blackmoon | ec9f66256b037ccd14739cbd3aa03e6a8e98c0e3f0321fb2fc18313817e96345

Sharing

Copy URL

Twitter E-mail

General

Target

ec9f66256b037ccd14739cbd3aa03e6a8e98c0e3f0321fb2fc18313817e96345
Size

552KB
MD5

991bcd944637fb0c0249fd196d794580
SHA1

4e69d19d63890a35f7e036488d7d648219629dd1
SHA256

ec9f66256b037ccd14739cbd3aa03e6a8e98c0e3f0321fb2fc18313817e96345
SHA512

97d54f0bec23460974a3ffcf51c51a8517a74629249ae2f6280e3a4d0e4abcd54e9f03d31ff510f6a609d74a3c699416cc5478308e4d7421c02a14b3ded813ea
SSDEEP

12288:0doVielSTmfiYmQVSAevpWFi8h5eRLNXEUcRU6yxTmqx7aaE7QfS/HFk2v4iFQNS:0doVielSTmfiYmQVSAevpWFi86RLNPOd

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec9f66256b037ccd14739cbd3aa03e6a8e98c0e3f0321fb2fc18313817e96345

Files

ec9f66256b037ccd14739cbd3aa03e6a8e98c0e3f0321fb2fc18313817e96345
.exe windows x86

9a195851784d642f4954f665b3920eff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
PathIsDirectoryA

kernel32

CreateWaitableTimerA
SetWaitableTimer
CreateToolhelp32Snapshot
Process32First
Process32Next
MultiByteToWideChar
WideCharToMultiByte
Module32First
Module32Next
IsWow64Process
GetComputerNameA
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
GetExitCodeThread
RtlMoveMemory
GetModuleHandleA
GetCommandLineA
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetLocalTime
GetModuleFileNameA
CloseHandle
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetUserDefaultLCID
GlobalFree
GlobalUnlock
GlobalLock
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
GetACP
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
WriteFile
CreateFileA
GetFileSize
ReadFile
GlobalAlloc
SetFilePointer
GetLastError
GetCurrentProcess
GetVersionExA
TerminateProcess
Sleep
lstrcpyA
lstrlenA
SetLastError
lstrcatA
GetTimeZoneInformation
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GetTickCount
SetErrorMode
lstrcpynA
GetCurrentThreadId
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
LocalFree
FlushFileBuffers
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
GetSystemTime
RaiseException

user32

GetParent
SetWindowTextA
PostQuitMessage
PostMessageA
EnableWindow
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
LoadStringA
GetDlgCtrlID
GetMenuItemCount
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetWindow
PtInRect
GetWindowLongA
GetWindowTextA
SetWindowLongA
GetDlgItem
SystemParametersInfoA
GetDC
ReleaseDC
GetClassNameA
SendMessageA
GetWindowRect
MsgWaitForMultipleObjects
GetSystemMetrics
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ScaleViewportExtEx
GetObjectA
GetStockObject
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
SelectObject
DeleteDC
Escape
DeleteObject
ExtTextOutA
TextOutA
RectVisible
PtVisible

advapi32

RegDeleteValueA
RegisterServiceCtrlHandlerA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegCreateKeyA
SetServiceStatus
StartServiceCtrlDispatcherA

ole32

CoUninitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleRun
CoInitialize

winhttp

WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpConnect
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpSetOption
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpCheckPlatform

crypt32

CryptBinaryToStringA

dbghelp

MakeSureDirectoryPathExists

ws2_32

WSACleanup
WSAStartup
closesocket
send
recv
select

rasapi32

RasHangUpA
RasGetConnectStatusA

oleaut32

VariantInit
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
SafeArrayAllocDescriptor

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comctl32

ord17

wininet

InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
InternetSetOptionA
InternetConnectA

Sections

.text
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 208KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a195851784d642f4954f665b3920eff

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

ole32

winhttp

crypt32

dbghelp

ws2_32

rasapi32

oleaut32

winspool.drv

comctl32

wininet

Sections

.text Size: 232KB - Virtual size: 228KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 208KB - Virtual size: 367KB

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 232KB - Virtual size: 228KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 208KB - Virtual size: 367KB

.rsrc
Size: 72KB - Virtual size: 72KB