blackmoon | fcd16737c2aae6e06379898f0840ef8b7af364e2fdd5256d158853dea19eab6f

Sharing

Copy URL Twitter E-mail

General

Target

fcd16737c2aae6e06379898f0840ef8b7af364e2fdd5256d158853dea19eab6f
Size

4.6MB
MD5

6ec9bfe00869d6e3c5dedd53468cfeee
SHA1

54711594df96da586d6c05bbed2405152a0fe90a
SHA256

fcd16737c2aae6e06379898f0840ef8b7af364e2fdd5256d158853dea19eab6f
SHA512

f5f79de009e3fced34a49d869592b08a59a9c01551aed34b21ced4ad1cd26de57638f7e7f33acc6e4aa717a43a46764d6726b2acb2c6cda4eef1e251b2774136
SSDEEP

98304:bt8me8eLdex4VRisTfgNExN4boq/NVfLw0:KRnTfgNExN4bhfJ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcd16737c2aae6e06379898f0840ef8b7af364e2fdd5256d158853dea19eab6f

Files

fcd16737c2aae6e06379898f0840ef8b7af364e2fdd5256d158853dea19eab6f
.exe windows x86

344113d1527ad960c2264a3d1e05d83d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetCommandLineA
FreeLibrary
GetProcAddress
LCMapStringA
CreateThread
GetTickCount
DeleteCriticalSection
Sleep
GetFileSize
ReadFile
GetModuleFileNameA
WriteFile
CloseHandle
DeleteFileA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcessHeap
CreateFileA
GetLastError
RtlMoveMemory
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
TlsSetValue
TlsAlloc
GetModuleHandleA
SetStdHandle
RtlMoveMemory
LocalFree
GlobalAlloc
LocalSize
lstrlenW
LocalAlloc
WideCharToMultiByte
VirtualProtectEx
GlobalLock
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RaiseException
GlobalUnlock
IsBadWritePtr
VirtualAlloc
GetProcessHeap
GetCurrentProcess
TerminateProcess
RtlUnwind
GetVersion
SetHandleCount
ExitProcess
HeapAlloc
HeapReAlloc
GlobalFree
LoadLibraryW
GetProcAddress
MultiByteToWideChar
CreateFileMappingA
InitializeCriticalSection
HeapFree
IsBadReadPtr
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadCodePtr
LCMapStringW
MapViewOfFile
FlushFileBuffers
LCMapStringA
LoadLibraryA
FreeLibrary
GetCurrentDirectoryA
GetLocalTime
Sleep
GetTempPathA
GetTickCount
GetFileSize
ReadFile
CreateFileA
WriteFile
CloseHandle
GetCommandLineA

user32

wsprintfA
MessageBoxA
SendInput
GetAsyncKeyState
IsWindow
GetWindowThreadProcessId
FindWindowA
DispatchMessageA
PeekMessageA
TranslateMessage
GetMessageA
GetSystemMetrics
OpenClipboard
DispatchMessageA
TranslateMessage
GetMessageA
CloseClipboard
GetCursorPos
wsprintfA
MessageBoxA
ShowWindow
TrackMouseEvent
CallWindowProcA
IsWindow
ReleaseDC
UpdateLayeredWindow
GetDC
GetWindowRect
GetWindowLongA
GetClassNameA
EnumWindows
GetAncestor
GetClipboardData
SendMessageA
EnumChildWindows
GetPropA
SetPropA
CreateWindowExA
PeekMessageA

advapi32

RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
CreateServiceA
StartServiceA
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA

shlwapi

PathFindFileNameA
PathFileExistsA
PathFileExistsA

gdi32

CreateCompatibleDC
DeleteObject
DeleteDC
CreateDIBSection
SelectObject

gdiplus

GdipSetSolidFillColor
GdipCreateSolidFill
GdipDeleteBrush
GdipSetTextRenderingHint
GdiplusStartup
GdipGetRegionBounds
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipDrawRectangleI
GdipGetImageWidth
GdipGetImageHeight
GdipSetSmoothingMode
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeletePen

ole32

CLSIDFromString
CreateStreamOnHGlobal

imm32

ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmAssociateContext
ImmSetCompositionWindow

shell32

ShellExecuteA
SHAppBarMessage
SHGetSpecialFolderPathA

winmm

PlaySoundA

msvcrt

atoi
_ftol
rand
_CIfmod
_CIpow
srand
sprintf
__CxxFrameHandler
strncmp
memmove
free
malloc
modf
strchr
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

344113d1527ad960c2264a3d1e05d83d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

gdi32

gdiplus

ole32

imm32

shell32

winmm

msvcrt

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 2.2MB - Virtual size: 2.3MB

.rsrc Size: 1024B - Virtual size: 700B

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 2.2MB - Virtual size: 2.3MB

.rsrc
Size: 1024B - Virtual size: 700B