blackmoon | 1d70da4bece7c8ac5c53db7835840d8715aa690692d7c183988be1276d5afbeb

Sharing

Copy URL Twitter E-mail

General

Target

1d70da4bece7c8ac5c53db7835840d8715aa690692d7c183988be1276d5afbeb
Size

908KB
MD5

67f67f761905e913d07a299715c2edc2
SHA1

52c6d614357da37658bb97f4c9067c20828e843e
SHA256

1d70da4bece7c8ac5c53db7835840d8715aa690692d7c183988be1276d5afbeb
SHA512

11322f2711ecb9da02cd94a4cba01be77828b9eb52af84569ed229a4aeaafb4ec7213dabfcca2f4ddb056d09f5455048ae6a43207ec12d5e7c39a1827c5fb3fe
SSDEEP

24576:JuWXYLUbZ75y2u7009JWYygSRo9CmYVehGRMJ8QbDmpuH:JN4Gpw

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d70da4bece7c8ac5c53db7835840d8715aa690692d7c183988be1276d5afbeb

Files

1d70da4bece7c8ac5c53db7835840d8715aa690692d7c183988be1276d5afbeb
.dll windows x86

337ff8bba38da586aadeb08a30afc4c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringA
FreeLibrary
GetCommandLineA
GetCurrentDirectoryA
GetDiskFreeSpaceA
MulDiv
WritePrivateProfileStringA
DeleteFileA
GetFileSize
ReadFile
GetUserDefaultLCID
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetLocalTime
GetModuleFileNameA
Sleep
WriteFile
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
VirtualProtect
FlushInstructionCache
VirtualFree
VirtualProtectEx
GetTempPathA
GetVersionExA
lstrcpynA
CreateFileA
GetThreadTimes
OpenThread
ExitThread
GetCurrentThread
ExitProcess
VirtualQuery
WriteProcessMemory
SetHandleInformation
VirtualQueryEx
GetCurrentProcess
GetProcAddress
LoadLibraryA
QueryDosDeviceA
GetLogicalDriveStringsA
CreateRemoteThread
ReadProcessMemory
VirtualFreeEx
GetSystemDirectoryA
GetTempFileNameA
VirtualAllocEx
CopyFileA
DebugActiveProcessStop
ContinueDebugEvent
WaitForDebugEvent
DebugActiveProcess
lstrlenA
GetModuleHandleA
GlobalSize
lstrcmpiA
lstrcpyn
GlobalUnlock
GlobalLock
OpenProcess
WideCharToMultiByte
lstrlenW
LocalFree
DeleteCriticalSection
Process32Next
Process32First
SetFilePointer
TerminateProcess
GlobalMemoryStatus
GetWindowsDirectoryA
lstrcpyA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
GetVersion
SetSystemPowerState
GlobalReAlloc
UnmapViewOfFile
MapViewOfFile
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
SetEndOfFile
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GlobalHandle
TlsFree
LocalReAlloc
SetErrorMode
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
InterlockedExchange
LocalAlloc
PostQueuedCompletionStatus
GetQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
CreateThread
InitializeCriticalSection
HeapCreate
CreateIoCompletionPort
GetTickCount
RtlZeroMemory
GetLastError
TerminateThread
MultiByteToWideChar
LocalSize
GlobalFree
GlobalAlloc
GetCurrentThreadId
CloseHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
TlsSetValue
TlsGetValue
TlsAlloc
VirtualAlloc
RtlMoveMemory
SetEnvironmentVariableA
GetEnvironmentVariableA
GetCurrentProcessId
IsBadCodePtr
IsBadReadPtr

shlwapi

PathFileExistsA
PathFindFileNameA

ws2_32

recvfrom
socket
inet_ntoa
WSASend
gethostbyname
WSAStartup
inet_addr
htons
connect
closesocket
WSARecv
send
WSASocketA
getsockname
htonl
gethostname
sendto
listen
bind
accept
__WSAFDIsSet
select
recv
getpeername
ntohs
WSACleanup

user32

SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
BeginPaint
EndPaint
UnhookWindowsHookEx
DestroyWindow
CreateDialogIndirectParamA
EndDialog
SendDlgItemMessageA
IsDialogMessageA
SetWindowTextA
GetDlgCtrlID
MoveWindow
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
GetMessagePos
GetMessageTime
RemovePropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
WinHelpA
GetCapture
GetTopWindow
AdjustWindowRectEx
MapWindowPoints
LoadIconA
ValidateRect
CallWindowProcA
CheckMenuItem
GetSysColorBrush
LoadStringA
DestroyMenu
GetSysColor
GetClassInfoA
DefWindowProcA
LoadCursorA
PostMessageA
CopyRect
SetRect
GetClientRect
InvalidateRect
ExitWindowsEx
SetForegroundWindow
SetActiveWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
EnableWindow
GetParent
PtInRect
GetWindowLongA
GetWindowTextA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
FindWindowA
IsWindow
SendMessageA
GetWindowRect
EnableMenuItem
GetFocus
GetNextDlgTabItem
wvsprintfA
MessageBoxA
GetDesktopWindow
GetWindow
GetWindowThreadProcessId
GetClassNameA
GetWindowTextLengthW
IsWindowVisible
GetCursorInfo
GetIconInfo
SetWindowsHookExA
GetLastActivePopup
SetCursor
GetKeyState
CallNextHookEx
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
WindowFromDC
SetPropA
UnregisterClassA
GetPropA
GetDC
DrawIcon
ReleaseDC
EnumWindows
WaitForInputIdle
MsgWaitForMultipleObjects
PostThreadMessageA
CreateWindowStationA
CloseWindowStation
RegisterWindowMessageA
wsprintfA
GetSystemMetrics
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA

gdi32

SetMapMode
SetTextColor
SetBkMode
SetBkColor
CreateBitmap
CreatePalette
CreateDIBitmap
GetNearestPaletteIndex
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBrushIndirect
CreatePenIndirect
RestoreDC
SaveDC
SetWindowOrgEx
CreateFontIndirectA
SetViewportOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetStockObject
GetObjectA
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
GdiFlush
CreateDIBSection
Rectangle
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
LineTo
MoveToEx

advapi32

RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
OpenProcessToken
RegOpenKeyExA

ole32

OleIsCurrentClipboard
CLSIDFromString
CreateStreamOnHGlobal
OleFlushClipboard
CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CLSIDFromProgID
GetHGlobalFromStream
OleRun

gdiplus

GdiplusShutdown
GdipSaveImageToStream
GdipCreateBitmapFromStream
GdiplusStartup
GdipDisposeImage

mswsock

AcceptEx

psapi

GetModuleFileNameExA

oleaut32

SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
SysFreeString
VariantInit

oledlg

ord8

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

shell32

SHGetSpecialFolderPathA

comctl32

_TrackMouseEvent
ord17

Exports

Exports

_��ӳ��

Sections

.text
Size: 560KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

337ff8bba38da586aadeb08a30afc4c2

Headers

File Characteristics

Imports

kernel32

shlwapi

ws2_32

user32

gdi32

advapi32

ole32

gdiplus

mswsock

psapi

oleaut32

oledlg

winspool.drv

shell32

comctl32

Exports

Exports

Sections

.text Size: 560KB - Virtual size: 559KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 252KB - Virtual size: 455KB

.rsrc Size: 4KB - Virtual size: 352B

.reloc Size: 52KB - Virtual size: 50KB

.text
Size: 560KB - Virtual size: 559KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 252KB - Virtual size: 455KB

.rsrc
Size: 4KB - Virtual size: 352B

.reloc
Size: 52KB - Virtual size: 50KB