blackmoon | 39544c6783fea159611915ba2b5f8d3e53120d90aed78294e2a260017e3c3f3c

Sharing

Copy URL Twitter E-mail

General

Target

39544c6783fea159611915ba2b5f8d3e53120d90aed78294e2a260017e3c3f3c
Size

12.9MB
MD5

854f287efd1edf7c3bd9be6468d52983
SHA1

cd5f34289ce6dcdc8d16839abcb4fcd9896fb8e7
SHA256

39544c6783fea159611915ba2b5f8d3e53120d90aed78294e2a260017e3c3f3c
SHA512

744988456ecd5b40e48bffa059affc5636ac68c94aaaea19967f20c22da8bd4a1dfb89c5527cb11fc5970f11395c7dfc835dc07cc46134d771b8a0366d441bfa
SSDEEP

196608:+0HpA3ChMDcz1N+V0kadHQLKiccrWuceaN/ciE0lqC7dcaVn:s3ChMDczL+va9iccmFNqC7drn

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39544c6783fea159611915ba2b5f8d3e53120d90aed78294e2a260017e3c3f3c

Files

39544c6783fea159611915ba2b5f8d3e53120d90aed78294e2a260017e3c3f3c
.exe windows x86

b840320bad9aabe6b7bbe168fca30023

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
UrlUnescapeA

kernel32

Sleep
FreeLibrary
HeapCreate
VirtualFree
LCMapStringW
TlsGetValue
SetErrorMode
GetCommandLineA
DeleteFileA
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
GetModuleFileNameA
GetLocalTime
GetTickCount
GlobalAlloc
GlobalFree
GetUserDefaultLCID
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
MulDiv
lstrcpyn
GlobalUnlock
GlobalLock
GetFileSize
GetTimeFormatA
GetDateFormatA
WriteFile
CloseHandle
GetLastError
RtlFillMemory
GetModuleHandleA
ReadFile
SetLastError
CreateFileA
SetEndOfFile
RtlMoveMemory
WideCharToMultiByte
MultiByteToWideChar
SetFilePointer
GetCurrentProcess
TerminateProcess
RtlUnwind
lstrcpyA
lstrlenA
lstrcatA
LockResource
LoadResource
FindResourceA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
RaiseException
InterlockedDecrement
LocalFree
FlushFileBuffers
lstrcpynA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
GetEnvironmentVariableA
GetProcAddress
LoadLibraryA
GetEnvironmentStringsW
LCMapStringA
GetVersionExA
GetEnvironmentStrings
FreeEnvironmentStringsW
InterlockedExchange
FreeEnvironmentStringsA
DeviceIoControl
GetStartupInfoA
GetFileType
GetStdHandle
HeapSize
GetACP
SetHandleCount
HeapDestroy
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateEventA
CreateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
ExitThread
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GetFileAttributesA
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedIncrement
SuspendThread
ReleaseMutex
DeleteFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateMutexA
InterlockedDecrement
Beep
FormatMessageA
UnmapViewOfFile
LocalFree
CreateFileMappingA
MapViewOfFile
VirtualQuery
TerminateThread
GetVersion
GetTimeZoneInformation
SetLastError
LoadLibraryExA
GetWindowsDirectoryA
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
WideCharToMultiByte
GetModuleFileNameA
GetVolumeInformationA
InterlockedExchange
GetModuleHandleA
lstrlenW
GetProcAddress
SetFileAttributesA
CloseHandle
WaitForSingleObject
CreateProcessA
GetTickCount
GetCommandLineA
MulDiv

user32

TabbedTextOutA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
EndDialog
UnregisterClassA
GetDlgCtrlID
SetWindowTextA
GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
ClientToScreen
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PostMessageA
PostQuitMessage
GetParent
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetWindowTextA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
GetDC
ReleaseDC
keybd_event
GetClassNameA
IsWindow
SendMessageA
GetWindowRect
GetSystemMetrics
VkKeyScanExA
GetKeyboardLayout
MessageBoxA
FillRect
DrawTextA
InvertRect
wsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
LoadIconA
UnregisterClassA
GetSysColorBrush
LoadImageA
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageA
ScrollWindowEx
SystemParametersInfoA
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
RegisterClassA
CreateWindowExA
GetClassLongA
RemovePropA
GetMessageTime
EnumDisplaySettingsA
ClientToScreen
GetMenuCheckMarkDimensions
GetLastActivePopup
RegisterWindowMessageA
GetWindowPlacement
EndDialog
CreateDialogIndirectParamA
DestroyWindow
EndPaint
BeginPaint
CharUpperA
GetWindowTextLengthA
GetForegroundWindow
CreateIconIndirect
GetIconInfo
CopyIcon
LoadStringA
GetNextDlgTabItem
SetWindowTextA
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetMenuState
GetTabbedTextExtentA
DrawStateA
GrayStringA
TabbedTextOutA
WindowFromDC
EnumChildWindows
GetWindowDC
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
FrameRect
GetPropA
MoveWindow
CallWindowProcA
SetPropA
DrawTextA
GetCursor
GetWindowTextA
GetDlgItem
GetClassNameA
GetDesktopWindow
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
WaitForInputIdle
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
TrackPopupMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
EnableMenuItem

gdi32

SetBkColor
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
StretchBlt
CreateFontA
TextOutA
GetObjectA
GetDIBits
Rectangle
MoveToEx
LineTo
DeleteDC
Escape
GetDeviceCaps
PtVisible
CreateBitmap
DeleteObject
CreateSolidBrush
CreateDIBSection
SelectObject
ExtTextOutA
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
RectVisible
RestoreDC
SaveDC
GetStockObject
PolyBezierTo
Polygon
Arc
Ellipse
Pie
Chord
SetPixel
GetPixel
CreateHatchBrush
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
CreateCompatibleDC
SetPixelV
CreateBrushIndirect
Rectangle
LPtoDP
DPtoLP
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
CreateBitmap
CreatePatternBrush
SelectObject
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
CreateFontIndirectA
GetPixel
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
Ellipse
BitBlt
GetStockObject
GetTextColor
CreateRoundRectRgn
GetViewportExtEx
ExtSelectClipRgn
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
MoveToEx
LineTo
GetTextMetricsA
OffsetRgn
FrameRgn
SetDIBitsToDevice
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePenIndirect
RestoreDC
SaveDC
SetWindowOrgEx
SetTextColor
SetBkMode
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetPixel
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
GetCurrentObject

ole32

CLSIDFromString
OleUninitialize
OleUninitialize
OleInitialize
CLSIDFromProgID
CoCreateInstance
OleRun
GetHGlobalFromStream
CreateStreamOnHGlobal
CLSIDFromString
OleInitialize
CoInitialize
CoUninitialize
OleFlushClipboard
CoFreeUnusedLibraries
CoRegisterMessageFilter
CLSIDFromProgID
OleIsCurrentClipboard
CoRevokeClassObject
CoCreateInstance
OleRun

wininet

InternetTimeFromSystemTime
InternetTimeToSystemTime

gdiplus

GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromStream

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
VariantTimeToSystemTime
SafeArrayAccessData
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
SafeArrayUnaccessData
LoadTypeLi
VarR8FromBool
VarR8FromCy
SafeArrayDestroyDescriptor
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SysFreeString
SafeArrayGetElemsize
SafeArrayGetDim
VariantCopy
VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
SysFreeString
GetErrorInfo
LHashValOfNameSys

msimg32

TransparentBlt
GradientFill

oledlg

ord8

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA

comctl32

ord17
ImageList_DrawIndirect
ImageList_Read
ImageList_Create
ImageList_Destroy
ord17
ImageList_SetBkColor
ImageList_GetIcon
ImageList_AddMasked
ImageList_GetImageCount
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_Draw
ImageList_Duplicate

winmm

midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
midiOutPrepareHeader
waveOutUnprepareHeader
PlaySoundA
waveOutRestart
midiStreamRestart
midiStreamOut
midiStreamStop
midiOutReset
midiStreamClose
waveOutPrepareHeader

ws2_32

inet_ntoa
inet_addr
gethostname
getsockname
ntohs
gethostbyname
__WSAFDIsSet
WSAGetLastError
accept
getpeername
listen
WSAStartup
WSACleanup
select
send
closesocket
WSAAsyncSelect
ntohl
bind
socket
recv
recvfrom
ioctlsocket
connect
htons

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA
AVIStreamGetFrame

comdlg32

GetSaveFileNameA
GetFileTitleA
ChooseColorA
GetOpenFileNameA

shell32

ShellExecuteA
Shell_NotifyIconA

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 340KB - Virtual size: 769KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b840320bad9aabe6b7bbe168fca30023

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

ole32

wininet

gdiplus

crypt32

oleaut32

msimg32

oledlg

winspool.drv

advapi32

comctl32

winmm

ws2_32

msvfw32

avifil32

comdlg32

shell32

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 8.6MB - Virtual size: 8.6MB

.data Size: 340KB - Virtual size: 769KB

.rsrc Size: 40KB - Virtual size: 36KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 8.6MB - Virtual size: 8.6MB

.data
Size: 340KB - Virtual size: 769KB

.rsrc
Size: 40KB - Virtual size: 36KB