blackmoon | 814cbdf4813e873c8f21d6ce3885a661_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

814cbdf4813e873c8f21d6ce3885a661_icedid_JC.exe
Size

8.6MB
MD5

814cbdf4813e873c8f21d6ce3885a661
SHA1

ce88fe93bc3cd3f0ae9a4bc514d1abd12a3eb412
SHA256

07700ecf871b9b6dd2dba8eb567cfafd055806f47dd7f9fcff55170bb5462055
SHA512

da292cd04deefb2059aceac1ac67bb7901aada4ca634945f0fba3de0223cdbd5639dd94398120485ac3e8d3f2e23c0b00904cd6cbda3d7ac919b250a94b2ee1e
SSDEEP

196608:Md0r0JzrnkwEJlsCZHwWX/nm2D7rAE/2grnCg:U0QJPIX7vCEdf

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
814cbdf4813e873c8f21d6ce3885a661_icedid_JC.exe

Files

814cbdf4813e873c8f21d6ce3885a661_icedid_JC.exe
.exe windows x86

3b41f5ad9ec70a6e41005fb5791758d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
LoadLibraryA
GetCommandLineA
GetCurrentDirectoryA
SetFilePointer
GlobalLock
GlobalUnlock
GetUserDefaultLCID
GetFileAttributesA
GetStartupInfoA
Sleep
GetVersionExA
RemoveDirectoryA
DeleteFileA
CopyFileA
FindClose
FindFirstFileA
FindNextFileA
CreateFileA
GetFileSize
HeapReAlloc
ExitProcess
lstrcmpW
lstrcatA
GlobalFree
GlobalAlloc
GetModuleFileNameA
lstrcpyn
GetModuleHandleA
GetLocalTime
GetSystemTime
GetLogicalDriveStringsA
GetCurrentDirectoryW
GetTempPathA
lstrcmpiW
GetTempPathW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
CreateProcessW
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
WriteFile
CreatePipe
SetWaitableTimer
CreateWaitableTimerA
MoveFileA
CreateDirectoryA
QueryDosDeviceW
OpenProcess
GetCurrentProcess
IsWow64Process
RtlZeroMemory
LocalFree
IsBadReadPtr
LocalAlloc
HeapFree
RtlMoveMemory
HeapAlloc
GetProcessHeap
WideCharToMultiByte
lstrlenW
GetTickCount
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
CreateEventA
OpenEventA
IsBadCodePtr
MultiByteToWideChar
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
HeapCreate
lstrcpynW
InterlockedExchange
CreateThread
DeleteCriticalSection
GetLastError
TerminateProcess
GetWindowsDirectoryA
lstrcpyA
GetSystemDirectoryA
SetLastError
LockResource
LoadResource
FindResourceA
GetVersion
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
MulDiv
FlushFileBuffers
SetEndOfFile
lstrcpynA
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle

shlwapi

StrToIntExW
StrToIntW
PathFindExtensionA
PathFindFileNameA
PathIsDirectoryEmptyA
PathFileExistsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

user32

TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgCtrlID
SetWindowTextA
GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
SetFocus
GetWindowPlacement
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
GetMenuState
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
ClientToScreen
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
GetWindow
PtInRect
GetWindowLongA
GetWindowTextA
SetWindowLongA
GetDlgItem
ShowWindow
SystemParametersInfoA
GetDC
ReleaseDC
FindWindowA
GetSystemMetrics
EnableMenuItem
GetFocus
GetNextDlgTabItem
IsWindowEnabled
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
MessageBoxA
SetCursor
PostQuitMessage
SetActiveWindow
GetActiveWindow
GetCursorPos
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetMessageA
wsprintfA
LoadCursorFromFileW
PostMessageW
UpdateWindow
SendMessageA
GetInputState
SendMessageW
PostMessageA
GetDesktopWindow
IsWindow
GetForegroundWindow
EnableWindow
MoveWindow
GetWindowRect
GetWindowInfo
CallWindowProcA
WaitForInputIdle
SendMessageTimeoutA
MsgWaitForMultipleObjects
EnumWindows
DispatchMessageA
TranslateMessage
IsWindowVisible
FindWindowExA
GetWindowThreadProcessId
GetParent
GetClassNameA
GetWindowTextLengthW
GetWindowTextW
SetWindowPos
IsIconic
OpenIcon
SetForegroundWindow
PeekMessageA

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
GetClipBox
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
SelectObject
DeleteDC
Escape
DeleteObject
TextOutA
RectVisible
PtVisible
GetObjectA
GetStockObject
ExtTextOutA

advapi32

DeleteService
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
QueryServiceConfigA
QueryServiceConfig2A
ChangeServiceConfig2A
GetServiceDisplayNameA
GetServiceKeyNameA
CreateServiceA
CryptDestroyHash
StartServiceA
ControlService
ChangeServiceConfigA
EnumServicesStatusA
EnumServicesStatusExA
EnumDependentServicesA
RegCloseKey
RegOpenCurrentUser
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CLSIDFromString
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoRevokeClassObject
CLSIDFromProgID
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleIsCurrentClipboard
OleRun
OleFlushClipboard

wininet

InternetTimeFromSystemTime

psapi

GetProcessImageFileNameW

oleaut32

SafeArrayAllocDescriptor
SystemTimeToVariantTime
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
VariantInit

oledlg

ord8

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

Sections

.text
Size: 924KB - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7.6MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3b41f5ad9ec70a6e41005fb5791758d3

Headers

File Characteristics

Imports

kernel32

shlwapi

version

user32

gdi32

advapi32

shell32

ole32

wininet

psapi

oleaut32

oledlg

winspool.drv

comctl32

Sections

.text Size: 924KB - Virtual size: 922KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 7.6MB - Virtual size: 7.8MB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 924KB - Virtual size: 922KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 7.6MB - Virtual size: 7.8MB

.rsrc
Size: 8KB - Virtual size: 5KB