blackmoon | 6fe6dca0b3cdfc4e4c1d19455f14626ca63b87b6d29d0078aeffe7c2f8afd2c7

Sharing

Copy URL Twitter E-mail

General

Target

6fe6dca0b3cdfc4e4c1d19455f14626ca63b87b6d29d0078aeffe7c2f8afd2c7
Size

15.3MB
MD5

694a03f7491c442505723a0a40dbbdd4
SHA1

f7b23f35d92117c4ad0890994dc5d5cd69c3a49d
SHA256

6fe6dca0b3cdfc4e4c1d19455f14626ca63b87b6d29d0078aeffe7c2f8afd2c7
SHA512

0e264aa285292ae64ca7eafd016bce11f882c6a68fc84edc8109e65f7415fd142cb394f8f7bd674e4cdfdafcafe80cd5096b7bb7b93011ddd640749621639125
SSDEEP

196608:m2gTfgNExN4bhfAKKAZBuaAVp2k8Dfl1BjF9sT2fZCh7ri4RlscJVan:GTfawKTrBdAVgk+XJMisucc

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fe6dca0b3cdfc4e4c1d19455f14626ca63b87b6d29d0078aeffe7c2f8afd2c7

Files

6fe6dca0b3cdfc4e4c1d19455f14626ca63b87b6d29d0078aeffe7c2f8afd2c7
.exe windows x86

51fece534844eb07bee30aab2741b3bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
TerminateProcess
RtlZeroMemory
InterlockedDecrement
WaitForSingleObject
InterlockedIncrement
GetVersionExA
RtlMoveMemory
GetProcessHeap
LocalFree
LocalAlloc
GetCurrentProcess
ExitProcess
RtlUnwind
GetVersion
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetTempPathA
GetLocalTime
GetCurrentDirectoryA
MapViewOfFile
CreateFileMappingA
LoadLibraryW
GlobalUnlock
GlobalLock
GetTickCount
GetModuleFileNameA
VirtualFree
VirtualAlloc
IsBadWritePtr
RaiseException
LCMapStringW
CreateFileA
GetACP
GetOEMCP
GetStringTypeA
Sleep
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
FlushFileBuffers
HeapFree
HeapDestroy
HeapCreate
MultiByteToWideChar
lstrlenW
lstrcmpW
WideCharToMultiByte
lstrcmpiW
GetCommandLineA
lstrcpyn
CreateWaitableTimerA
SetWaitableTimer
CloseHandle
GlobalAlloc
GlobalFree
GetLastError
SetLastError
GetModuleHandleA
FreeLibrary
HeapReAlloc
IsBadReadPtr
LCMapStringA
VirtualProtectEx
LoadLibraryA
GetFileSize
ReadFile
WriteFile
SetFilePointer
GetProcAddress
LocalSize
HeapAlloc
GetUserDefaultLCID
GetCPInfo
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GlobalFlags
IsProcessorFeaturePresent
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetSystemInfo
InterlockedExchange
SetFilePointer
DuplicateHandle
CloseHandle
WaitForSingleObject
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
DeleteFileA
GetFileAttributesA
FindClose
FindFirstFileA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
GetSystemDirectoryA
GetWindowsDirectoryA
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
LocalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
SetLastError
lstrcpynA

user32

IsWindow
CallWindowProcA
TrackMouseEvent
CreateWindowExA
ShowWindow
CloseClipboard
GetClipboardData
OpenClipboard
SetPropA
GetPropA
EnumChildWindows
SendMessageA
GetAncestor
EnumWindows
GetSystemMetrics
DispatchMessageA
PeekMessageA
GetMessageA
TranslateMessage
MessageBoxA
wsprintfA
GetClassNameA
GetWindowLongA
GetDC
UpdateLayeredWindow
GetCursorPos
GetWindowRect
ReleaseDC
GetSysColorBrush
LoadStringA
GetDesktopWindow
GetClassNameA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
GetTopWindow
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
UnregisterClassA
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetNextDlgTabItem
FrameRect
DrawStateA
GetForegroundWindow
CallWindowProcA
CreateWindowExA
RegisterHotKey
UnregisterHotKey
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints

advapi32

RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegCloseKey
CryptGetKeyParam
CryptDestroyKey
CryptEncrypt
CryptReleaseContext
CryptImportKey
CryptSetKeyParam
CryptDecrypt
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
CryptAcquireContextA
RegOpenKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA

ws2_32

WSAStartup
gethostbyname
inet_addr
htons
send
shutdown
closesocket
ioctlsocket
connect
select
socket
recv
setsockopt
WSAGetLastError
inet_ntoa
WSACleanup
accept
getpeername
recv
ioctlsocket
recvfrom
WSAAsyncSelect
closesocket

shlwapi

StrToIntW
StrToIntExW
PathFileExistsA

ole32

CoUninitialize
CLSIDFromString
CoInitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CreateStreamOnHGlobal
CLSIDFromString
OleUninitialize
OleInitialize

wininet

InternetCloseHandle
InternetSetOptionA
HttpSendRequestA
InternetReadFile
HttpOpenRequestA
HttpQueryInfoA
InternetGetConnectedState
InternetOpenUrlA
InternetOpenA
InternetConnectA

crypt32

CryptStringToBinaryA
CertVerifyRevocation
CertVerifyCertificateChainPolicy
CertCloseStore
CertGetCertificateChain
CertVerifyTimeValidity
CertFindCertificateInStore
CertOpenSystemStoreA
CertFreeCertificateContext
CertFreeCertificateChain

winhttp

WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpReadData
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpSetOption
WinHttpReceiveResponse

secur32

EncryptMessage
AcquireCredentialsHandleA
FreeContextBuffer
InitializeSecurityContextA
DecryptMessage
QueryContextAttributesA

oleaut32

LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
VarR8FromBool
VarR8FromCy
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
SafeArrayDestroy
VariantClear
VariantChangeType
SysAllocString
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

gdi32

CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject
DeleteDC
StartDocA
EndPage
CreateFontIndirectA
GetStockObject
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
GetObjectA
SelectObject
CreatePatternBrush
CreateBitmap
StartPage
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
BitBlt
GetPixel
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
EndDoc
GetTextMetricsA
Escape
ExtTextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
TranslateCharsetInfo
CreateFontA
SetDIBitsToDevice
SetTextColor
SetBkMode
TextOutA
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette

gdiplus

GdipDeleteBrush
GdipCreateSolidFill
GdipSetSolidFillColor
GdiplusStartup
GdipDisposeImage
GdipSetTextRenderingHint
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipDrawRectangleI
GdipSetSmoothingMode
GdipDeletePen
GdipGetImageGraphicsContext
GdipGetRegionBounds

imm32

ImmGetContext
ImmSetCompositionWindow
ImmAssociateContext
ImmReleaseContext
ImmGetCompositionStringW

shell32

SHAppBarMessage
ShellExecuteA
DragFinish
DragAcceptFiles
SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA
DragQueryFileA

winmm

PlaySoundA
waveOutClose
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
PlaySoundA

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame
AVIStreamInfoA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

ChooseColorA
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

comctl32

_TrackMouseEvent
ImageList_Add
ord17
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.9MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 576KB - Virtual size: 739KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 428KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51fece534844eb07bee30aab2741b3bc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

shlwapi

ole32

wininet

crypt32

winhttp

secur32

oleaut32

gdi32

gdiplus

imm32

shell32

winmm

msvfw32

avifil32

winspool.drv

comdlg32

comctl32

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 10.9MB - Virtual size: 10.9MB

.data Size: 576KB - Virtual size: 739KB

.rsrc Size: 428KB - Virtual size: 426KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 10.9MB - Virtual size: 10.9MB

.data
Size: 576KB - Virtual size: 739KB

.rsrc
Size: 428KB - Virtual size: 426KB