blackmoon | 424b9e40dc8af38490214802a32c2506c986113880a844abaf0d01e8be2b360c_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

424b9e40dc8af38490214802a32c2506c986113880a844abaf0d01e8be2b360c_JC.exe
Size

5.1MB
MD5

e70628bd1a3caa22589bf1099eeca809
SHA1

9fcfe246411f3f508d54f1734ba92705d4d657b3
SHA256

424b9e40dc8af38490214802a32c2506c986113880a844abaf0d01e8be2b360c
SHA512

86b39eba8e606a13f31fa73a7d72cabdf0bbe1f3bd6179bdb75bda294fb7ad0842dc8685979c36c704dc4bc1a395384cbb1f3d54d8a6802b980eac6d58971ca5
SSDEEP

98304:QPomPXGbSt8w5rw1OwQovBgaOnHoPGMsjxbqIGxdWMQN6OpS8wm+nI2ZAAmzzQx2:ZbSwoIjgTN6OptBIzTNxxh8V

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
424b9e40dc8af38490214802a32c2506c986113880a844abaf0d01e8be2b360c_JC.exe

Files

424b9e40dc8af38490214802a32c2506c986113880a844abaf0d01e8be2b360c_JC.exe
.exe windows:6 windows x86

74b87fb73a1b7a965613f7938a07a80e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToSystemTime
GetLocalTime
GetFileInformationByHandle
SystemTimeToFileTime
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
GetFileAttributesA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
OpenFileMappingA
MultiByteToWideChar
MoveFileExA
CopyFileA
GetTempPathA
FindResourceA
CreateFileMappingA
lstrlenA
FreeResource
UnmapViewOfFile
MapViewOfFile
GetTickCount
GetSystemInfo
GlobalMemoryStatusEx
CreateProcessA
CreateThread
GetCurrentProcessId
Sleep
Beep
WriteFile
SetFileAttributesA
ReadFile
GetFileSize
CreateFileA
CreateDirectoryA
SetCurrentDirectoryA
CreateMutexA
GetCommandLineW
WinExec
RemoveDirectoryA
DeleteFileA
Module32Next
Module32First
Thread32Next
Thread32First
Process32Next
Process32First
CreateToolhelp32Snapshot
LoadLibraryA
lstrcpyA
lstrcmpA
LocalFree
FreeLibrary
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
OpenProcess
OpenThread
CreateRemoteThread
TerminateProcess
GetCurrentProcess
WaitForSingleObject
CloseHandle
GetModuleFileNameA
GetLogicalDrives
FindFirstFileA
FindClose
GetCurrentDirectoryA
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
FindResourceW
WriteConsoleW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
FindNextFileW
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetDriveTypeW
GetTimeZoneInformation
GetFileAttributesExW
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetStdHandle
QueryPerformanceFrequency
GetFileType
SetStdHandle
HeapQueryInformation
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
GetFullPathNameW
VirtualQuery
VirtualAlloc
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStringTypeW
LCMapStringW
FormatMessageW
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalUnlock
LocalLock
SearchPathA
GetProfileIntA
SetErrorMode
FindResourceExW
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
GetUserDefaultLCID
ReplaceFileA
GetTempFileNameA
GetDiskFreeSpaceA
GetStringTypeExA
GetVolumeInformationA
MoveFileA
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameA
FlushFileBuffers
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetCPInfo
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
SizeofResource
LockResource
LoadResource
GetLastError
SetLastError
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
FormatMessageA
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
LoadLibraryW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
LocalAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FindNextFileA
SetEvent
CreateEventA
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
GetVersionExA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetAtomNameA
GetThreadLocale
GetACP
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage

user32

DestroyCursor
DestroyIcon
CreateIconIndirect
GetIconInfo
IsWindow
RedrawWindow
SetWindowLongA
GetFocus
MessageBoxA
AdjustWindowRectEx
GetMenuStringA
GetMenuState
InsertMenuA
RemoveMenu
SendDlgItemMessageA
SetRectEmpty
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
RegisterWindowMessageA
DispatchMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoExA
CreateWindowExA
IsMenu
IsChild
DestroyWindow
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
SetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
TrackPopupMenu
SetActiveWindow
GetForegroundWindow
BeginPaint
EndPaint
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
ScreenToClient
MapWindowPoints
EqualRect
PtInRect
GetClassLongA
GetTopWindow
GetLastActivePopup
GetWindow
SetScrollInfo
GetScrollInfo
WinHelpA
MonitorFromWindow
GetMonitorInfoA
ShowWindow
MoveWindow
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
IsWindowEnabled
ScrollWindowEx
IsDialogMessageA
CreateDialogIndirectParamA
IntersectRect
LoadBitmapA
BringWindowToTop
ReleaseCapture
LoadAcceleratorsA
TranslateAcceleratorA
InsertMenuItemA
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
IsZoomed
GetMessageA
TranslateMessage
ShowOwnedPopups
SetWindowContextHelpId
GetParent
GetMenuItemInfoA
SystemParametersInfoA
SetCapture
IsRectEmpty
WaitMessage
GetKeyNameTextA
MapVirtualKeyA
GetSysColorBrush
LoadCursorA
TrackMouseEvent
LoadImageW
RealChildWindowFromPoint
CopyImage
GetAsyncKeyState
GetDialogBaseUnits
CharUpperA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetRect
UnionRect
GetSystemMenu
DeleteMenu
SetParent
GetNextDlgGroupItem
MessageBeep
DrawIconEx
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
GetMenuDefaultItem
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongA
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawEdge
DrawFrameControl
LoadMenuW
SetCursorPos
CopyIcon
LoadAcceleratorsW
RegisterClipboardFormatA
GetDCEx
LockWindowUpdate
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageA
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuA
CharUpperBuffA
IsClipboardFormatAvailable
GetUpdateRect
EnumChildWindows
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
SendNotifyMessageA
InSendMessage
CreateMenu
WindowFromDC
GetWindowRgn
GetTabbedTextExtentA
GetTabbedTextExtentW
PeekMessageA
PostQuitMessage
GetWindowLongA
OffsetRect
SetWindowsHookExA
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
GetSysColor
WindowFromPoint
ClientToScreen
SetCursor
SendMessageA
UnhookWindowsHookEx
GetClassInfoA
OpenIcon
SetForegroundWindow
FindWindowA
wsprintfA
IsWindowVisible
IsIconic
EndDialog
SetTimer
KillTimer
GetSystemMetrics
CreatePopupMenu
GetDC
DrawStateA
CheckMenuItem
TrackPopupMenuEx
GetSubMenu
DestroyMenu
ReleaseDC
SetWindowRgn
InvalidateRect
GetMenuItemID
GetMenuItemCount
AppendMenuA
SetWindowPos
EnableWindow
PostMessageA
GetWindowDC
GetClientRect
GetWindowRect
LoadMenuA
GetActiveWindow
GetNextDlgTabItem
MapDialogRect
GetDesktopWindow
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
UnregisterClassA
CreateIconFromResource
LoadIconW
LoadIconA
LoadCursorW
CallNextHookEx
GetWindowThreadProcessId
GetClassNameA
EnumWindows
GetCursorPos
GetWindowTextA
SetWindowTextA
SwitchToThisWindow
UpdateWindow
DrawIcon
LoadImageA

gdi32

SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetBkMode
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetROP2
SelectPalette
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocA
ArcTo
PolyDraw
SelectClipPath
ExtSelectClipRgn
ExtCreatePen
MoveToEx
PolyBezierTo
PolylineTo
SetViewportExtEx
SelectClipRgn
SaveDC
RestoreDC
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetCurrentPositionEx
GetClipRgn
ExtTextOutA
TextOutA
RectVisible
PtVisible
Escape
CreateSolidBrush
SetTextColor
SetPixel
SetBkColor
GetStockObject
GetPixel
DeleteDC
CreateBitmap
GetObjectA
StretchBlt
SelectObject
GetDIBits
GetBkColor
DeleteObject
GetClipBox
ExcludeClipRect
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
GetDeviceCaps
CreateDCA
CopyMetaFileA
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
SetArcDirection
GetTextFaceA
GetTextExtentPoint32W
GetTextExtentPointA
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DeleteMetaFile
CreateMetaFileA
CloseMetaFile
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
GetCurrentObject
OffsetRgn
Rectangle
EnumFontFamiliesExA
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
SetDIBColorTable
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
StretchDIBits
GetCharWidthA
CreateFontA
GetRgnBox
GetTextColor
LPtoDP
CreateDIBSection
Ellipse
CreateEllipticRgn
GetTextMetricsA
GetTextExtentPoint32A
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CreateFontIndirectA
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
BitBlt
CreateRectRgn

advapi32

SystemFunction036
RegSetValueA
IsTextUnicode
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegQueryValueA
RegOpenKeyExW
SetFileSecurityA
GetFileSecurityA
RegEnumValueA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
SetEntriesInAclA
SetSecurityInfo
BuildExplicitAccessWithNameA
RegCloseKey

shell32

ShellExecuteExA
CommandLineToArgvW
ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ExtractIconA
SHAppBarMessage
SHAddToRecentDocs
DragQueryFileA
DragFinish
SHGetFileInfoA

ole32

RegisterDragDrop
RevokeDragDrop
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoLockObjectExternal
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleRun
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
PropVariantCopy
CoDisconnectObject
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
OleDraw
CreateStreamOnHGlobal
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoUninitialize
CoCreateInstance
CoInitialize
OleTranslateAccelerator

msimg32

AlphaBlend
TransparentBlt

comctl32

_TrackMouseEvent

shlwapi

PathStripToRootA
PathIsUNCA
PathRemoveExtensionA
PathFindExtensionA
UrlUnescapeA
PathFindFileNameA
PathRemoveFileSpecW
StrFormatKBSizeA

uxtheme

GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemePartSize
IsAppThemed
GetThemeColor

oledlg

ord8

urlmon

URLDownloadToFileA

gdiplus

GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext

winmm

PlaySoundA

wininet

FtpGetFileA
FtpFindFirstFileA
InternetGetLastResponseInfoA
InternetSetStatusCallback
FtpDeleteFileA
FtpRenameFileA
FtpOpenFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpCommandA
GopherCreateLocatorA
GopherFindFirstFileA
GopherOpenFileA
GopherGetAttributeA
HttpAddRequestHeadersA
HttpSendRequestExA
HttpEndRequestA
InternetSetCookieA
InternetGetCookieA
InternetErrorDlg
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
DeleteUrlCacheEntry
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable
InternetFindNextFileA
InternetQueryOptionA
InternetSetOptionExA
FtpPutFileA

ws2_32

WSAGetLastError
WSASetLastError
gethostbyname
sendto
select
recvfrom
closesocket
connect
htons
inet_addr
send
WSAAsyncSelect
socket
recv
ntohs
inet_ntoa
htonl
getsockname
getpeername
bind
accept
WSACleanup
WSAStartup

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter
GetJobA

oleaut32

VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
VarDecFromStr
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
SysStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
OleCreateFontIndirect
SafeArrayCreateVector
SafeArrayRedim

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74b87fb73a1b7a965613f7938a07a80e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msimg32

comctl32

shlwapi

uxtheme

oledlg

urlmon

gdiplus

winmm

wininet

ws2_32

oleacc

imm32

winspool.drv

oleaut32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 604KB - Virtual size: 603KB

.data Size: 37KB - Virtual size: 107KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 604KB - Virtual size: 603KB

.data
Size: 37KB - Virtual size: 107KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.9MB - Virtual size: 1.9MB