blackmoon | 1894c40d3cbd933b218649114b1e608a1e98125c3c6d4882545f5a6afde62c26

Sharing

Copy URL Twitter E-mail

General

Target

1894c40d3cbd933b218649114b1e608a1e98125c3c6d4882545f5a6afde62c26
Size

628KB
MD5

0ac686099249fd0fe73ba78f1d73c1d7
SHA1

5696b0d3d64c4d2e6267daa364c9cf7fa10150f6
SHA256

1894c40d3cbd933b218649114b1e608a1e98125c3c6d4882545f5a6afde62c26
SHA512

85e9d50fb62ba2b77a77339ccc45f86c4dfaee3942997cf64adeae3392c4f5e4693f7f5d89ed6aba5bee37aaacb1eae281670606bbd80862212007ca51eec9d7
SSDEEP

12288:ZFd+7vEHUp8MfU4abk9EMjcUddwn5YirvMFPxZms:ZFw70U8MfUPbk9EMjcUddwn5YirvMNms

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1894c40d3cbd933b218649114b1e608a1e98125c3c6d4882545f5a6afde62c26

Files

1894c40d3cbd933b218649114b1e608a1e98125c3c6d4882545f5a6afde62c26
.exe windows x86

7feaf8c361abc39d0983ae4902e6ff2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
GetCommandLineA
GetVersionExA
GetStartupInfoA
GlobalFree
GlobalUnlock
GlobalLock
SetFilePointer
GetLastError
GetCurrentProcess
Sleep
lstrcpyA
GlobalAlloc
SetLastError
lstrcatA
WaitForSingleObject
GetTimeZoneInformation
GetVersion
GetTickCount
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
LocalFree
FlushFileBuffers
lstrcpynA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
WriteFile
FindFirstFileA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GetEnvironmentVariableA
SetCurrentDirectoryA
lstrlenA
GetCurrentDirectoryA
CreateFileA
GetFileSize
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
SetWaitableTimer
CreateWaitableTimerA
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessA
CreatePipe
GetModuleHandleA
IsBadCodePtr
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
WideCharToMultiByte
lstrlenW
TerminateProcess
Process32Next
Process32First
LocalSize
QueryDosDeviceA
OpenProcess
GetSystemDirectoryA
Module32First
CloseHandle
CreateToolhelp32Snapshot
GetCurrentProcessId
lstrcpyn
MultiByteToWideChar

user32

ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
GetDlgCtrlID
GetMenuItemCount
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
PostQuitMessage
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
ModifyMenuA
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
GetSystemMetrics
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
SetCursor
SetActiveWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
GetMenuCheckMarkDimensions
LoadBitmapA
RegisterClassA
GetMenuState
EnableWindow
SetWindowTextA
GetParent
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetWindowTextA
FindWindowExA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
SystemParametersInfoA
GetDC
ReleaseDC
GetClassNameA
IsWindow
SendMessageA
GetWindowRect
SetPropA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
MsgWaitForMultipleObjects
GetInputState
CallWindowProcA
SetForegroundWindow
SetWindowPos
PostMessageA
UnregisterClassA

gdi32

CreateBitmap
SaveDC
RestoreDC
DeleteObject
SetBkColor
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
GetStockObject
GetDeviceCaps
SelectObject
DeleteDC
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor

comdlg32

GetOpenFileNameA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegCreateKeyA
RegDeleteValueA

shell32

ShellExecuteEx
SHFileOperationA
ShellExecuteA

psapi

GetProcessImageFileNameA

ws2_32

closesocket
send
recv
select
WSAStartup
WSACleanup

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetCloseHandle

rasapi32

RasHangUpA
RasGetConnectStatusA

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7feaf8c361abc39d0983ae4902e6ff2b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

psapi

ws2_32

winspool.drv

comctl32

wininet

rasapi32

Sections

.text Size: 176KB - Virtual size: 172KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 56KB - Virtual size: 237KB

.rsrc Size: 368KB - Virtual size: 364KB

.text
Size: 176KB - Virtual size: 172KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 56KB - Virtual size: 237KB

.rsrc
Size: 368KB - Virtual size: 364KB