blackmoon | c4fdda175605576d9214eff2fd9a5e4c3b726f3547b4666ad46121199b60a683

Sharing

Copy URL Twitter E-mail

General

Target

c4fdda175605576d9214eff2fd9a5e4c3b726f3547b4666ad46121199b60a683
Size

5.2MB
MD5

50e38eded6993e644eeb64e20ee8b8d1
SHA1

f79a4c9d203f2c11f6679d0d428ce039307471d4
SHA256

c4fdda175605576d9214eff2fd9a5e4c3b726f3547b4666ad46121199b60a683
SHA512

4bbfb821ab0f9d290dd0e007facf33d19017f0303935d29040b9a596ccc7255335c1aa5fdc81fdf8aa79add0f58529950081cf40e5d307b9d0b387dd7c1d504b
SSDEEP

98304:73BGany1U8o+HnhhsZWZYuVsNlvlBIIC1E6KIO4xMV:d0s+HjvlotleY994xM

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4fdda175605576d9214eff2fd9a5e4c3b726f3547b4666ad46121199b60a683

Files

c4fdda175605576d9214eff2fd9a5e4c3b726f3547b4666ad46121199b60a683
.dll windows x86

8bc9fa60cde4d89fc83e9b5ec196cd09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr
FindClose
FindFirstFileA
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GetTickCount
GetModuleFileNameA
GetPrivateProfileStringA
DeleteFileA
GetStartupInfoA
GetModuleHandleA
CreateProcessA
WaitForSingleObject
WriteFile
CreateFileA
GetFileSize
ReadFile
HeapReAlloc
ExitProcess
LocalSize
HeapAlloc
HeapFree
GetProcessHeap
RtlMoveMemory
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
CloseHandle

atl

ord47
ord42

user32

LoadMenuA
DestroyMenu
AppendMenuA
GetMenuItemCount
InsertMenuA
SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
TrackPopupMenu
GetMenuStringA
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
RegisterHotKey
RegisterWindowMessageA
GetSystemMenu
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
CreatePopupMenu
SetActiveWindow
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageA
SetWindowPos
MoveWindow
UpdateWindow
CreateMenu
ReleaseDC
GetDC
UnregisterHotKey
DrawMenuBar
ValidateRect
InvalidateRect
ScreenToClient
GetWindowRect
GetFocus
SetFocus
GetDlgItem
GetWindowLongA
CreateWindowExA
DestroyCursor
SetWindowLongA
PostQuitMessage
DestroyIcon
TrackMouseEvent
SetCursor
LoadCursorA
DefMDIChildProcA
SendMessageA
DefWindowProcA
DestroyWindow
GetClientRect
GetAsyncKeyState
CallWindowProcA
EndPaint
BeginPaint
SetForegroundWindow
GetClassNameA
IsWindow
DispatchMessageA
TranslateMessage
IsDialogMessageA
TranslateAcceleratorA
GetParent
GetMessageA
LoadIconA
RegisterClassExA

gdi32

SelectObject
SetBkColor
SetBkMode
SetTextColor
CreatePatternBrush
CreateSolidBrush
StretchBlt
CreateRoundRectRgn
CombineRgn
ExtCreateRegion
BitBlt
CreateFontA
DeleteDC
CreateDIBSection
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject

ws2_32

closesocket
recv
send
inet_addr
htons
socket
WSAStartup
connect

ole32

CLSIDFromString

comctl32

InitCommonControlsEx

shell32

DragAcceptFiles
Shell_NotifyIconA
DragFinish
DragQueryFileA

advapi32

CreateServiceA
OpenServiceA
StartServiceA
ControlService
QueryServiceStatus
DeleteService
CloseServiceHandle
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
OpenSCManagerA

msvcrt

sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
strrchr
atoi
_ftol
free
_CIfmod
srand
rand
atof
strtod
strncpy
strncmp
strchr
modf
realloc
memmove
__CxxFrameHandler
malloc

shlwapi

PathFileExistsA

Exports

Exports

a

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8bc9fa60cde4d89fc83e9b5ec196cd09

Headers

File Characteristics

Imports

kernel32

atl

user32

gdi32

ws2_32

ole32

comctl32

shell32

advapi32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 280KB - Virtual size: 279KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 3.6MB - Virtual size: 3.6MB

.vmp0 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 12KB - Virtual size: 9KB

.rsrc Size: 100KB - Virtual size: 99KB

.text
Size: 280KB - Virtual size: 279KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 3.6MB - Virtual size: 3.6MB

.vmp0
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 100KB - Virtual size: 99KB