blackmoon | dbbe8fce812cbee1cf17255cbbed6849be3642ace21fe536376a4cf552e7e1cb

Sharing

Copy URL Twitter E-mail

General

Target

dbbe8fce812cbee1cf17255cbbed6849be3642ace21fe536376a4cf552e7e1cb
Size

1.7MB
MD5

9815261a2d99403301045ca65cf86017
SHA1

e6fb43f57eb5393887074b6a2dfae94efa35aff2
SHA256

dbbe8fce812cbee1cf17255cbbed6849be3642ace21fe536376a4cf552e7e1cb
SHA512

bfd2ede3888e680ad0dc7cc109884a5aa18e98f63aff85fb9ec2533a2e0f2b7d473a588e9be6d405765ba8c8693e0b22bf98f817e5d7cae35f9d8ef29e4550db
SSDEEP

24576:PVOT9C0T3m+P3ABmlHLPhxnzTt3vExePuLKaV6JL0OHxvPZKZJP+d:PV6T3m+P3ABmlHLPb+2uix0MxHZKP+d

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbbe8fce812cbee1cf17255cbbed6849be3642ace21fe536376a4cf552e7e1cb

Files

dbbe8fce812cbee1cf17255cbbed6849be3642ace21fe536376a4cf552e7e1cb
.exe windows x86

e8260863536bc50f7b3d94c48e5457cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
GetProcAddress
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
SetHandleCount
RaiseException
TerminateProcess
RtlUnwind
GetStartupInfoA
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
GlobalMemoryStatusEx
GetLocalTime
VirtualAlloc
VirtualFree
Sleep
RtlMoveMemory
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
CloseHandle
MultiByteToWideChar
FindFirstFileW
FindClose
Process32First
Process32Next
LoadLibraryA
lstrcpyn
CreateDirectoryA
MoveFileA
InitializeCriticalSection
DeleteFileA
EnterCriticalSection
LCMapStringA
FreeLibrary
GetCommandLineA
SetFileAttributesA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
WideCharToMultiByte
RemoveDirectoryA
GetTickCount
WriteFile
FindFirstFileA
FindNextFileA
SetFilePointer
CreateFileA
GetFileSize
ReadFile
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
DeleteCriticalSection
HeapSize
LeaveCriticalSection
GetEnvironmentStrings
IsDebuggerPresent
GetOEMCP
GetCPInfo
FlushFileBuffers
SetErrorMode
GetProcessVersion
FindResourceA
LoadResource
LockResource
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
InterlockedIncrement
lstrcpyA
lstrcatA
WritePrivateProfileStringA
InterlockedDecrement
GlobalFlags
MulDiv
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalFree
LocalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
CreateThread
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
GetCurrentThreadId

user32

UnregisterClassA
LoadStringA
GetWindowLongA
IsWindowVisible
GetWindowTextA
GetClassNameA
SetWindowLongA
SetLayeredWindowAttributes
MessageBoxA
MessageBoxTimeoutA
EnumWindows
GetWindowThreadProcessId
GetWindowInfo
CallWindowProcA
IsWindow
PostMessageA
wsprintfA
GetSysColorBrush
LoadCursorA
LoadIconA
UpdateWindow
MapWindowPoints
GetSysColor
AdjustWindowRectEx
EndDialog
CreateDialogIndirectParamA
DestroyMenu
GetDC
GetDesktopWindow
GetWindowRect
ReleaseDC
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
EnableWindow
GetParent
IsWindowEnabled
GetForegroundWindow
GetActiveWindow
SetActiveWindow
SetForegroundWindow
PostQuitMessage
SendMessageA
SetCursor
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
PtInRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
PostThreadMessageA

advapi32

RegCloseKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

ole32

CLSIDFromProgID
CoCreateInstance
OleRun
CoInitialize
CoUninitialize
CLSIDFromString
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

wininet

InternetGetConnectedState
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

ws2_32

WSAAsyncSelect
inet_ntoa
gethostbyname
WSAStartup
closesocket
socket
inet_addr
htons
connect
send
recv
WSACleanup
ntohs
getsockname
select

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetObjectA
GetDIBits
DeleteDC
DeleteObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

oledlg

ord8

oleaut32

SafeArrayGetUBound
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
VariantCopy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi

shlwapi

PathFileExistsA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8260863536bc50f7b3d94c48e5457cc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

wininet

ws2_32

gdi32

winspool.drv

comctl32

oledlg

oleaut32

shlwapi

shell32

Sections

.text Size: 336KB - Virtual size: 335KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 1.3MB - Virtual size: 1.4MB

.rsrc Size: 4KB - Virtual size: 652B

.text
Size: 336KB - Virtual size: 335KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 1.3MB - Virtual size: 1.4MB

.rsrc
Size: 4KB - Virtual size: 652B