blackmoon | 904d6cbf19f330b4c4aa6aeff8dd369ff422291925289d469a08f9975fc0f521

Sharing

Copy URL Twitter E-mail

General

Target

904d6cbf19f330b4c4aa6aeff8dd369ff422291925289d469a08f9975fc0f521
Size

164KB
MD5

4e774f200c48c8a28fc56c5d5ce0e1d6
SHA1

c4226d5548d977aac70ddf6b974885122a13bf1c
SHA256

904d6cbf19f330b4c4aa6aeff8dd369ff422291925289d469a08f9975fc0f521
SHA512

6c7782dbeadebdeb97fc84d915b434e3bcd3bac00aef6e111bcd6302a17ac4dfe663b72330d09f9695b19694857105076cc2443de09ffc6dfc1c752ac43dd1c6
SSDEEP

1536:VEUC+y9NUXqh9hfTRsG3icB2UWXv9ObEjcy0vHUwL+BnlkzEoQnLvtymzSV:VEUCnXy82j/9ObEjcySNCnlkzfWvtreV

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
904d6cbf19f330b4c4aa6aeff8dd369ff422291925289d469a08f9975fc0f521

Files

904d6cbf19f330b4c4aa6aeff8dd369ff422291925289d469a08f9975fc0f521
.exe windows x86

2e819a2dba7cba44db48e5d07faed175

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindFirstFileA
FindNextFileA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CreateFileA
WriteFile
GetModuleFileNameA
DeleteFileA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCommandLineA
GetModuleHandleA
TerminateProcess
OpenProcess
GetCurrentProcess
Process32Next
CloseHandle
InterlockedExchange
Process32First
CreateToolhelp32Snapshot
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetCurrentThreadId
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalLock
GlobalReAlloc
GlobalAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
GetVersion
SetLastError
GetProcAddress
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
FreeLibrary
LoadLibraryA
GetProcessVersion
lstrcmpA
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
ReadFile
SetFilePointer
FlushFileBuffers
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
IsBadCodePtr
SetStdHandle

user32

SetWindowsHookExA
CallNextHookEx
GetKeyState
SendMessageA
UnhookWindowsHookEx
LoadStringA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetWindowLongA
GetWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetDlgCtrlID
GetWindowTextA
GetDlgItem
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
SetForegroundWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
GetForegroundWindow
IsWindowEnabled
GetParent
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
EnableWindow

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
GetStockObject
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetDeviceCaps
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e819a2dba7cba44db48e5d07faed175

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comctl32

shell32

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 20KB - Virtual size: 57KB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 20KB - Virtual size: 57KB

.rsrc
Size: 20KB - Virtual size: 17KB