blackmoon | c310431d18768cb8fb730efeebd8e0bdcd44cc2eb68791bd03c598a3be73be10

Sharing

Copy URL Twitter E-mail

General

Target

c310431d18768cb8fb730efeebd8e0bdcd44cc2eb68791bd03c598a3be73be10
Size

204KB
MD5

b4f4c67c7f03a13c7557f29207abedf7
SHA1

ba0741fce7fd12091e12e6847ad29fcc4bd4f4a0
SHA256

c310431d18768cb8fb730efeebd8e0bdcd44cc2eb68791bd03c598a3be73be10
SHA512

c2f01eb55e644b4e3ed430df540c17bedffc583b493aeb37adf8e085d399a6797e8f6de2485a1303617bf0db322dabe6432bdc5090884d3caeff42715b142c5f
SSDEEP

3072:Yqpfz1oxnE+oM3r4iTVXBK11LFi7c9tQ/TtWwi:Yqpfz1o2+oQzZXPc0/Yb

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c310431d18768cb8fb730efeebd8e0bdcd44cc2eb68791bd03c598a3be73be10

Files

c310431d18768cb8fb730efeebd8e0bdcd44cc2eb68791bd03c598a3be73be10
.dll regsvr32 windows x86

7d45f5b4dac002017d69e356d9c2da93

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
LCMapStringA
GetCommandLineA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
WideCharToMultiByte
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
Process32Next
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
CloseHandle
Process32First
CreateToolhelp32Snapshot
AddVectoredExceptionHandler
VirtualFreeEx
VirtualAllocEx
LocalSize
GetProcAddress
MultiByteToWideChar
Sleep
FreeLibrary
CreateThread
VirtualProtect
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
RtlMoveMemory
LoadLibraryA
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
TerminateProcess
RtlUnwind
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetTickCount
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
lstrlenA
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetVersion
MulDiv
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
SetLastError
GetLastError

psapi

GetModuleBaseNameA

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries

crypt32

CryptStringToBinaryA

user32

CreateDialogIndirectParamA
EndDialog
DestroyMenu
PostThreadMessageA
LoadStringA
GetSysColorBrush
LoadCursorA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowThreadProcessId
LoadIconA
UpdateWindow
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
GetKeyState
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnhookWindowsHookEx
UnregisterClassA
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow

gdi32

Escape
ExtTextOutA
TextOutA
PtVisible
GetDeviceCaps
RectVisible
GetObjectA
GetStockObject
CreateBitmap
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

comctl32

ord17

oledlg

ord8

oleaut32

VariantCopy
SafeArrayDestroy
VariantClear
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SysAllocString
SafeArrayCreate

Exports

Exports

DirectInput8Create
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ppxh_c1djc

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d45f5b4dac002017d69e356d9c2da93

Headers

File Characteristics

Imports

kernel32

psapi

ole32

crypt32

user32

gdi32

winspool.drv

advapi32

comctl32

oledlg

oleaut32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 130KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 20KB - Virtual size: 93KB

.rsrc Size: 4KB - Virtual size: 660B

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 132KB - Virtual size: 130KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 20KB - Virtual size: 93KB

.rsrc
Size: 4KB - Virtual size: 660B

.reloc
Size: 20KB - Virtual size: 18KB