

.text Size: 604KB - Virtual size: 602KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 52KB - Virtual size: 185KB

.rsrc Size: 4KB - Virtual size: 664B

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 604KB - Virtual size: 602KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 52KB - Virtual size: 185KB

.rsrc
Size: 4KB - Virtual size: 664B

.reloc
Size: 36KB - Virtual size: 35KB