blackmoon | df35613bdf634d08b7d1635bdcfe5dbc8947a8e03a01e4dd363351264077cdb6

Sharing

Copy URL Twitter E-mail

General

Target

df35613bdf634d08b7d1635bdcfe5dbc8947a8e03a01e4dd363351264077cdb6
Size

8.3MB
MD5

8e728568611b426e144b07312de72748
SHA1

4d7132f93f89b2fa326f1990dee570fecf6fe63e
SHA256

df35613bdf634d08b7d1635bdcfe5dbc8947a8e03a01e4dd363351264077cdb6
SHA512

0894e59ff630c1e02224e63428a9dfb67420d8902970c3cbeb10cba3037427566d6268769ad2e592d225b9fc8c60cf3dcaea814bd66494a8ecba7be98269b5e2
SSDEEP

196608:EaKKAZBuaAVp2k8Dfl1BjF9sT2fZCh7ri4RlsbMVP:SrBdAVgk+XJMisuiP

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df35613bdf634d08b7d1635bdcfe5dbc8947a8e03a01e4dd363351264077cdb6

Files

df35613bdf634d08b7d1635bdcfe5dbc8947a8e03a01e4dd363351264077cdb6
.exe windows x86

7a50a633ed9ef9bc1c79d964ca4dcfc1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FreeLibrary
GetCommandLineA
Sleep
GetStartupInfoA
CreateProcessA
LCMapStringA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
VirtualProtect
MultiByteToWideChar
SetLocalTime
GetLocalTime
MulDiv
lstrcatA
lstrcpyA
GetPrivateProfileStringA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
DeleteFileA
FindClose
FindNextFileA
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
FindFirstFileA
WriteFile
SetFilePointer
GetFileSize
CreateFileA
GetDriveTypeA
SetLastError
LockResource
LoadResource
FindResourceA
GetTimeZoneInformation
GetVersion
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
LocalFree
FlushFileBuffers
lstrcpynA
GetFullPathNameA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetModuleHandleA
LoadLibraryA
WaitForSingleObject
lstrcpyn
WideCharToMultiByte
lstrlenW
GetTickCount
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
CreateThread
SetWaitableTimer
CreateWaitableTimerA
GetCurrentProcessId
VirtualFree
VirtualAlloc
DeviceIoControl
GlobalSize
GlobalMemoryStatusEx
GetComputerNameA
TerminateProcess
InitializeCriticalSection

gdi32

GetStockObject
GetObjectA
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetTextColor
CreateFontA
DeleteObject
GetDeviceCaps
TranslateCharsetInfo
DeleteDC
SelectObject
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetMapMode
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

advapi32

CryptImportKey
CryptReleaseContext
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
CryptSetKeyParam
CryptDestroyKey
CryptGetKeyParam
CryptDecrypt
CryptAcquireContextA

user32

IsWindowVisible
GetWindowThreadProcessId
GetParent
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
mouse_event
MsgWaitForMultipleObjects
ClientToScreen
GetClientRect
IsWindow
CallWindowProcA
CreateWindowExA
GetCursorPos
GetDC
GetSysColor
LoadBitmapA
RegisterHotKey
ReleaseCapture
ScreenToClient
SendMessageA
SetCapture
SetWindowLongA
UnregisterHotKey
EnableWindow
IsWindowEnabled
GetForegroundWindow
GetActiveWindow
SetActiveWindow
SetForegroundWindow
GetSystemMetrics
GetWindowRect
FindWindowExA
SystemParametersInfoA
UpdateWindow
CreateWindowStationA
GetDlgItem
GetWindowTextA
GetWindowLongA
PtInRect
GetWindow
PostQuitMessage
PostMessageA
SetCursor
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
CreateDialogIndirectParamA
ReleaseDC
GetDlgCtrlID
SetWindowTextA
GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
SetLayeredWindowAttributes
GetWindowInfo
SetTimer
GetWindowTextW
GetWindowTextLengthW
ShowWindow
EndDialog
GetClassNameA

ole32

CLSIDFromProgID
OleIsCurrentClipboard
OleFlushClipboard
CoUninitialize
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleRun
CLSIDFromString
CoCreateInstance
CoInitialize

ws2_32

connect
socket
select
ntohs
recv
send
closesocket
WSAStartup

shlwapi

PathFileExistsA

wininet

InternetTimeToSystemTime
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

crypt32

CryptStringToBinaryA

oledlg

ord8

oleaut32

SystemTimeToVariantTime
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime

shell32

ShellExecuteA
SHEmptyRecycleBinA
SHGetSpecialFolderPathA
DragAcceptFiles
DragFinish
DragQueryFileA

comctl32

ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_Add
ImageList_DragLeave

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

Sections

.text
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7.8MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a50a633ed9ef9bc1c79d964ca4dcfc1

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

user32

ole32

ws2_32

shlwapi

wininet

crypt32

oledlg

oleaut32

shell32

comctl32

winspool.drv

Sections

.text Size: 472KB - Virtual size: 471KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 7.8MB - Virtual size: 8.0MB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 472KB - Virtual size: 471KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 7.8MB - Virtual size: 8.0MB

.rsrc
Size: 4KB - Virtual size: 664B