blackmoon | 4ac511ccb039fed98ee0b3e54631a7e6e5241c4cc5fe90da7a5956057d1742c4

Sharing

Copy URL Twitter E-mail

General

Target

4ac511ccb039fed98ee0b3e54631a7e6e5241c4cc5fe90da7a5956057d1742c4
Size

572KB
MD5

d4e4524c6373d3d887d8130cf3d1ca57
SHA1

27ff0b3abadf0f07853f829babcb057353d80aac
SHA256

4ac511ccb039fed98ee0b3e54631a7e6e5241c4cc5fe90da7a5956057d1742c4
SHA512

a15b53751f39b5fb68a98e72cdcaca79bda64d13984769185dcc5ea2cc96e5236dc3e055c0528d3164df7ccf3961f998a23243449293b23474b90314bf4cb687
SSDEEP

12288:mZ54IXTlrEuRR7ATq3INisOAyqCPqP8FatNh2JRR5nWFpPoSFDmnA:mZ54wTlrEuRR7ATqQisOlqCPYb7Ekb7H

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ac511ccb039fed98ee0b3e54631a7e6e5241c4cc5fe90da7a5956057d1742c4

Files

4ac511ccb039fed98ee0b3e54631a7e6e5241c4cc5fe90da7a5956057d1742c4
.exe windows x86

41a12925fe5a59c96288e5fe099e4d6e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
Process32First
Process32Next
VirtualAlloc
VirtualFree
GetCurrentProcessId
OpenFileMappingA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
LCMapStringA
FreeLibrary
GetModuleFileNameA
GetPrivateProfileStringA
FindClose
FindFirstFileA
FindNextFileA
DeleteFileA
GetLocalTime
WritePrivateProfileStringA
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
MultiByteToWideChar
SetErrorMode
lstrcatA
lstrcpyA
GetDiskFreeSpaceExA
LocalAlloc
LocalFree
ReadConsoleA
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalLock
GlobalReAlloc
GlobalAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
GetVersion
SetLastError
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetProcessVersion
lstrcmpA
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
ReadFile
SetFilePointer
FlushFileBuffers
RtlUnwind
RaiseException
HeapSize
TerminateProcess
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
GetStdHandle
WriteFile
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCommandLineA
GetProcAddress
LoadLibraryA
GetModuleHandleA
RtlMoveMemory
lstrcpynA
WideCharToMultiByte
lstrlenW
GetTickCount
CloseHandle
Sleep
CreateEventA
OpenEventA
CreateMutexA
SetWaitableTimer
CreateWaitableTimerA
UnmapViewOfFile
MapViewOfFile
TlsAlloc
CreateFileMappingA
GlobalMemoryStatusEx
Module32Next
CreateToolhelp32Snapshot
GetFileAttributesA
GetCurrentThreadId
VirtualProtect

user32

DestroyWindow
GetDlgCtrlID
GetDlgItem
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
SetPropA
TabbedTextOutA
CreateWindowExA
GrayStringA
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
PeekMessageA
TranslateMessage
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
LoadStringA
UnhookWindowsHookEx
SendMessageA
GetKeyState
CallNextHookEx
SetWindowsHookExA
SetForegroundWindow
GetForegroundWindow
IsWindowEnabled
EnableWindow
GetWindow
GetWindowLongA
DispatchMessageA
IsWindowVisible
GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
CreateWindowStationA
GetAsyncKeyState
FindWindowExA
GetParent
GetWindowTextLengthW
GetWindowTextW
GetWindowInfo
SendInput
MessageBoxA
wsprintfA
DrawTextA
GetClassLongA
SetWindowLongA
GetMessageA
OpenClipboard
EmptyClipboard
CloseClipboard
SetWindowPos

advapi32

RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegEnumKeyA
RegOpenKeyA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

PathFileExistsA

ws2_32

connect
gethostbyname
send
recv
getsockname
WSACleanup
inet_addr
htons
socket
closesocket
ntohs
WSAAsyncSelect
select
WSAStartup

gdi32

SetTextColor
SetBkColor
GetDeviceCaps
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetClipBox
SetWindowExtEx
ScaleWindowExtEx
GetStockObject
GetObjectA
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

psapi

GetProcessImageFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 356KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41a12925fe5a59c96288e5fe099e4d6e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

gdi32

psapi

winspool.drv

comctl32

Sections

.text Size: 356KB - Virtual size: 352KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 184KB - Virtual size: 272KB

.rsrc Size: 4KB - Virtual size: 640B

.text
Size: 356KB - Virtual size: 352KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 184KB - Virtual size: 272KB

.rsrc
Size: 4KB - Virtual size: 640B