blackmoon | 7b868fc8aa927d0c9f30c8aded0509e5747fe1613724227a35f7de5115141644

Sharing

Copy URL

Twitter E-mail

General

Target

7b868fc8aa927d0c9f30c8aded0509e5747fe1613724227a35f7de5115141644
Size

12.0MB
MD5

dfddc895298b1e8add97feca8d61e574
SHA1

2c52f5627bf0ad48952b46d4b10939b135249119
SHA256

7b868fc8aa927d0c9f30c8aded0509e5747fe1613724227a35f7de5115141644
SHA512

e77f2c84ae16c925d2ea37fb0024419abfef23a22974c0b104fa646f3d936cfc1365d86746af97545c0f4c15a783bf744e7a8a4f223395c9a172e670173ceeaa
SSDEEP

98304:l56wuJoWk7NHVE0/nX1R2xtiCq+ew7wXnc/YXVMGzpYYJ5Isk7XqKIxZJ3I:lQ07TfX1R2xtifYRGzptJw76KIxZ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b868fc8aa927d0c9f30c8aded0509e5747fe1613724227a35f7de5115141644

Files

7b868fc8aa927d0c9f30c8aded0509e5747fe1613724227a35f7de5115141644
.exe windows:4 windows x86

89395269a1ca6689d5fb0807a7dfc64e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateDIBSection
DeleteObject
SelectObject
DeleteDC
CreateCompatibleDC
GetViewportExtEx
ExtSelectClipRgn
StartDocA
LineTo
MoveToEx
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
DeleteDC
EndDoc
EndPage
CreateFontIndirectA
GetStockObject
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
ExcludeClipRect
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetDeviceCaps
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
GetObjectA
SelectObject
CreateBitmap
CreateDCA
SetBkColor
CreateRectRgnIndirect
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreateCompatibleBitmap
GetPolyFillMode
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
GetTextExtentPoint32A

gdiplus

GdipGetRegionBounds
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipSetSmoothingMode
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFile
GdipDrawRectangleI
GdipLoadImageFromStream
GdipCreateSolidFill
GdipSetSolidFillColor
GdipDeletePen
GdipDeleteBrush
GdiplusStartup
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipDisposeImage

user32

SendMessageA
ReleaseDC
UpdateLayeredWindow
GetDC
MessageBoxA
TrackMouseEvent
CallWindowProcA
ShowWindow
PeekMessageA
SetPropA
GetPropA
GetWindowRect
CreateWindowExA
GetCursorPos
GetSystemMetrics
wsprintfA
DispatchMessageA
TranslateMessage
GetClipboardData
OpenClipboard
IsWindow
GetMessageA
CloseClipboard
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
LoadIconA
TranslateMessage
UnregisterClassA
GetClassNameA
GetWindowThreadProcessId
FindWindowA
GetDlgItem
GetWindowTextA
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
GetMessageA
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
EnableMenuItem
CreateIconFromResource
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
DispatchMessageA
CreateIconFromResourceEx
SetRectEmpty
RegisterClipboardFormatA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
LoadStringA
GetSysColorBrush
ClientToScreen
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
GetSubMenu
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetDesktopWindow

kernel32

GetModuleHandleA
SetHandleCount
GetStdHandle
LCMapStringA
LoadLibraryA
FreeLibrary
GetCurrentDirectoryA
GetLocalTime
Sleep
GetTempPathA
GetTickCount
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
VirtualAlloc
MapViewOfFile
CreateFileMappingA
GetProcAddress
TlsGetValue
VirtualProtectEx
WideCharToMultiByte
lstrlenW
LocalAlloc
LocalSize
GlobalFree
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
RtlMoveMemory
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RaiseException
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
LCMapStringW
SetStdHandle
FlushFileBuffers
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCommandLineA
GetVersion
RtlUnwind
TerminateProcess
GetCurrentProcess
LoadLibraryW
WriteFile
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
CompareStringA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
CloseHandle
WaitForSingleObject
CreateProcessA
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
DeleteFileA
GetFileAttributesA
SetFileAttributesA
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
ExpandEnvironmentStringsA
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
GetModuleFileNameA
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
ReadFile
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
Process32Next
Process32First
CreateToolhelp32Snapshot
SetFilePointer
GetFileSize
GetCurrentProcess
TerminateProcess
OpenProcess
InterlockedDecrement
MultiByteToWideChar
SetLastError
GetTimeZoneInformation
GetVersion
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedExchange
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
WideCharToMultiByte
InterlockedIncrement
SetHandleCount

ole32

OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromString
OleUninitialize

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmAssociateContext
ImmGetContext
ImmSetCompositionWindow

shell32

ShellExecuteA
SHAppBarMessage
Shell_NotifyIconA
ShellExecuteA

shlwapi

PathFileExistsA

winmm

PlaySoundA
midiStreamOut
midiStreamProperty
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
midiStreamOpen
midiOutPrepareHeader

ws2_32

WSACleanup
inet_ntoa
getpeername
accept
closesocket
WSAAsyncSelect
recvfrom
ioctlsocket
recv

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegQueryValueExA

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

comctl32

ImageList_Destroy
ord17

comdlg32

ChooseColorA
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

Sections

.text
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

43A3
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

89395269a1ca6689d5fb0807a7dfc64e

Headers

File Characteristics

Imports

gdi32

gdiplus

user32

kernel32

ole32

imm32

shell32

shlwapi

winmm

ws2_32

winspool.drv

advapi32

oleaut32

comctl32

comdlg32

Sections

.text Size: 11.9MB - Virtual size: 11.9MB

43A3 Size: 68KB - Virtual size: 68KB

.text
Size: 11.9MB - Virtual size: 11.9MB

43A3
Size: 68KB - Virtual size: 68KB