blackmoon | 71fa0da9ae0a176c5317b364eacb7ebd1cfa53c730ad62b0c7e6167c7873db11

Sharing

Copy URL

Twitter E-mail

General

Target

71fa0da9ae0a176c5317b364eacb7ebd1cfa53c730ad62b0c7e6167c7873db11
Size

7.7MB
MD5

9e7962874c9aa855e18b7259c408405c
SHA1

d788e2f81b201532faffc42c45e9a72575f15786
SHA256

71fa0da9ae0a176c5317b364eacb7ebd1cfa53c730ad62b0c7e6167c7873db11
SHA512

0ad383052d9a996da95fd1d19548cac782101392eebef9f586eea29e2bb32c901e3f7243e2b4a500aae0d22fefb3c8b826e177098871cd7f07bda772f2d2973f
SSDEEP

98304:2Uv1FoSiPDC+kAEmcvDXGsUgG1/Q/g+ZjjVqIcZtZYnPK1WZdS434:2UtFernkJJDZHFg+Z3VqI6tZtI8

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71fa0da9ae0a176c5317b364eacb7ebd1cfa53c730ad62b0c7e6167c7873db11

Files

71fa0da9ae0a176c5317b364eacb7ebd1cfa53c730ad62b0c7e6167c7873db11
.exe windows x86

d686c0cfc9f57aa1a3ab4f9bac3592d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
LoadLibraryA
GetCommandLineA
RemoveDirectoryA
CopyFileA
MoveFileA
FormatMessageA
GetUserDefaultLCID
SetFileAttributesA
GetStartupInfoA
FindFirstFileA
FindNextFileA
GetTickCount
GetFileSize
ReadFile
CreateDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
HeapReAlloc
ExitProcess
lstrcmpiW
lstrcmpW
HeapCreate
HeapDestroy
InterlockedDecrement
InterlockedIncrement
InterlockedExchangeAdd
RtlZeroMemory
HeapAlloc
HeapFree
GetProcessHeap
IsWow64Process
lstrcpyA
DeleteFileA
VirtualFreeEx
CreateRemoteThread
WriteFile
GetFileAttributesW
SetEndOfFile
SetFilePointer
GetLastError
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcessTimes
VirtualQueryEx
lstrcpyn
GetCurrentThreadId
TerminateThread
GetExitCodeThread
SetWaitableTimer
CreateWaitableTimerA
CreateDirectoryW
FindNextFileW
DeleteFileW
GetLocaleInfoA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetTimeFormatA
GetDateFormatA
IsBadReadPtr
GetComputerNameA
FindClose
FindFirstFileW
QueryDosDeviceW
Process32Next
Process32First
CreateToolhelp32Snapshot
LocalFree
LocalAlloc
Sleep
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
MapViewOfFile
GetLocalTime
VirtualFree
GlobalMemoryStatusEx
WideCharToMultiByte
lstrlenW
GetCurrentProcessId
CreateThread
OpenProcess
GetCurrentProcess
VirtualAlloc
GetModuleHandleA
AddVectoredExceptionHandler
TerminateProcess
GetEnvironmentVariableA
CloseHandle
WaitForSingleObject
ResumeThread
SetThreadContext
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
CreateProcessA
RtlMoveMemory
LocalSize
IsBadCodePtr
MultiByteToWideChar
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
GetACP
RaiseException
GetSystemTime
RtlUnwind
GetOEMCP
GetCPInfo
SetErrorMode
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
DeleteCriticalSection
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
GetTimeZoneInformation
GetVersion
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
MulDiv
FlushFileBuffers
lstrcpynA

user32

SetWindowTextA
PostQuitMessage
PostMessageA
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgCtrlID
GetMenuItemCount
GetClientRect
SendDlgItemMessageA
IsDialogMessageA
SetFocus
GetWindowPlacement
IsIconic
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetWindow
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
TranslateMessage
DispatchMessageA
ShowWindow
EnumDisplayDevicesW
PtInRect
EnumDisplaySettingsW
MessageBoxA
wsprintfA
ReleaseDC
GetWindowRect
GetDC
PeekMessageA
GetSystemMetrics
GetCursorPos
GetPropA
SetPropA
CreateIconFromResource
SendMessageA
IsWindow
CallWindowProcA
FindWindowA
GetDlgItem
UpdateWindow
SystemParametersInfoA
SetActiveWindow
GetActiveWindow
SetForegroundWindow
SetWindowPos
PostMessageW
MsgWaitForMultipleObjects
UnhookWindowsHookEx
GetKeyNameTextA
MapVirtualKeyA
SetCursor
LoadCursorA
GetWindowTextW
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
UnregisterHotKey
GetMessageA
GetWindowTextLengthW
GetWindowThreadProcessId
FindWindowExA
SetTimer
RegisterHotKey
GetSubMenu
GetWindowInfo
RegisterWindowMessageA
SetLayeredWindowAttributes
IsWindowVisible
GetWindowLongA
SetWindowLongA
KillTimer
GetClassNameA
GetWindowTextA
CreateWindowStationA
GetDesktopWindow

advapi32

RegOpenKeyA
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegOpenKeyExA
RegSetValueExA
RegFlushKey
RegCloseKey
RegQueryValueExA
RegCreateKeyExA

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
SHAppBarMessage
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CLSIDFromProgID
OleRun
IIDFromString
CLSIDFromString
CreateStreamOnHGlobal
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize

shlwapi

StrToIntW
StrToIntExW
PathIsURLA
PathIsDirectoryW
PathFileExistsA

ws2_32

inet_ntoa
WSAStartup
closesocket
socket
inet_addr
connect
gethostbyname
WSACleanup
select
getsockname
WSAAsyncSelect
ntohs
htons
send
recv

gdi32

GetDeviceCaps
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
AddFontResourceA
DeleteObject
DeleteDC
GetDIBits
GetObjectA
StretchBlt
SetStretchBltMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

wininet

InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetGetConnectedState
InternetOpenUrlA
InternetCanonicalizeUrlA
InternetCrackUrlA

psapi

GetProcessImageFileNameW

winhttp

WinHttpSendRequest
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl
WinHttpCheckPlatform
WinHttpQueryHeaders

oleaut32

VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString

gdiplus

GdipLoadImageFromFile
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream
GdipGetImageWidth
GdipDisposeImage

oledlg

ord8

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

rasapi32

RasHangUpA
RasGetConnectStatusA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6.3MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d686c0cfc9f57aa1a3ab4f9bac3592d2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

ws2_32

gdi32

wininet

psapi

winhttp

oleaut32

gdiplus

oledlg

winspool.drv

comctl32

rasapi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 6.3MB - Virtual size: 6.5MB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 6.3MB - Virtual size: 6.5MB

.rsrc
Size: 8KB - Virtual size: 6KB