blackmoon | ae48cc30339d10c414e59dc2c7626fdf075f9adb83c9579c29a946e948b17458

Sharing

Copy URL Twitter E-mail

General

Target

ae48cc30339d10c414e59dc2c7626fdf075f9adb83c9579c29a946e948b17458
Size

4.6MB
MD5

ba384308b31112a57bbd4d5267ca5638
SHA1

705450d5d82f748f6a38cea42a05280435067382
SHA256

ae48cc30339d10c414e59dc2c7626fdf075f9adb83c9579c29a946e948b17458
SHA512

217554445bd617f9529d7fb97002305271ca550b1bbc28f45106e37b33f9dc47bcb5e2efb5ff06c1dd5cdc7fa5565ae27c073fedd37f36cd601f9419e806b1d0
SSDEEP

49152:EG38lPNUlhNwLF9J5hieALSovXmkr87pd6QcBn9N4P0OxvDbtWqVdR/bZLa7m/fw:l38lPNUlhNwLvsTfgNExN4boq/NVfLwZ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae48cc30339d10c414e59dc2c7626fdf075f9adb83c9579c29a946e948b17458

Files

ae48cc30339d10c414e59dc2c7626fdf075f9adb83c9579c29a946e948b17458
.exe windows x86

110362162aaa9ede0c334be74cdc99c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetCommandLineA
FreeLibrary
GetProcAddress
LCMapStringA
CreateThread
GetTickCount
DeleteCriticalSection
Sleep
GetFileSize
ReadFile
GetModuleFileNameA
WriteFile
CloseHandle
DeleteFileA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
LoadLibraryA
CreateFileA
GetLastError
RtlMoveMemory
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
LocalSize
lstrlenW
LocalAlloc
HeapCreate
VirtualFree
GetStartupInfoA
GlobalUnlock
GlobalFree
GetFileType
GetStdHandle
SetHandleCount
GetLastError
TlsGetValue
SetLastError
TlsFree
MultiByteToWideChar
GlobalLock
GlobalAlloc
LocalFree
RtlMoveMemory
SetStdHandle
GetModuleHandleA
TlsAlloc
TlsSetValue
IsBadWritePtr
GetProcAddress
IsBadReadPtr
GetCommandLineA
GetVersion
RtlUnwind
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
VirtualProtectEx
VirtualAlloc
GetProcessHeap
ExitProcess
LoadLibraryW
GetCurrentThreadId
GetModuleFileNameA
RaiseException
HeapAlloc
HeapReAlloc
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadCodePtr
LCMapStringW
MapViewOfFile
FlushFileBuffers
LCMapStringA
LoadLibraryA
FreeLibrary
GetCurrentDirectoryA
GetLocalTime
Sleep
GetTempPathA
GetTickCount
GetFileSize
ReadFile
CreateFileA
WriteFile
CloseHandle
CreateFileMappingA

user32

MessageBoxA
GetAsyncKeyState
DispatchMessageA
TranslateMessage
GetMessageA
GetWindowThreadProcessId
wsprintfA
SendInput
FindWindowA
PeekMessageA
PeekMessageA
TrackMouseEvent
GetSystemMetrics
OpenClipboard
DispatchMessageA
TranslateMessage
GetMessageA
GetClipboardData
GetCursorPos
wsprintfA
MessageBoxA
ShowWindow
CloseClipboard
CallWindowProcA
IsWindow
ReleaseDC
UpdateLayeredWindow
GetDC
GetWindowRect
GetWindowLongA
GetClassNameA
EnumWindows
GetAncestor
SendMessageA
EnumChildWindows
GetPropA
SetPropA
CreateWindowExA

advapi32

RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
CreateServiceA
StartServiceA
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA

shlwapi

PathFindFileNameA
PathFileExistsA
PathFileExistsA

gdi32

DeleteObject
CreateDIBSection
DeleteDC
SelectObject
CreateCompatibleDC

gdiplus

GdipSetSmoothingMode
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDisposeImage
GdiplusStartup
GdipSetSolidFillColor
GdipDeletePen
GdipGetImageHeight
GdipGetImageWidth
GdipDrawRectangleI
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipGetRegionBounds
GdipSetTextRenderingHint
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC

ole32

CLSIDFromString
CreateStreamOnHGlobal

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmAssociateContext

shell32

SHAppBarMessage
ShellExecuteA
SHGetSpecialFolderPathA

winmm

PlaySoundA

msvcrt

atoi
_ftol
rand
_CIfmod
_CIpow
srand
sprintf
__CxxFrameHandler
strncmp
memmove
free
malloc
modf
strchr
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

110362162aaa9ede0c334be74cdc99c1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

gdi32

gdiplus

ole32

imm32

shell32

winmm

msvcrt

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 2.2MB - Virtual size: 2.3MB

.rsrc Size: 1024B - Virtual size: 700B

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 2.2MB - Virtual size: 2.3MB

.rsrc
Size: 1024B - Virtual size: 700B