blackmoon | 82f34020ef74c3b95b61b6a6df9d66c5f17e14db8cf4976020b52d8635e9a405

Sharing

Copy URL Twitter E-mail

General

Target

82f34020ef74c3b95b61b6a6df9d66c5f17e14db8cf4976020b52d8635e9a405
Size

557KB
MD5

06c58965d43a07396170264d9809f6f7
SHA1

7b249d4e53832d457b45a8ee06d60d1744502ed0
SHA256

82f34020ef74c3b95b61b6a6df9d66c5f17e14db8cf4976020b52d8635e9a405
SHA512

f89112e017c12ad62e68dee600a79ea56b64bbfbe85157c6ee818fbb66bef299ad2a728e354bda77edc1f933d1f78fe885870ffdf743dac3ddd6ad5ff4e55711
SSDEEP

12288:eL+vQVLBFVEblnnuCE3Maq2n6pgA0KXs3lLccMaZtS12iXs3oSfl3zA5goSjb:eL+vQVLBFVEblnnuCE3Maq2n6pgA0KXM

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82f34020ef74c3b95b61b6a6df9d66c5f17e14db8cf4976020b52d8635e9a405

Files

82f34020ef74c3b95b61b6a6df9d66c5f17e14db8cf4976020b52d8635e9a405
.exe windows x86

64552e880ca34d9c95337d6e3a803e47

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
HeapDestroy
lstrcmpiA
RtlZeroMemory
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleHandleA
ExitProcess
HeapReAlloc
IsBadReadPtr
GetModuleFileNameA
CloseHandle
WaitForSingleObject
CreateProcessA
lstrcpyn
WriteFile
ReadFile
GetFileSize
SetFilePointer
GetLocalTime
GetUserDefaultLCID
GetCommandLineA
FreeLibrary
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetTickCount
VirtualAlloc
GetAtomNameW
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
lstrcatW
lstrcmpiW
lstrcmpA
lstrlenW
lstrlenA
HeapFree
InterlockedDecrement
InterlockedIncrement
RtlMoveMemory
LocalSize
HeapAlloc
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
CreateThread
VirtualProtect
ReadProcessMemory
GetProcAddress
LoadLibraryA
VirtualFree
GetStartupInfoA

ws2_32

WSAStartup

user32

LoadMenuW
GetMenuInfo
DestroyMenu
GetMenuItemCount
GetMenuItemInfoW
AppendMenuW
InsertMenuW
SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
SetForegroundWindow
TrackPopupMenu
GetMenuStringW
GetMenuItemRect
GetMenuState
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoW
SetMenuDefaultItem
LoadStringW
CharUpperW
CharLowerW
MessageBoxA
wsprintfA
DispatchMessageA
GetMessageA
PeekMessageA
IsZoomed
IsIconic
SetRect
LoadIconW
EnumPropsExW
RemovePropA
RemovePropW
GetPropA
GetPropW
SetPropA
SetPropW
KillTimer
SetTimer
ReleaseDC
GetDC
MessageBoxW
SetWindowTextW
SetParent
GetSystemMenu
CreatePopupMenu
CreateMenu
DrawIconEx
LoadImageW
CreateIconFromResourceEx
UpdateLayeredWindow
DialogBoxParamW
CreateDialogParamW
EndDialog
DialogBoxIndirectParamW
DestroyWindow
SetClassLongW
GetClassLongW
CreateDialogIndirectParamW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
PostQuitMessage
GetNextDlgTabItem
DispatchMessageW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
TranslateMDISysAccel
IsChild
MoveWindow
UpdateWindow
ValidateRect
ScreenToClient
GetIconInfo
CopyIcon
PostMessageW
ShowWindow
DefWindowProcW
EnumWindows
GetWindowThreadProcessId
GetWindowTextA
GetClassNameA
SetWindowRgn
BeginPaint
EndPaint
TrackMouseEvent
GetDlgItem
GetAncestor
SetWindowLongW
GetAsyncKeyState
IsWindow
FindWindowExW
GetClassNameW
GetWindowTextLengthW
GetWindowTextW
GetParent
GetWindowLongW
SendMessageW
DestroyCursor
SetCursor
GetClientRect
SetCapture
ReleaseCapture
LoadCursorW
DestroyIcon
DestroyAcceleratorTable
GetSysColor
IsWindowVisible
IsWindowEnabled
EnableWindow
SetWindowPos
GetWindowRect
SystemParametersInfoW
RegisterWindowMessageW
DrawMenuBar
SetMenu
GetMenu
CreateMDIWindowW
GetSystemMetrics
InvalidateRect
MapWindowPoints
GetFocus
SetFocus
CallWindowProcW
GetMessageW

ole32

CLSIDFromProgID
CoCreateInstance
OleRun
CLSIDFromString
GetHGlobalFromStream
StringFromGUID2
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

wininet

InternetConnectA
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA

shell32

DragQueryFileW
Shell_NotifyIconW
CommandLineToArgvW
DragAcceptFiles
DragFinish

gdi32

GetDIBits
CreatePatternBrush
CreateSolidBrush
CreateEllipticRgn
CreateFontIndirectW
GetObjectW
StretchBlt
SetStretchBltMode
GetStretchBltMode
CreateDIBSection
CreateCompatibleDC
BitBlt
GetStockObject
CreateRoundRectRgn
SetViewportOrgEx
DeleteDC
SelectObject
DeleteObject

gdiplus

GdipFillPie
GdipFillPath
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillRegion
GdipDrawString
GdipMeasureString
GdipCreateRegion
GdipMeasureCharacterRanges
GdipDrawDriverString
GdipDrawImage
GdipDrawImageRectRect
GdipDrawImageRect
GdipDrawImagePoints
GdipDrawImagePointRect
GdipDrawImagePointsRect
GdipSetClipGraphics
GdipSetClipPath
GdipSetClipRect
GdipSetClipRegion
GdipSetClipHrgn
GdipResetClip
GdipTranslateClip
GdipGetClip
GdipGetClipBounds
GdipGetVisibleClipBounds
GdipIsClipEmpty
GdipIsVisibleClipEmpty
GdipIsVisiblePoint
GdipIsVisibleRect
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer
GdipBeginContainer2
GdipEndContainer
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipCloneImage
GdipGetImageRawFormat
GdipGetImagePixelFormat
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDrawLine
GdipGetImageBounds
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipGetImageThumbnail
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipCreateHICONFromBitmap
GdipCreateStringFormat
GdipStringFormatGetGenericDefault
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipGetStringFormatFlags
GdipSetStringFormatAlign
GdipGetStringFormatAlign
GdipSetStringFormatLineAlign
GdipGetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatHotkeyPrefix
GdipSetStringFormatTabStops
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipSetStringFormatDigitSubstitution
GdipGetStringFormatDigitSubstitution
GdipSetStringFormatMeasurableCharacterRanges
GdipGetStringFormatMeasurableCharacterRangeCount
GdipCloneBrush
GdipGetBrushType
GdipCreateSolidFill
GdipSetSolidFillColor
GdipGetSolidFillColor
GdipCreateFont
GdipCreateFontFromLogfontW
GdipDeletePrivateFontCollection
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneFont
GdipGetLogFontW
GdipGetLogFontA
GdipGetFamily
GdipGetFontStyle
GdipGetFontSize
GdipGetFontUnit
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateFromHWND
GdipGetImageGraphicsContext
GdipCreatePath
GdipCreatePath2
GdipClonePath
GdipResetPath
GdipGetPathFillMode
GdipSetPathFillMode
GdipGetPointCount
GdipGetPathData
GdipStartPathFigure
GdipClosePathFigure
GdipClosePathFigures
GdipSetPathMarker
GdipClearPathMarkers
GdipReversePath
GdipGetPathLastPoint
GdipAddPathLine
GdipAddPathArc
GdipAddPathBezier
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathRectangle
GdipAddPathLineI
GdipAddPathArcI
GdipAddPathEllipse
GdipAddPathPie
GdipAddPathPolygon
GdipAddPathPath
GdipFillEllipse
GdipTransformPath
GdipGetPathWorldBounds
GdipFlattenPath
GdipWidenPath
GdipWindingModeOutline
GdipWarpPath
GdipIsVisiblePathPoint
GdipIsOutlineVisiblePathPoint
GdipCreateRegionRect
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRgnData
GdipCloneRegion
GdipSetInfinite
GdipSetEmpty
GdipCombineRegionRect
GdipCombineRegionRegion
GdipCombineRegionPath
GdipTranslateRegion
GdipTransformRegion
GdipGetRegionBounds
GdipGetRegionDataSize
GdipGetRegionData
GdipGetRegionHRgn
GdipIsEmptyRegion
GdipIsInfiniteRegion
GdipIsEqualRegion
GdipIsVisibleRegionPoint
GdipIsVisibleRegionRect
GdipGetRegionScansCount
GdipGetRegionScans
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCloneMatrix
GdipSetMatrixElements
GdipGetMatrixElements
GdipMultiplyMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipInvertMatrix
GdipScaleMatrix
GdipShearMatrix
GdipTransformMatrixPoints
GdipVectorTransformMatrixPoints
GdipIsMatrixInvertible
GdipIsMatrixIdentity
GdipIsMatrixEqual
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetGenericFontFamilyMonospace
GdipGetFamilyName
GdipIsStyleAvailable
GdipGetEmHeight
GdipGetCellAscent
GdipGetCellDescent
GdipGetLineSpacing
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCloneBitmapArea
GdipBitmapSetResolution
GdipGetNearestColor
GdipTransformPointsI
GdipTransformPoints
GdipGetDpiY
GdipGetDpiX
GdipGetPageScale
GdipSetPageScale
GdipGetPageUnit
GdipSetPageUnit
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipDeleteMatrix
GdipGetWorldTransform
GdipSetWorldTransform
GdipGetPixelOffsetMode
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipReleaseDC
GdipGetDC
GdipFlush
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipSetImageAttributesColorMatrix
GdipGetImageAttributesAdjustedPalette
GdipSetImageAttributesWrapMode
GdipSetImageAttributesRemapTable
GdipSetImageAttributesOutputChannelColorProfile
GdipSetImageAttributesOutputChannel
GdipSetImageAttributesColorKeys
GdipSetImageAttributesGamma
GdipSetImageAttributesNoOp
GdipSetImageAttributesThreshold
GdipResetImageAttributes
GdipSetImageAttributesToIdentity
GdipCloneImageAttributes
GdipCreateImageAttributes
GdipDeleteRegion
GdipDeletePath
GdipFillPolygon
GdiplusStartup
GdipDeleteFont
GdipDeleteStringFormat
GdipDisposeImage
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipDeleteBrush
GdipFillRectangle
GdipCreateTexture
GdipGraphicsClear
GdipDrawClosedCurve2
GdipDrawClosedCurve
GdipDrawCurve2
GdipDrawCurve
GdipDrawPath
GdipDrawPolygon
GdipDrawPie
GdipDrawArc
GdipDrawRectangle
GdipAddPathString
GdipDrawBezier
GdipGetImageDimension
GdipDrawEllipse

atl

ord42

comctl32

InitCommonControlsEx

shlwapi

StrToIntExW
wvnsprintfW
StrToIntW
StrTrimW
PathFindFileNameW
PathRemoveFileSpecW

crypt32

CryptStringToBinaryW

msimg32

AlphaBlend

msvcrt

floor
modf
_ftol
sprintf
atoi
strtod
??2@YAPAXI@Z
malloc
free
??3@YAXPAX@Z
strncpy
_stricmp
_CIfmod
strchr
strncmp
atof
strrchr
realloc
strstr

oleaut32

SafeArrayAllocData
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAllocDescriptor
VariantInit
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim

Sections

.text
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

64552e880ca34d9c95337d6e3a803e47

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

ole32

wininet

shell32

gdi32

gdiplus

atl

comctl32

shlwapi

crypt32

msimg32

msvcrt

oleaut32

Sections

.text Size: 424KB - Virtual size: 424KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 105KB - Virtual size: 117KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 424KB - Virtual size: 424KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 105KB - Virtual size: 117KB

.rsrc
Size: 11KB - Virtual size: 10KB