blackmoon | 58c574765270d4bc1cd755678397c43a25ff30e19997db65c0527bf8e8ef2d01

Sharing

Copy URL Twitter E-mail

General

Target

58c574765270d4bc1cd755678397c43a25ff30e19997db65c0527bf8e8ef2d01
Size

2.0MB
MD5

4f7e18b33a6c3233c62689a326df924d
SHA1

adcbf9f409fcd1b462a27fb54061bd27a1cbc847
SHA256

58c574765270d4bc1cd755678397c43a25ff30e19997db65c0527bf8e8ef2d01
SHA512

99a11162eda2777d7741a57188c7615ea0cf365593c98ac7b7333bf061c1b187961e8c7a877127d65cc1c4d8c3851e2a817e4f11deaab9312b74c4d429652664
SSDEEP

24576:b6VExBisYBdHdO8T5WVqx7oyUk4/vM1UDvAZSQYthKBSXPth59ZsSAIQxWRV+RrM:bfBTYTHdO8dWVqSyUk4sMjthKBmlh5D

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58c574765270d4bc1cd755678397c43a25ff30e19997db65c0527bf8e8ef2d01

Files

58c574765270d4bc1cd755678397c43a25ff30e19997db65c0527bf8e8ef2d01
.exe windows x86

f1ea3b63dc8eb0b42b21d5069924deab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
DeleteFileA
SetFileAttributesA
WriteFile
GetFileSize
ReadFile
FormatMessageA
GetUserDefaultLCID
GetLocalTime
GetTickCount
GetPrivateProfileStringA
GetModuleFileNameA
IsBadReadPtr
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
DeviceIoControl
CreateFileA
LocalSize
GlobalSize
RtlMoveMemory
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetNativeSystemInfo
GetProcessHeap
SuspendThread
ResumeThread
DeleteCriticalSection
TerminateThread
GetExitCodeThread
LeaveCriticalSection
EnterCriticalSection
lstrlenA
lstrlenW
lstrcpyn
LocalFree
LocalAlloc
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
CreateThread
GetModuleHandleW
CloseHandle
SetWaitableTimer
CreateWaitableTimerW
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
HeapFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
TerminateProcess
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
GetCurrentProcess
SetErrorMode
GetProcessVersion
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
SetLastError
lstrcpyA
lstrcatA
WritePrivateProfileStringA
GlobalFlags
MulDiv
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
VirtualFree
VirtualAlloc
InitializeCriticalSection

user32

IsZoomed
IsIconic
GetPropA
LoadCursorFromFileW
SetTimer
PtInRect
ReleaseDC
SetCaretPos
GetCursorPos
GetWindowRect
UpdateLayeredWindow
TrackMouseEvent
SetActiveWindow
BeginPaint
EndPaint
SetCapture
GetFocus
SetFocus
SetWindowLongW
SetWindowPos
SetPropA
GetClassLongW
GetParent
SetWindowRgn
MoveWindow
GetSystemMetrics
RemovePropA
PostMessageW
MessageBoxA
wsprintfA
DispatchMessageA
GetMessageA
PeekMessageA
InvalidateRect
IntersectRect
GetAsyncKeyState
KillTimer
SendMessageA
SetCursor
LookupIconIdFromDirectoryEx
EndDialog
CreateDialogIndirectParamA
DestroyMenu
PostThreadMessageA
UnregisterClassA
LoadCursorW
GetWindowTextW
PostMessageA
IsWindowVisible
SetForegroundWindow
ReleaseCapture
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsWindow
GetClassNameW
SystemParametersInfoA
SendMessageW
CreateWindowExW
DefWindowProcW
RegisterClassExW
MsgWaitForMultipleObjects
CopyImage
CreateIconFromResourceEx
CallWindowProcW
PostQuitMessage
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
GetClassNameA
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
GetDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetStockObject
GetObjectA
GetDIBits
CreateRectRgn
CreateRoundRectRgn
GetDeviceCaps
DeleteObject
SelectObject
CreateDIBSection
BitBlt
SetTextColor
ScaleWindowExtEx
GetClipBox
SetWindowExtEx
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateCompatibleDC
DeleteDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

ole32

CLSIDFromProgID
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CLSIDFromString
StringFromGUID2
OleRun
CoCreateInstance

oleaut32

RegisterTypeLi
VariantTimeToSystemTime
SafeArrayDestroy
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantClear
SysAllocString
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
SystemTimeToVariantTime
VariantCopy
OleLoadPicture

advapi32

RegCloseKey
RegOpenKeyExA
DeleteService
ControlService
StartServiceA
CloseServiceHandle
OpenServiceA
CreateServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyExA

gdiplus

GdipCreateFromHDC
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGraphicsClear
GdipDrawImageRectRect
GdipGetImagePixelFormat
GdipCloneBitmapArea
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageRect
GdipCreateStringFormat
GdipSetStringFormatHotkeyPrefix
GdipDeleteStringFormat
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipDeleteBrush
GdipMeasureString
GdipSetClipRegion
GdipCreateSolidFill
GdipDrawString
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetClipRect
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipGetStringFormatAlign
GdipGetStringFormatTrimming
GdipGetStringFormatFlags
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipLoadImageFromStream
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSetStringFormatMeasurableCharacterRanges
GdipCreateRegion
GdipMeasureCharacterRanges
GdipGetRegionBounds
GdipDeleteRegion
GdipCreateRegionHrgn
GdipDrawPath
GdipCreateImageAttributes
GdiplusStartup
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDrawRectangle
GdipDeletePen
GdipSetPenDashStyle
GdipResetClip
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipSetStringFormatAlign
GdipDeleteGraphics
GdipCreateHBITMAPFromBitmap
GdipGetCompositingQuality
GdipGetFontStyle
GdipGetFontSize
GdipGetFontHeight
GdipCreatePathGradientFromPath
GdipDrawPolygon
GdipFillPolygon
GdipCreatePen2
GdipDeletePath
GdipCreatePath
GdipAddPathArc
GdipClosePathFigure
GdipFillPath
GdipCreateLineBrush
GdipGetFamilyName

winhttp

WinHttpCheckPlatform
WinHttpOpen
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpConnect

imm32

ImmAssociateContext
ImmGetContext

shell32

ShellExecuteA
Shell_NotifyIconW

oledlg

ord8

shlwapi

PathFileExistsA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 360KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1ea3b63dc8eb0b42b21d5069924deab

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

advapi32

gdiplus

winhttp

imm32

shell32

oledlg

shlwapi

winspool.drv

comctl32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 360KB - Virtual size: 433KB

.rsrc Size: 4KB - Virtual size: 620B

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 360KB - Virtual size: 433KB

.rsrc
Size: 4KB - Virtual size: 620B