blackmoon | c3e6b3d1710cbe943a23294bed07f3e4a0585935cce13072edc6b065f8f91ca1

Sharing

Copy URL Twitter E-mail

General

Target

c3e6b3d1710cbe943a23294bed07f3e4a0585935cce13072edc6b065f8f91ca1
Size

2.1MB
MD5

7ad28387c412a6c50ab5fbeb719b087a
SHA1

a2870706a3aacd79017186ee704074e8bb8ebef4
SHA256

c3e6b3d1710cbe943a23294bed07f3e4a0585935cce13072edc6b065f8f91ca1
SHA512

c64971420ba7399bc703f5e288fbb1b5f75b40007be2b5a0be705573d1e3334b7b80571ce95ad83c052185351106073a37b5d86c990ad244d5fa622bb25c74b7
SSDEEP

49152:+CUK3dBHIvIjPC8hI0dKHxwWMj1xvlQ1l2xjy:2KLV7C8hI6c+WMj1xtT8

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3e6b3d1710cbe943a23294bed07f3e4a0585935cce13072edc6b065f8f91ca1

Files

c3e6b3d1710cbe943a23294bed07f3e4a0585935cce13072edc6b065f8f91ca1
.exe windows x86

f21953cfcda8b74be711c9e348e7c9f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
Process32First
Process32Next
VirtualAlloc
VirtualFree
GetCurrentProcessId
OpenFileMappingA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
LCMapStringA
FreeLibrary
GetModuleFileNameA
GetPrivateProfileStringA
FindClose
FindFirstFileA
FindNextFileA
DeleteFileA
GetLocalTime
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
MultiByteToWideChar
SetErrorMode
lstrcatA
lstrcpyA
GetCurrentThreadId
GetDiskFreeSpaceExA
LocalAlloc
LocalFree
TlsAlloc
WritePrivateProfileStringA
GlobalUnlock
GlobalHandle
TlsFree
GlobalLock
GlobalReAlloc
GlobalAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
GetVersion
SetLastError
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetProcessVersion
lstrcmpA
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
ReadFile
SetFilePointer
FlushFileBuffers
RtlUnwind
RaiseException
HeapSize
TerminateProcess
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
ReadConsoleA
GetStdHandle
WriteFile
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCommandLineA
GetProcAddress
LoadLibraryA
GetModuleHandleA
RtlMoveMemory
lstrcpynA
WideCharToMultiByte
lstrlenW
GetTickCount
CloseHandle
Sleep
CreateEventA
OpenEventA
CreateMutexA
SetWaitableTimer
CreateWaitableTimerA
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileMappingA
GlobalMemoryStatusEx
Module32Next
CreateToolhelp32Snapshot
GetFileAttributesA
VirtualProtect

user32

GetDlgCtrlID
GetDlgItem
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
GetClassLongA
TabbedTextOutA
DrawTextA
DestroyWindow
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
TranslateMessage
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
LoadStringA
UnhookWindowsHookEx
SendMessageA
GetKeyState
CallNextHookEx
SetWindowsHookExA
SetForegroundWindow
GetForegroundWindow
IsWindowEnabled
EnableWindow
GetLastActivePopup
GetWindow
DispatchMessageA
IsWindowVisible
GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
CreateWindowStationA
GetAsyncKeyState
FindWindowExA
GetParent
GetWindowTextLengthW
GetWindowTextW
GetWindowInfo
MessageBoxA
wsprintfA
CloseClipboard
GrayStringA
CreateWindowExA
GetWindowLongA
GetMessageA
OpenClipboard
EmptyClipboard
SetWindowLongA

advapi32

RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegEnumKeyA
RegOpenKeyA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

PathFileExistsA

ws2_32

connect
gethostbyname
send
recv
getsockname
WSACleanup
inet_addr
htons
socket
closesocket
ntohs
WSAAsyncSelect
select
WSAStartup

gdi32

SetTextColor
SetBkColor
GetDeviceCaps
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetClipBox
SetWindowExtEx
ScaleWindowExtEx
GetStockObject
GetObjectA
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

psapi

GetProcessImageFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 364KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f21953cfcda8b74be711c9e348e7c9f7

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

gdi32

psapi

winspool.drv

comctl32

Sections

.text Size: 364KB - Virtual size: 361KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 1.7MB - Virtual size: 1.8MB

.rsrc Size: 4KB - Virtual size: 640B

.text
Size: 364KB - Virtual size: 361KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 1.7MB - Virtual size: 1.8MB

.rsrc
Size: 4KB - Virtual size: 640B