Behavioral task
behavioral1
Sample
54d069166d0a8c6dd9ea142a6c132693cb98526c7df1b03cf44fc83e31edc7a8.exe
Resource
win7-20230824-en
windows7-x64
General
-
Target
54d069166d0a8c6dd9ea142a6c132693cb98526c7df1b03cf44fc83e31edc7a8
-
Size
3.2MB
-
MD5
f9fd7d460ab6738bac27b42862d5eb67
-
SHA1
7b9e5047d92453c4eea7405d880087f8847012cc
-
SHA256
54d069166d0a8c6dd9ea142a6c132693cb98526c7df1b03cf44fc83e31edc7a8
-
SHA512
a77f4929fb52387c00375663a8fb39603945f60809da425f07bdd5c5a21832d87e5a900e50e48c7c9fd014a1b50db5670eddeed0eb2167933adeb5768dcb63b4
-
SSDEEP
49152:5lL1+P6ejN8dUj3CyE3pOko8QgRrPuRqsOWYn:1q6ej6IWpOkZVPuR6n
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 54d069166d0a8c6dd9ea142a6c132693cb98526c7df1b03cf44fc83e31edc7a8
Files
-
54d069166d0a8c6dd9ea142a6c132693cb98526c7df1b03cf44fc83e31edc7a8.exe windows x86
e9b3efea7521d363b533f573f56c8464
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LocalAlloc
TerminateProcess
VirtualAlloc
GetVolumeInformationA
LeaveCriticalSection
LoadLibraryW
SetThreadContext
GetThreadContext
SuspendThread
CreateEventA
Sleep
FormatMessageA
IsDBCSLeadByteEx
OpenMutexA
FileTimeToSystemTime
GetLocalTime
GetProcessTimes
CopyFileA
GetVersionExA
GetWindowsDirectoryA
GetCurrentThread
VirtualProtectEx
DeviceIoControl
CreateFileA
MapViewOfFile
SetHandleCount
GetSystemDirectoryA
IsBadWritePtr
DebugActiveProcess
GlobalFree
IsBadReadPtr
GetThreadTimes
CreatePipe
CreateProcessA
PeekNamedPipe
ReadFile
GetExitCodeProcess
WriteFile
GetModuleFileNameW
CreateMutexA
GetModuleFileNameA
InitializeCriticalSection
TerminateThread
RtlFillMemory
OpenEventA
InterlockedDecrement
OpenFileMappingA
CreateFileMappingA
LoadLibraryA
GetProcAddress
GetCommandLineA
GetFileAttributesA
RemoveDirectoryA
SetLocalTime
WritePrivateProfileStringA
GetStartupInfoA
SetFileAttributesA
CreateDirectoryA
FindClose
FindFirstFileA
ReleaseMutex
Thread32Next
Thread32First
DeleteFileA
GetLongPathNameA
Module32Next
Module32First
SetEndOfFile
SetFilePointer
GetLastError
GetModuleHandleW
VirtualQueryEx
MoveFileA
SetWaitableTimer
CreateWaitableTimerA
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStdHandle
GetFileType
SetStdHandle
HeapSize
GetACP
GetSystemTime
RaiseException
FindNextFileA
GetCurrentDirectoryA
GetFileSize
GetUserDefaultLCID
HeapReAlloc
ExitProcess
GetTickCount
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetProcessWorkingSetSize
GetVersion
GetComputerNameA
VirtualFree
GetSystemInfo
GetShortPathNameA
InterlockedIncrement
CreateIoCompletionPort
HeapCreate
lstrcpynA
LocalFree
HeapDestroy
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
MulDiv
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
DeleteCriticalSection
FreeLibrary
LoadLibraryExA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenThread
IsDebuggerPresent
GetModuleHandleA
HeapFree
UnmapViewOfFile
GetTimeFormatA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject
ResumeThread
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
FlushFileBuffers
lstrcpyA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
SetLastError
GetTimeZoneInformation
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
LCMapStringA
GetTempPathA
EnterCriticalSection
CreateThread
lstrcpyn
VirtualFreeEx
RtlMoveMemory
GetExitCodeThread
CreateRemoteThread
VirtualAllocEx
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
ReadProcessMemory
OpenProcess
GetCurrentProcess
HeapAlloc
GetProcessHeap
WriteProcessMemory
lstrlenA
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
GetFileAttributesA
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
GetTickCount
WaitForSingleObject
CloseHandle
lstrlenW
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
FileTimeToSystemTime
GetTimeZoneInformation
SetLastError
lstrcmpiA
GetVersion
SetFilePointer
GetFileSize
GetCurrentProcess
TerminateProcess
CreateMutexA
ReleaseMutex
TerminateThread
SuspendThread
InterlockedIncrement
InterlockedDecrement
LocalFree
DeleteCriticalSection
GlobalSize
ExitProcess
GetCurrentThreadId
InterlockedExchange
GlobalFree
FileTimeToLocalFileTime
lstrcpynA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
GetModuleFileNameA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
user32
RemovePropA
GetPropA
IsIconic
ShowWindowAsync
ClipCursor
EnableWindow
SwapMouseButton
GetKeyboardState
CharUpperA
PostThreadMessageA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
ReleaseCapture
CreateWindowStationA
GetKeyState
SendInput
PostQuitMessage
SetCursor
IsWindowEnabled
GetLastActivePopup
ValidateRect
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnregisterClassA
PtInRect
DestroyWindow
SetCursorPos
TabbedTextOutA
DrawTextA
GrayStringA
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
GetMessagePos
GetMessageTime
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
SetClassLongA
LoadCursorFromFileA
InvalidateRect
CallWindowProcW
ShowWindow
keybd_event
SetPropA
CreateWindowExA
IsZoomed
UpdateLayeredWindow
DefWindowProcA
FlashWindowEx
SetWindowTextA
EnumThreadWindows
GetCaretPos
SetActiveWindow
GetWindowLongA
SetLayeredWindowAttributes
GetDlgCtrlID
FlashWindow
UnloadKeyboardLayout
GetKeyboardLayoutList
SystemParametersInfoA
GetKeyboardLayout
ActivateKeyboardLayout
GetKeyboardLayoutNameA
LoadKeyboardLayoutA
MessageBoxA
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
MapVirtualKeyA
EnumChildWindows
CharLowerA
RegisterWindowMessageA
ChangeDisplaySettingsA
EnumDisplaySettingsA
SetWindowLongA
GetCursorPos
SetFocus
OpenIcon
UpdateWindow
MoveWindow
GetParent
SetParent
GetGUIThreadInfo
SetWindowLongW
IsWindowVisible
GetWindow
MsgWaitForMultipleObjects
GetDoubleClickTime
ReleaseDC
PrintWindow
GetDC
IsWindow
CallWindowProcA
PostMessageA
SendMessageA
GetAsyncKeyState
GetDesktopWindow
ExitWindowsEx
FindWindowA
WindowFromPoint
ShowCursor
mouse_event
GetForegroundWindow
GetAncestor
GetWindowTextA
GetClientRect
SetTimer
wvsprintfA
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowInfo
EnumWindows
GetWindowTextLengthA
GetClassNameA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
SendMessageTimeoutA
FindWindowExA
GetDlgItem
SetWindowPos
SetCapture
GetWindowRect
KillTimer
GetMenuItemCount
ClientToScreen
SetForegroundWindow
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
GetNextDlgTabItem
FrameRect
DefWindowProcA
SetWindowTextA
DrawTextA
SetWindowsHookExA
UnhookWindowsHookEx
EnumThreadWindows
GetWindowTextLengthA
GetClassNameA
EnumChildWindows
SetTimer
CallNextHookEx
CallWindowProcA
ReleaseCapture
GetWindowDC
GetSysColorBrush
GetWindowTextA
GetDesktopWindow
GetCapture
SetCapture
GetScrollRange
PtInRect
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
PeekMessageA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
DestroyIcon
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
CharUpperA
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA
SetClipboardData
EmptyClipboard
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
GetDlgItem
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
UnregisterClassA
IsWindowVisible
OffsetRect
KillTimer
LoadIconA
gdi32
SetMapMode
SetViewportOrgEx
RestoreDC
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
ExtTextOutA
GetStockObject
GetObjectA
CreateRectRgn
SetBkColor
CreateDIBSection
TextOutA
SetTextColor
SetBkMode
CreateFontIndirectA
GetTextExtentPointA
DeleteDC
DeleteObject
GetPixel
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmap
SaveDC
Escape
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
CreatePatternBrush
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
Arc
GetTextExtentPoint32A
GetDeviceCaps
SelectObject
CreatePen
PatBlt
CombineRgn
CreateRectRgn
Rectangle
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
EndPath
Ellipse
FillRgn
RealizePalette
SelectPalette
Escape
ExtTextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
GetTextMetricsA
CreateEllipticRgnIndirect
MoveToEx
LineTo
SetDIBitsToDevice
SetTextColor
SetBkMode
TextOutA
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetPixel
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
comdlg32
GetFileTitleA
ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
wsock32
WSACleanup
getsockname
sendto
ord1140
ord1141
ord1142
closesocket
ntohs
inet_addr
accept
recvfrom
connect
getpeername
bind
recv
setsockopt
ioctlsocket
socket
htons
WSAStartup
select
send
listen
wininet
InternetGetConnectedState
InternetTimeFromSystemTime
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetTimeToSystemTime
FtpOpenFileA
InternetReadFile
HttpQueryInfoA
FtpGetFileSize
InternetSetCookieA
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCanonicalizeUrlA
InternetCrackUrlA
shell32
SHGetPathFromIDListA
SHChangeNotify
ShellExecuteA
SHFileOperationA
SHBrowseForFolderA
SHGetSpecialFolderPathA
SHGetFileInfoA
SHGetSpecialFolderLocation
Shell_NotifyIconA
ShellExecuteA
ole32
OleRun
CoCreateInstance
CoUninitialize
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoCreateInstance
OleRun
OleUninitialize
CoInitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CLSIDFromString
OleUninitialize
OleInitialize
CLSIDFromProgID
dbghelp
MakeSureDirectoryPathExists
winhttp
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
shlwapi
PathIsDirectoryA
PathIsSystemFolderA
PathRenameExtensionA
PathMakeSystemFolderA
PathFindFileNameA
PathFindExtensionA
PathFileExistsA
PathRemoveBlanksA
StrTrimA
PathUnmakeSystemFolderA
PathIsDirectoryEmptyA
oleaut32
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
SafeArrayCreate
RegisterTypeLi
SafeArrayAllocDescriptor
LoadTypeLi
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
VariantChangeType
VariantClear
SafeArrayAllocData
LHashValOfNameSys
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
RegisterTypeLi
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
advapi32
RegEnumValueA
RegFlushKey
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
LookupAccountSidA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
GetUserNameA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
gdiplus
GdiplusStartup
GdipCreatePen1
GdipDrawRectangle
GdipDrawPath
GdipDeletePath
GdipDeletePen
GdipResetClip
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetClipHrgn
GdipSetSmoothingMode
psapi
GetModuleFileNameExA
ws2_32
WSAEnumNetworkEvents
WSACloseEvent
WSAWaitForMultipleEvents
WSACreateEvent
WSASend
WSARecv
WSASocketA
WSAEventSelect
ntohl
accept
getpeername
recv
ioctlsocket
recvfrom
WSAAsyncSelect
closesocket
send
select
inet_ntoa
WSAStartup
WSACleanup
oledlg
ord8
rasapi32
RasHangUpA
RasGetConnectStatusA
RasHangUpA
RasGetConnectStatusA
winspool.drv
OpenPrinterA
ClosePrinter
DocumentPropertiesA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
comctl32
ord17
ImageList_Read
ImageList_Destroy
ord17
_TrackMouseEvent
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_Duplicate
msvfw32
DrawDibDraw
avifil32
AVIStreamGetFrame
AVIStreamInfoA
winmm
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutUnprepareHeader
PlaySoundA
waveOutRestart
waveOutPrepareHeader
msimg32
GradientFill
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 356KB - Virtual size: 352KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 584KB - Virtual size: 930KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ