blackmoon | 7867bbd96360d4c5b29f4ea30497b17cb739c4f49a1eed12394339ccb91d797f

Sharing

Copy URL Twitter E-mail

General

Target

7867bbd96360d4c5b29f4ea30497b17cb739c4f49a1eed12394339ccb91d797f
Size

372KB
MD5

458c4f987fb2825b76e93cdce6c51eb7
SHA1

7ca123ab4aea180ac69289afc7cbfaf2613a1c8d
SHA256

7867bbd96360d4c5b29f4ea30497b17cb739c4f49a1eed12394339ccb91d797f
SHA512

cb92765ccc4a6adf35e86e6e459de339a061a3cd97bf5a472b95eb47fd9ed385afabdb93285c876fcbcf7935daec268651ffde301215161a393b40e687865bed
SSDEEP

6144:gxBqZgYt2U/5KujrN7mwkKITjsaNg6LRX40l2BYST43:gxcN0yN6DXsaNLlyf

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7867bbd96360d4c5b29f4ea30497b17cb739c4f49a1eed12394339ccb91d797f

Files

7867bbd96360d4c5b29f4ea30497b17cb739c4f49a1eed12394339ccb91d797f
.dll windows x86

ce7bc771fa53026bda2e24ccd7b0f2ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
SetFilePointer
GetTickCount
MulDiv
GetDiskFreeSpaceA
GetCurrentDirectoryA
GetCommandLineA
GetModuleFileNameA
CreateFileA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateThread
GetFileSize
ReadFile
CloseHandle
Sleep
HeapReAlloc
ExitProcess
LocalSize
OutputDebugStringA
GetProcessHeap
HeapFree
RtlMoveMemory
HeapAlloc
GetVersionExA
GetProcAddress
FreeLibrary
WriteProcessMemory
LoadLibraryA
IsBadWritePtr
IsBadReadPtr
VirtualProtect
VirtualAlloc
GetModuleHandleA
LCMapStringA

user32

IsZoomed
GetSystemMetrics
GetSysColor
SetMenu
DrawMenuBar
RegisterHotKey
UnregisterHotKey
SetActiveWindow
RegisterClassExA
CreateMenu
CreatePopupMenu
GetSystemMenu
LoadMenuA
DestroyMenu
AppendMenuA
GetMenuItemCount
InsertMenuA
SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
SetForegroundWindow
TrackPopupMenu
GetMenuStringA
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuInfo
IsIconic
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
DestroyIcon
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageA
SetWindowPos
FillRect
ReleaseCapture
SetCapture
GetMenuDefaultItem
DestroyWindow
MoveWindow
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
SetFocus
GetClassNameA
GetDlgItem
GetWindowLongA
CreateWindowExA
DestroyCursor
SetWindowLongA
TrackMouseEvent
SetCursor
LoadCursorA
ReleaseDC
ScreenToClient
GetWindowRect
GetDC
DefMDIChildProcA
DefWindowProcA
CallWindowProcA
EndPaint
BeginPaint
RegisterWindowMessageA
IsWindow
DispatchMessageA
TranslateMessage
IsDialogMessageA
TranslateAcceleratorA
SendMessageA
GetParent
IsChild
GetFocus
GetMessageA
PostQuitMessage
FindWindowA
MsgWaitForMultipleObjects
GetAsyncKeyState
LoadIconA
GetMenu

gdi32

CreatePatternBrush
StretchBlt
SetStretchBltMode
CreateSolidBrush
CreateRoundRectRgn
CombineRgn
ExtCreateRegion
SelectObject
DeleteDC
CreateDIBSection
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject
SetBkColor
BitBlt
SetBkMode
SetTextColor

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
Shell_NotifyIconA

comctl32

InitCommonControlsEx

atl

ord42

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
atof
malloc
free
_ftol
atoi
_CIfmod
sprintf
_CIpow
strrchr
strchr
modf
realloc
strncmp
__CxxFrameHandler
memmove
calloc

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetSymLoadError
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
Initialize
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
RangeMapAddPeImageSections
RangeMapCreate
RangeMapFree
RangeMapRead
RangeMapRemove
RangeMapWrite
RemoveInvalidModuleList
ReportSymbolLoadSummary
SearchTreeForFile
SearchTreeForFileW
SetCheckUserInterruptShared
SetSymLoadError
StackWalk
StackWalk64
StackWalkEx
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymAddrIncludeInlineTrace
SymAllocDiaString
SymCleanup
SymCompareInlineTrace
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsEx
SymEnumSymbolsExW
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFreeDiaString
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromInlineContext
SymFromInlineContextW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymFunctionTableAccess64AccessRoutines
SymGetDiaSession
SymGetExtendedOption
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromInlineContext
SymGetLineFromInlineContextW
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileChecksum
SymGetSourceFileChecksumW
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymQueryInlineTrace
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetDiaSession
SymSetExtendedOption
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetScopeFromInlineContext
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
_EFN_DumpImage
block
chksym
dbghelp
dh
fptr
homedir
inlinedbg
itoldyouso
lmi
lminfo
omap
optdbgdump
optdbgdumpaddr
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce7bc771fa53026bda2e24ccd7b0f2ae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

atl

msvcrt

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 161KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 176KB - Virtual size: 237KB

.rsrc Size: 4KB - Virtual size: 664B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 164KB - Virtual size: 161KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 176KB - Virtual size: 237KB

.rsrc
Size: 4KB - Virtual size: 664B

.reloc
Size: 8KB - Virtual size: 7KB