blackmoon | ac475e7c9e5cd0cbbcee86fc2f4560c482d58ce7559194bee0c02dd4c8514fc0

Sharing

Copy URL Twitter E-mail

General

Target

ac475e7c9e5cd0cbbcee86fc2f4560c482d58ce7559194bee0c02dd4c8514fc0
Size

2.1MB
MD5

313ac2cb8f7b8a2e2f00db60cbc1d013
SHA1

786c197eda6b4c5fa1880ed59c33dcea3102cffb
SHA256

ac475e7c9e5cd0cbbcee86fc2f4560c482d58ce7559194bee0c02dd4c8514fc0
SHA512

b9a74d5f8fb4168b3be618338c2633ed960014e37584aad7371a20899d1ae06f4edf78f992ca2d725666a659c9170e6592d611cb9d255cfd2a3ab8baf157cc0f
SSDEEP

24576:/jBhNI5XZtPnrY/f1HlCyJTE4XX/385g1S3t0fZkfTFuKiUR5Z3FHW:7gtEFCux/385g17xcZj3F2

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac475e7c9e5cd0cbbcee86fc2f4560c482d58ce7559194bee0c02dd4c8514fc0

Files

ac475e7c9e5cd0cbbcee86fc2f4560c482d58ce7559194bee0c02dd4c8514fc0
.exe windows:4 windows x86

b567417444a38e2a94a6a87b31a5183b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
FreeLibrary
GetCommandLineA
GetModuleFileNameA
WriteFile
GetFileSize
ReadFile
CloseHandle
GetPrivateProfileStringA
Sleep
IsBadReadPtr
HeapFree
GetTickCount
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MulDiv
lstrcatA
lstrcpyA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
LocalAlloc
LocalFree
HeapReAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
InterlockedIncrement
MultiByteToWideChar
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
SetErrorMode
GetCurrentProcess
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
TerminateProcess
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
HeapAlloc
ExitProcess
GetProcessHeap
lstrlenW
GetModuleHandleA
WideCharToMultiByte
VirtualAllocEx
VirtualFreeEx
CreateEventA
OpenEventA
CreateMutexA
Process32Next
Process32First
Module32Next
CreateToolhelp32Snapshot
GetFileAttributesA
IsDebuggerPresent
SetWaitableTimer
CreateWaitableTimerA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
CreateFileA
GetDiskFreeSpaceExA
GlobalMemoryStatusEx
VirtualProtect
OpenProcess
GetCurrentProcessId
RtlFillMemory
lstrlenA
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc
TlsAlloc
RtlMoveMemory

gdi32

SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
TranslateCharsetInfo
GetDeviceCaps
DeleteObject
CreateFontA
SetWindowExtEx
GetObjectA
GetStockObject
ScaleWindowExtEx
GetClipBox
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA

user32

GetWindowInfo
IsWindow
GetAsyncKeyState
GetWindowThreadProcessId
GetClassNameA
SetLayeredWindowAttributes
IsWindowVisible
DestroyMenu
LoadStringA
GetSysColorBrush
LoadCursorA
FindWindowA
GetWindowTextA
MessageBoxTimeoutA
CreateWindowStationA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetSystemMetrics
wsprintfA
MessageBoxA
LoadIconA
MapWindowPoints
CallWindowProcA
CreateWindowExA
GetCursorPos
GetDC
GetSysColor
LoadBitmapA
RegisterHotKey
ReleaseCapture
ScreenToClient
SendMessageA
SetCapture
SetWindowLongA
UnregisterHotKey
PostQuitMessage
PostMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
ReleaseDC
UnregisterClassA
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SetWindowPos
ShowWindow
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx

shell32

DragQueryFileA
DragAcceptFiles
DragFinish
ShellExecuteA

shlwapi

StrToIntExA
PathFileExistsA

ws2_32

inet_addr
connect
gethostbyname
send
recv
htons
ntohs
WSAAsyncSelect
select
WSACleanup
WSAStartup
closesocket
socket
getsockname

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_BeginDrag

Sections

.text
Size: 400KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b567417444a38e2a94a6a87b31a5183b

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

user32

shell32

shlwapi

ws2_32

winspool.drv

comctl32

Sections

.text Size: 400KB - Virtual size: 397KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 400KB - Virtual size: 397KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 4KB - Virtual size: 664B