blackmoon | 54cc8111a47ef285abd951d97f53b10b5bd11b2619784415c289807695a76193

Sharing

Copy URL Twitter E-mail

General

Target

54cc8111a47ef285abd951d97f53b10b5bd11b2619784415c289807695a76193
Size

15.1MB
MD5

6ebb16ceaf3c8c7dfa1930c1d51a27c9
SHA1

6bc79df76fc2a9162af91c040e07274038bec4b6
SHA256

54cc8111a47ef285abd951d97f53b10b5bd11b2619784415c289807695a76193
SHA512

e8e64724a57053d7b1a0c6f3ffcbfef2dc2270dae6a97920f22ba1e35825a9c570a5c3bc4542f4307af3f24ae314172bc5bf22885f9aca8df43aa14796ff3439
SSDEEP

196608:dFJ/KTfgNExN4bhfhKKAZBuaAVp2k8Dfl1BjF9sT2fZCh7ri4RlsHJV90:ITfawKcrBdAVgk+XJMisuHC

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54cc8111a47ef285abd951d97f53b10b5bd11b2619784415c289807695a76193

Files

54cc8111a47ef285abd951d97f53b10b5bd11b2619784415c289807695a76193
.exe windows x86

6c8133ef34e1096e3b1f562915053a75

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
TerminateProcess
RtlZeroMemory
InterlockedDecrement
WaitForSingleObject
InterlockedIncrement
GetVersionExA
RtlMoveMemory
GetProcessHeap
LocalFree
LocalAlloc
GetCurrentProcess
ExitProcess
RtlUnwind
GetVersion
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetTempPathA
GetLocalTime
GetCurrentDirectoryA
MapViewOfFile
CreateFileMappingA
LoadLibraryW
GlobalUnlock
GlobalLock
GetTickCount
GetModuleFileNameA
VirtualFree
VirtualAlloc
IsBadWritePtr
RaiseException
LCMapStringW
CreateFileA
GetACP
GetOEMCP
GetStringTypeA
Sleep
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
FlushFileBuffers
HeapFree
HeapDestroy
HeapCreate
MultiByteToWideChar
lstrlenW
lstrcmpW
WideCharToMultiByte
lstrcmpiW
GetCommandLineA
lstrcpyn
CreateWaitableTimerA
SetWaitableTimer
CloseHandle
GlobalAlloc
GlobalFree
GetLastError
SetLastError
GetModuleHandleA
FreeLibrary
HeapReAlloc
IsBadReadPtr
LCMapStringA
VirtualProtectEx
LoadLibraryA
GetFileSize
ReadFile
WriteFile
SetFilePointer
GetProcAddress
LocalSize
HeapAlloc
GetUserDefaultLCID
GetCPInfo
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GlobalFlags
IsProcessorFeaturePresent
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetSystemInfo
InterlockedExchange
SetFilePointer
DuplicateHandle
CloseHandle
WaitForSingleObject
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
CreateDirectoryA
CopyFileA
DeleteFileA
MoveFileA
GetFileAttributesA
SetFileAttributesA
FindClose
FindFirstFileA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
RemoveDirectoryA
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
GetSystemDirectoryA
GetWindowsDirectoryA
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
LocalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
SetLastError
lstrcpynA

user32

IsWindow
CallWindowProcA
TrackMouseEvent
CreateWindowExA
ShowWindow
CloseClipboard
GetClipboardData
OpenClipboard
SetPropA
GetPropA
EnumChildWindows
SendMessageA
GetAncestor
EnumWindows
GetSystemMetrics
DispatchMessageA
PeekMessageA
GetMessageA
TranslateMessage
MessageBoxA
wsprintfA
GetClassNameA
GetWindowLongA
GetDC
UpdateLayeredWindow
GetCursorPos
GetWindowRect
ReleaseDC
GetSysColorBrush
LoadStringA
GetDesktopWindow
GetClassNameA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
GetTopWindow
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
UnregisterClassA
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetNextDlgTabItem
FrameRect
DrawStateA
GetForegroundWindow
CallWindowProcA
CreateWindowExA
RegisterHotKey
UnregisterHotKey
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints

advapi32

RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegCloseKey
CryptGetKeyParam
CryptDestroyKey
CryptEncrypt
CryptReleaseContext
CryptImportKey
CryptSetKeyParam
CryptDecrypt
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
CryptAcquireContextA
RegOpenKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA

ws2_32

WSAStartup
gethostbyname
inet_addr
htons
send
shutdown
closesocket
ioctlsocket
connect
select
socket
recv
setsockopt
WSAGetLastError
inet_ntoa
WSACleanup
accept
getpeername
recv
ioctlsocket
recvfrom
WSAAsyncSelect
closesocket

shlwapi

StrToIntW
StrToIntExW
PathFileExistsA

ole32

CoUninitialize
CLSIDFromString
CoInitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CreateStreamOnHGlobal
CLSIDFromString
OleUninitialize
OleInitialize

wininet

InternetCloseHandle
InternetSetOptionA
HttpSendRequestA
InternetReadFile
HttpOpenRequestA
HttpQueryInfoA
InternetGetConnectedState
InternetOpenUrlA
InternetOpenA
InternetConnectA

crypt32

CryptStringToBinaryA
CertVerifyRevocation
CertVerifyCertificateChainPolicy
CertCloseStore
CertGetCertificateChain
CertVerifyTimeValidity
CertFindCertificateInStore
CertOpenSystemStoreA
CertFreeCertificateContext
CertFreeCertificateChain

winhttp

WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpReadData
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpSetOption
WinHttpReceiveResponse

secur32

EncryptMessage
AcquireCredentialsHandleA
FreeContextBuffer
InitializeSecurityContextA
DecryptMessage
QueryContextAttributesA

oleaut32

LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
VarR8FromBool
VarR8FromCy
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
SafeArrayDestroy
VariantClear
VariantChangeType
SysAllocString
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

gdi32

CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject
DeleteDC
StartDocA
EndPage
CreateFontIndirectA
GetStockObject
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
GetObjectA
SelectObject
CreatePatternBrush
CreateBitmap
StartPage
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
BitBlt
GetPixel
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
EndDoc
GetTextMetricsA
Escape
ExtTextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
TranslateCharsetInfo
CreateFontA
SetDIBitsToDevice
SetTextColor
SetBkMode
TextOutA
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette

gdiplus

GdipDeleteBrush
GdipCreateSolidFill
GdipSetSolidFillColor
GdiplusStartup
GdipDisposeImage
GdipSetTextRenderingHint
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipDrawRectangleI
GdipSetSmoothingMode
GdipDeletePen
GdipGetImageGraphicsContext
GdipGetRegionBounds

imm32

ImmGetContext
ImmSetCompositionWindow
ImmAssociateContext
ImmReleaseContext
ImmGetCompositionStringW

shell32

SHAppBarMessage
ShellExecuteA
DragFinish
DragAcceptFiles
SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA
DragQueryFileA

winmm

PlaySoundA
waveOutClose
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
PlaySoundA

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame
AVIStreamInfoA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

ChooseColorA
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

comctl32

_TrackMouseEvent
ImageList_Add
ord17
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.7MB - Virtual size: 10.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 576KB - Virtual size: 739KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 428KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c8133ef34e1096e3b1f562915053a75

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

shlwapi

ole32

wininet

crypt32

winhttp

secur32

oleaut32

gdi32

gdiplus

imm32

shell32

winmm

msvfw32

avifil32

winspool.drv

comdlg32

comctl32

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 10.7MB - Virtual size: 10.7MB

.data Size: 576KB - Virtual size: 739KB

.rsrc Size: 428KB - Virtual size: 426KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 10.7MB - Virtual size: 10.7MB

.data
Size: 576KB - Virtual size: 739KB

.rsrc
Size: 428KB - Virtual size: 426KB