blackmoon | 31d73a0550e3127b5f4a51e7ed95c3db03f35be2ba7d3c3de3cf9d24773d359f

Sharing

Copy URL

Twitter E-mail

General

Target

31d73a0550e3127b5f4a51e7ed95c3db03f35be2ba7d3c3de3cf9d24773d359f
Size

4.6MB
MD5

271048cda43bea423ef3bf498f0fbebb
SHA1

8b33499f0a66b52a16eae38d6cb31dea8707ff50
SHA256

31d73a0550e3127b5f4a51e7ed95c3db03f35be2ba7d3c3de3cf9d24773d359f
SHA512

af9460e128f15059fd0d743c712c5c2ac90c9f07121fb3cfed90191d4605d5561a802d21bd38285ef1fdd4cdac3171c16820ee880636bf3130ade1bcf8551c0a
SSDEEP

49152:Y22rlbWEUbF6oR0pEqOeALSovXmkr87pd6QcBn9N4P0OxvDbtWqVdR/bZLa7m/fl:r2rlbWEUbF6oqsTfgNExN4boq/NVfLw+

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31d73a0550e3127b5f4a51e7ed95c3db03f35be2ba7d3c3de3cf9d24773d359f

Files

31d73a0550e3127b5f4a51e7ed95c3db03f35be2ba7d3c3de3cf9d24773d359f
.exe windows x86

110362162aaa9ede0c334be74cdc99c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetCommandLineA
FreeLibrary
GetProcAddress
LCMapStringA
CreateThread
GetTickCount
DeleteCriticalSection
Sleep
GetFileSize
ReadFile
GetModuleFileNameA
WriteFile
CloseHandle
DeleteFileA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
LoadLibraryA
CreateFileA
GetLastError
RtlMoveMemory
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
LocalSize
lstrlenW
LocalAlloc
HeapCreate
VirtualFree
GetStartupInfoA
GlobalUnlock
GlobalFree
GetFileType
GetStdHandle
SetHandleCount
GetLastError
TlsGetValue
SetLastError
TlsFree
MultiByteToWideChar
GlobalLock
GlobalAlloc
LocalFree
RtlMoveMemory
SetStdHandle
GetModuleHandleA
TlsAlloc
TlsSetValue
IsBadWritePtr
GetProcAddress
IsBadReadPtr
GetCommandLineA
GetVersion
RtlUnwind
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
VirtualProtectEx
VirtualAlloc
GetProcessHeap
ExitProcess
LoadLibraryW
GetCurrentThreadId
GetModuleFileNameA
RaiseException
HeapAlloc
HeapReAlloc
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadCodePtr
LCMapStringW
MapViewOfFile
FlushFileBuffers
LCMapStringA
LoadLibraryA
FreeLibrary
GetCurrentDirectoryA
GetLocalTime
Sleep
GetTempPathA
GetTickCount
GetFileSize
ReadFile
CreateFileA
WriteFile
CloseHandle
CreateFileMappingA

user32

MessageBoxA
GetAsyncKeyState
DispatchMessageA
TranslateMessage
GetMessageA
GetWindowThreadProcessId
wsprintfA
SendInput
FindWindowA
PeekMessageA
PeekMessageA
TrackMouseEvent
GetSystemMetrics
OpenClipboard
DispatchMessageA
TranslateMessage
GetMessageA
GetClipboardData
GetCursorPos
wsprintfA
MessageBoxA
ShowWindow
CloseClipboard
CallWindowProcA
IsWindow
ReleaseDC
UpdateLayeredWindow
GetDC
GetWindowRect
GetWindowLongA
GetClassNameA
EnumWindows
GetAncestor
SendMessageA
EnumChildWindows
GetPropA
SetPropA
CreateWindowExA

advapi32

RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
CreateServiceA
StartServiceA
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA

shlwapi

PathFindFileNameA
PathFileExistsA
PathFileExistsA

gdi32

DeleteObject
CreateDIBSection
DeleteDC
SelectObject
CreateCompatibleDC

gdiplus

GdipSetSmoothingMode
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDisposeImage
GdiplusStartup
GdipSetSolidFillColor
GdipDeletePen
GdipGetImageHeight
GdipGetImageWidth
GdipDrawRectangleI
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipGetRegionBounds
GdipSetTextRenderingHint
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC

ole32

CLSIDFromString
CreateStreamOnHGlobal

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmAssociateContext

shell32

SHAppBarMessage
ShellExecuteA
SHGetSpecialFolderPathA

winmm

PlaySoundA

msvcrt

atoi
_ftol
rand
_CIfmod
_CIpow
srand
sprintf
__CxxFrameHandler
strncmp
memmove
free
malloc
modf
strchr
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

110362162aaa9ede0c334be74cdc99c1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

gdi32

gdiplus

ole32

imm32

shell32

winmm

msvcrt

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 2.2MB - Virtual size: 2.3MB

.rsrc Size: 1024B - Virtual size: 644B

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 2.2MB - Virtual size: 2.3MB

.rsrc
Size: 1024B - Virtual size: 644B