blackmoon | fe1a85e0f7d439f6eccf92e9afe20ada8392eca9db086e1a649f03c15fc484df

Sharing

Copy URL Twitter E-mail

General

Target

fe1a85e0f7d439f6eccf92e9afe20ada8392eca9db086e1a649f03c15fc484df
Size

148KB
MD5

0425b093997a52676667227677133197
SHA1

c3035fdd0a008923370aa567b16c1f041b9c4df9
SHA256

fe1a85e0f7d439f6eccf92e9afe20ada8392eca9db086e1a649f03c15fc484df
SHA512

f8e2f3c1818e5057edcaf32f7971e4588ca05454b8696c11409fecddf49b6cef9fbfef5b74f092e3b489d354215518bdbe65ee52556adef86062e9e1906581c1
SSDEEP

1536:/kaPPMP0uK7vDwRmTwadJgLQ+CP5C1hawxmWrAG/IjTIYYE5LIUinYTiC5HCtxDp:c5PNMk+H+081hawxrrOTYEQY5Qt9B

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe1a85e0f7d439f6eccf92e9afe20ada8392eca9db086e1a649f03c15fc484df

Files

fe1a85e0f7d439f6eccf92e9afe20ada8392eca9db086e1a649f03c15fc484df
.exe windows x86

fec7b4294b172184deb177d5df9f76ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl
inet_addr
connect
ntohs
getpeername
send
recv
recvfrom
__WSAFDIsSet
accept
socket
htons
bind
closesocket
listen
sendto
gethostname
select
getsockname
WSACleanup
inet_ntoa
WSAStartup
gethostbyname

kernel32

FlushFileBuffers
SetFilePointer
ReadFile
GetCurrentProcess
GetOEMCP
GetCPInfo
MultiByteToWideChar
InterlockedIncrement
GlobalFlags
lstrcmpA
GetProcessVersion
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetLastError
GetVersion
InterlockedDecrement
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalAlloc
GlobalReAlloc
GlobalLock
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
GetCurrentThreadId
lstrlenA
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
CreateThread
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RtlUnwind
RaiseException
HeapSize
TerminateProcess
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
InterlockedExchange
SetStdHandle
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
Sleep
GetStdHandle
WriteFile
GetCommandLineW
WideCharToMultiByte
LocalFree
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCommandLineA
GetModuleHandleA
SetLastError

user32

TranslateMessage
GetMessageA
PeekMessageA
DispatchMessageA
GrayStringA
DrawTextA
TabbedTextOutA
wsprintfA
MessageBoxA
SetWindowsHookExA
CallNextHookEx
GetKeyState
SendMessageA
UnhookWindowsHookEx
LoadStringA
GetNextDlgTabItem
GetParent
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
DestroyMenu
PostQuitMessage
ClientToScreen
PtInRect
GetClassNameA
GetDC
ReleaseDC
GetSysColorBrush
LoadCursorA
IsWindowEnabled
SetWindowTextA
LoadIconA
PostMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
GetClientRect
CopyRect
EnableWindow
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA

gdi32

ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetStockObject
GetObjectA
PtVisible
RectVisible
TextOutA
ExtTextOutA
SetWindowExtEx
Escape

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

shell32

CommandLineToArgvW

comctl32

ord17

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fec7b4294b172184deb177d5df9f76ac

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

winspool.drv

shell32

comctl32

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 20KB - Virtual size: 80KB

.rsrc Size: 4KB - Virtual size: 728B

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 20KB - Virtual size: 80KB

.rsrc
Size: 4KB - Virtual size: 728B