blackmoon | 68ad996dbf5152fb3ddac2992725c30ebb706271a9a1f7f23623e0e2699b6a26

Sharing

Copy URL

Twitter E-mail

General

Target

68ad996dbf5152fb3ddac2992725c30ebb706271a9a1f7f23623e0e2699b6a26
Size

14.9MB
MD5

c0308a68638e4a33b6d3425c525c3fd4
SHA1

94e9a3cece85bb4470cf530fa52e2ee00170fb03
SHA256

68ad996dbf5152fb3ddac2992725c30ebb706271a9a1f7f23623e0e2699b6a26
SHA512

c18d8d4811d969aa8e75f23f5dcb117816ba091ed483e51cbf458638019ca588fa18b2216899f8717c5bf50b3d88bd4767d1d3e26ffc3bfa9c99833f39124b8a
SSDEEP

393216:z+yDvx0IwfFo0YY15HeEZyCQ+vXC88yognM7TOC22:z+yD50IwdojERBBSo9nc64

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68ad996dbf5152fb3ddac2992725c30ebb706271a9a1f7f23623e0e2699b6a26

Files

68ad996dbf5152fb3ddac2992725c30ebb706271a9a1f7f23623e0e2699b6a26
.exe windows x86

7ff7b2b2152bc42b6cc8d560d2a371dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetCommandLineA
GetFileAttributesA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
GetStartupInfoA
GetCurrentDirectoryA
WritePrivateProfileStringA
SetFilePointer
GetFileSize
DeleteFileA
GetVersionExA
FormatMessageA
GetUserDefaultLCID
GetPrivateProfileStringA
CreateFileA
WriteFile
GetModuleFileNameA
GetTickCount
GetLocalTime
IsBadReadPtr
HeapReAlloc
ExitProcess
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
lstrcpyA
lstrcmpW
HeapCreate
HeapDestroy
RtlZeroMemory
InterlockedDecrement
InterlockedIncrement
HeapAlloc
GlobalSize
RtlMoveMemory
SetProcessWorkingSetSize
FindNextChangeNotification
FindFirstChangeNotificationA
QueryDosDeviceA
GetProcessHandleCount
DuplicateHandle
GetCurrentProcess
TerminateThread
TerminateProcess
CreateWaitableTimerA
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessA
CreatePipe
CreateThread
VirtualProtect
WriteProcessMemory
Module32Next
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
VirtualAllocEx
OpenProcess
Module32First
LocalSize
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrlenW
CloseHandle
SetWaitableTimer
CreateWaitableTimerW
HeapFree
WideCharToMultiByte
VirtualFree
VirtualAlloc
GlobalFree
GlobalUnlock
GlobalLock
InterlockedCompareExchange
GetSystemInfo
GlobalAlloc
lstrcpyn
GetModuleHandleA
CreateEventA
OpenEventA
FreeResource
SizeofResource
LoadLibraryA
LoadResource
FindResourceA
MultiByteToWideChar
GetNativeSystemInfo
VirtualQuery
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
LCMapStringW
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
ExitThread
RaiseException
GetSystemTime
RtlUnwind
GetOEMCP
GetCPInfo
SetErrorMode
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetStringTypeExA
lstrcpynA
SetEndOfFile
FlushFileBuffers
MulDiv
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
UnmapViewOfFile
LocalFree
CreateFileMappingA
MapViewOfFile
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LCMapStringA
LockResource
InitializeCriticalSection
GetVersion
GetTimeZoneInformation
QueryPerformanceCounter
QueryPerformanceFrequency
lstrcatA
SetLastError
Sleep
GetLastError
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
lstrlenA
GetProcAddress
GetModuleHandleW
GetProcessHeap

user32

PostMessageA
CallWindowProcA
GetInputState
ShowWindow
IsWindowVisible
KillTimer
FindWindowExA
SetWindowTextA
RegisterWindowMessageA
FindWindowA
SetCursor
SendMessageA
GetAsyncKeyState
IntersectRect
InvalidateRect
UpdateLayeredWindow
ReleaseCapture
IsZoomed
IsIconic
LoadCursorFromFileW
SetTimer
PtInRect
ReleaseDC
SetCaretPos
GetCursorPos
CallWindowProcW
TrackMouseEvent
BeginPaint
EndPaint
SetCapture
GetFocus
SetFocus
SetWindowLongW
SetWindowPos
SetPropA
GetClassLongW
GetWindowTextW
GetParent
SetWindowRgn
GetSystemMetrics
SetWindowLongA
CreateIconFromResource
GetClientRect
DestroyWindow
MessageBoxA
wsprintfA
DispatchMessageA
GetMessageA
PeekMessageA
DispatchMessageW
TranslateMessage
SetForegroundWindow
GetMessageW
EnableWindow
IsWindowEnabled
GetForegroundWindow
GetActiveWindow
GetPropA
GetDC
UpdateWindow
GetDlgItem
GetWindowLongA
GetWindow
PostQuitMessage
GetLastActivePopup
SetWindowsHookExA
GetClassNameA
CallNextHookEx
GetKeyState
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
CreateDialogIndirectParamA
EndDialog
GetDlgCtrlID
GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
GetMessagePos
GetMessageTime
DefWindowProcA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
MessageBeep
SetActiveWindow
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
EnumWindows
PostMessageW
ValidateRect
RemovePropA
MoveWindow
GetWindowRect
IsWindow
GetClassNameW
SendMessageW
CreateWindowExW
MsgWaitForMultipleObjects
CopyImage
SystemParametersInfoA
DefWindowProcW
RegisterClassExW
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
LoadCursorW

advapi32

RegCreateKeyExW
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyA
RegSetValueExW
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegFlushKey
RegDeleteValueA
RegSetValueExA

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconA
Shell_NotifyIconW
ShellExecuteA

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoCreateInstance
OleRun
StringFromGUID2
CLSIDFromString
CoUninitialize
CoInitialize
CLSIDFromProgID
CoRevokeClassObject
CreateStreamOnHGlobal

shlwapi

StrToIntExW
StrToIntW
PathFileExistsA

ws2_32

select
ioctlsocket
WSAGetLastError
getpeername
ntohs
htonl
recv
send
__WSAFDIsSet
getsockname
gethostbyname
WSACleanup
inet_ntoa
WSAStartup
inet_addr
accept
gethostname
closesocket
connect
htons
socket
sendto
listen
bind
recvfrom

gdi32

CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateRoundRectRgn
CreateRectRgn
GetDIBits
GetObjectA
GetStockObject
GetDeviceCaps
CreateBitmap
CreateCompatibleDC
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
BitBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

wininet

InternetGetCookieExA
InternetSetCookieA
InternetGetCookieA

gdiplus

GdipCreateRegionHrgn
GdipAddPathArc
GdipClosePathFigure
GdipCreateLineBrush
GdipCreatePen2
GdipFillPolygon
GdipDrawPolygon
GdipCreatePathGradientFromPath
GdipGetCompositingQuality
GdipCreateHBITMAPFromBitmap
GdipDrawPath
GdiplusStartup
GdipCreateImageAttributes
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipLoadImageFromStream
GdipGetFamilyName
GdipGetFontSize
GdipGetFontStyle
GdipMeasureString
GdipGetImagePixelFormat
GdipCloneBitmapArea
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipDisposeImage
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipGetSolidFillColor
GdipCreatePath
GdipAddPathString
GdipFillPath
GdipDeleteBrush
GdipCreateSolidFill
GdipDeletePath
GdipResetClip
GdipGraphicsClear
GdipGetSmoothingMode
GdipDrawImageRect
GdipSetClipRect
GdipSetClipRegion
GdipDrawRectangle
GdipDeletePen
GdipSetPenDashStyle
GdipGetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateStringFormat
GdipSetStringFormatHotkeyPrefix
GdipDeleteStringFormat
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipGetFontHeight
GdipDrawString
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipGetStringFormatAlign
GdipGetStringFormatTrimming
GdipGetStringFormatFlags
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSetStringFormatMeasurableCharacterRanges
GdipCreateRegion
GdipMeasureCharacterRanges
GdipGetRegionBounds
GdipDeleteRegion

imm32

ImmGetContext
ImmAssociateContext

oleaut32

VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
OleLoadPicture
SafeArrayUnaccessData

psapi

GetProcessImageFileNameA

dbghelp

MakeSureDirectoryPathExists

atl

ord42
ord47

iphlpapi

GetAdaptersInfo

oledlg

ord8

icmp

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13.7MB - Virtual size: 13.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7ff7b2b2152bc42b6cc8d560d2a371dc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

ws2_32

gdi32

wininet

gdiplus

imm32

oleaut32

psapi

dbghelp

atl

iphlpapi

oledlg

icmp

winspool.drv

comctl32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 13.7MB - Virtual size: 13.9MB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 13.7MB - Virtual size: 13.9MB

.rsrc
Size: 20KB - Virtual size: 17KB