blackmoon | 28f27973e301c5be7f59120d751feabe0a7ba7f3e8fdbeb6405220b6b3cf26f9

Sharing

Copy URL Twitter E-mail

General

Target

28f27973e301c5be7f59120d751feabe0a7ba7f3e8fdbeb6405220b6b3cf26f9
Size

4.8MB
MD5

bab8e3ec9408fe9e068ee5693369cc94
SHA1

21f1359717eaced61ebd33f08086a0898fa37fe5
SHA256

28f27973e301c5be7f59120d751feabe0a7ba7f3e8fdbeb6405220b6b3cf26f9
SHA512

d61cce16cce1c7c3e4656d54de6676878cf8257f55f3df6440ddb4109ad7685708d9e501e508a588939a3444162ba8a422168b6515453c6ad169190120ed3b52
SSDEEP

98304:F0iycsYqnPh8Ij3sTfgNExN4boq/NVfLw0:bTfgNExN4bhfd

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28f27973e301c5be7f59120d751feabe0a7ba7f3e8fdbeb6405220b6b3cf26f9

Files

28f27973e301c5be7f59120d751feabe0a7ba7f3e8fdbeb6405220b6b3cf26f9
.exe windows x86

2ce222ac64fb881c80ce52f5d3b1998e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapFree
IsBadReadPtr
CloseHandle
WriteFile
CreateFileA
ReadFile
GetFileSize
DeleteFileA
Sleep
GetTickCount
GetCommandLineA
HeapAlloc
FreeLibrary
GetProcAddress
LCMapStringA
CreateThread
DeleteCriticalSection
ExitProcess
GetModuleHandleA
GetProcessHeap
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameA
RtlMoveMemory
GetCurrentThreadId
TlsSetValue
TlsAlloc
LocalSize
lstrlenW
LocalAlloc
WideCharToMultiByte
VirtualProtectEx
GetModuleHandleA
SetStdHandle
RtlMoveMemory
LocalFree
GlobalAlloc
GlobalLock
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetCurrentProcess
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
VirtualAlloc
GetProcessHeap
TerminateProcess
RtlUnwind
GlobalFree
GetVersion
GetCommandLineA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
HeapCreate
VirtualFree
GetModuleFileNameA
GetFileType
CloseHandle
WriteFile
RaiseException
GetProcAddress
MultiByteToWideChar
CreateFileMappingA
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadCodePtr
LCMapStringW
MapViewOfFile
FlushFileBuffers
LCMapStringA
LoadLibraryA
FreeLibrary
GetCurrentDirectoryA
GetLocalTime
Sleep
GetTempPathA
GetTickCount
GetFileSize
ReadFile
CreateFileA
GlobalUnlock
LoadLibraryW

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
SendInput
GetAsyncKeyState
GetWindowThreadProcessId
FindWindowA
CloseClipboard
GetSystemMetrics
OpenClipboard
DispatchMessageA
TranslateMessage
GetMessageA
GetClipboardData
GetCursorPos
wsprintfA
MessageBoxA
GetWindowLongA
TrackMouseEvent
CallWindowProcA
IsWindow
ReleaseDC
UpdateLayeredWindow
GetDC
GetWindowRect
GetClassNameA
EnumWindows
GetAncestor
ShowWindow
SendMessageA
EnumChildWindows
GetPropA
SetPropA
CreateWindowExA
PeekMessageA

shlwapi

PathFileExistsA
PathFileExistsA

gdi32

SelectObject
CreateCompatibleDC
CreateDIBSection
DeleteObject
DeleteDC

gdiplus

GdipGetImageGraphicsContext
GdipDisposeImage
GdiplusStartup
GdipSetSolidFillColor
GdipCreateSolidFill
GdipDeleteBrush
GdipCreateBitmapFromScan0
GdipGetRegionBounds
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipDrawRectangleI
GdipGetImageWidth
GdipGetImageHeight
GdipSetSmoothingMode
GdipDeletePen
GdipCreateFromHDC
GdipSetTextRenderingHint

ole32

CreateStreamOnHGlobal
CLSIDFromString

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
ImmGetCompositionStringW
ImmAssociateContext

shell32

SHAppBarMessage
ShellExecuteA
ShellExecuteA

winmm

PlaySoundA

msvcrt

_ftol
sprintf
rand
_CIfmod
_CIpow
strrchr
calloc
tolower
atoi
__CxxFrameHandler
strncmp
memmove
??3@YAXPAX@Z
modf
free
malloc
strchr

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ce222ac64fb881c80ce52f5d3b1998e

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

gdi32

gdiplus

ole32

imm32

shell32

winmm

msvcrt

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 2.5MB - Virtual size: 2.5MB

.rsrc Size: 1024B - Virtual size: 644B

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 2.5MB - Virtual size: 2.5MB

.rsrc
Size: 1024B - Virtual size: 644B