blackmoon | 7eeff3e4441260104fe2aa14e9f8c9da21aa46e5d1f58d17341ff551ebd91080

Sharing

Copy URL

Twitter E-mail

General

Target

7eeff3e4441260104fe2aa14e9f8c9da21aa46e5d1f58d17341ff551ebd91080
Size

2.0MB
MD5

59b8875f57a36e84fe6188d0f9909623
SHA1

8ab4440690ffbf6ab0923a23fe5cb3b9757ff47f
SHA256

7eeff3e4441260104fe2aa14e9f8c9da21aa46e5d1f58d17341ff551ebd91080
SHA512

fa16dc7dc900ca12cf9a475b491533ce875593be16b9f6a23d654afcb4976e3f0519ba2bcdacac3f2b0a3465760a54046a494220b20279970bd1a68f088b1bfd
SSDEEP

49152:LXPCqrporFlfSRnTdZF03Da+VFXbSbv4:zPndMiTvF03Da+VFXb3

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
7eeff3e4441260104fe2aa14e9f8c9da21aa46e5d1f58d17341ff551ebd91080

Files

7eeff3e4441260104fe2aa14e9f8c9da21aa46e5d1f58d17341ff551ebd91080
.dll windows x86

f4aef97d72361872554501c84a82c662

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
lstrcpyn
DeviceIoControl
ExitProcess
HeapReAlloc
IsBadReadPtr
GetModuleFileNameA
GetLocalTime
GetTickCount
SetFileAttributesA
CopyFileA
DeleteFileA
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
CreateFileA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
LCMapStringA
SetFilePointer
ReadFile
HeapFree
GetUserDefaultLCID
GetCommandLineA
LoadLibraryA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetProcessHeap
RtlMoveMemory
LocalFree
LocalAlloc
GetCurrentProcess
TerminateProcess
GetProcAddress
Sleep
GetModuleHandleA
GetCurrentProcessId
WideCharToMultiByte
GetTempPathW
lstrlenW
lstrcatA
MultiByteToWideChar
CreateThread
VirtualProtect
MoveFileA
CreateDirectoryA
Process32Next
Process32First
CreateToolhelp32Snapshot
IsBadCodePtr
SetUnhandledExceptionFilter
FlushFileBuffers
SetStdHandle
CloseHandle
OpenProcess
GetFileSize
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
RaiseException
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
FreeLibrary
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetVersion
lstrcpyA
MulDiv
GetLastError
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA

user32

SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
UpdateWindow
FindWindowA
GetWindowThreadProcessId
GetInputState
MoveWindow
GetWindowInfo
MessageBoxA
wsprintfA
DispatchMessageA
ShowWindow
TranslateMessage
GetMessageA
PeekMessageA
UnregisterHotKey
SetCapture
SendMessageA
GetSystemMetrics
ScreenToClient
CallWindowProcA
CreateWindowExA
GetCursorPos
GetDC
GetSysColor
LoadBitmapA
RegisterHotKey
ReleaseCapture

advapi32

RegQueryValueExA
OpenProcessToken
RegOpenKeyA
RegCloseKey
GetTokenInformation

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
DragAcceptFiles
DragFinish
DragQueryFileA

ole32

CLSIDFromString
IIDFromString
CLSIDFromProgID
OleRun
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitialize
CoUninitialize

gdi32

TranslateCharsetInfo
CreateFontA
DeleteObject
GetDeviceCaps

iphlpapi

SendARP

shlwapi

PathFileExistsA
PathIsDirectoryW

ws2_32

gethostname
WSACleanup
inet_addr
WSAStartup

wininet

InternetSetOptionA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayGetDim
SysFreeString
SysAllocString
SafeArrayGetElemsize
SafeArrayUnaccessData
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
VariantChangeType
VariantInit
SafeArrayDestroy
VariantCopy
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData

psapi

GetModuleFileNameExA

comctl32

ord17
ImageList_Add
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock

Exports

Exports

_��ӳ��

Sections

.text
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4aef97d72361872554501c84a82c662

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

gdi32

iphlpapi

shlwapi

ws2_32

wininet

oleaut32

psapi

comctl32

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 236KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 1.7MB - Virtual size: 1.8MB

.rsrc Size: 4KB - Virtual size: 700B

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 240KB - Virtual size: 236KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 1.7MB - Virtual size: 1.8MB

.rsrc
Size: 4KB - Virtual size: 700B

.reloc
Size: 16KB - Virtual size: 15KB