blackmoon | 3531f27bd2763edcecc585fc76b0b3c324d8fe867a16b9b1f90d9f7fd054cc43

Sharing

Copy URL Twitter E-mail

General

Target

3531f27bd2763edcecc585fc76b0b3c324d8fe867a16b9b1f90d9f7fd054cc43
Size

1.0MB
MD5

4fd8e1ebcf7d28c2eae484030c7c2378
SHA1

123e12be560b06e82e25e3fb9999b59153634bf4
SHA256

3531f27bd2763edcecc585fc76b0b3c324d8fe867a16b9b1f90d9f7fd054cc43
SHA512

ae6055eb109e9a9fc9b6037ea5c8ec4037596e5dd423f545541ab71574915fc8360a4127564c337456dd58c20440219c71dcbe7f6a91d0502e9e56b5afa60093
SSDEEP

24576:tC+CoUHo/dOo6qKvLYtprCcv4ClI4xOoX2dgFOFoA:tPXF8L

Score

10^/10

oss_ak blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

detect oss ak 1 IoCs

oss ak information detected.

oss_ak

resource	yara_rule
sample	detect_ak_stuff

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3531f27bd2763edcecc585fc76b0b3c324d8fe867a16b9b1f90d9f7fd054cc43

Files

3531f27bd2763edcecc585fc76b0b3c324d8fe867a16b9b1f90d9f7fd054cc43
.exe windows:4 windows x86

ecd3844837d8b5262b1ed3236b080734

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
WritePrivateProfileStringA
GetTickCount
GetPrivateProfileStringA
GetFileSize
WriteFile
SetFilePointer
Sleep
FormatMessageA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
GetStartupInfoA
CreateProcessA
DeleteFileA
CreateDirectoryA
GetModuleFileNameA
GetProcAddress
IsBadReadPtr
HeapReAlloc
ExitProcess
GetModuleHandleA
lstrcpynA
DeleteTimerQueueEx
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLocalTime
GetSystemTimeAsFileTime
CreateTimerQueue
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcmpA
ReleaseMutex
CreateMutexA
lstrcpyn
WaitForSingleObject
lstrcmpiW
lstrcmpW
lstrlenW
HeapCreate
HeapDestroy
InterlockedDecrement
InterlockedIncrement
RtlZeroMemory
VirtualFree
lstrcatA
WideCharToMultiByte
lstrlenA
VirtualAlloc
RtlMoveMemory
GetCurrentThreadId
LocalSize
GetModuleHandleW
MultiByteToWideChar
HeapFree
HeapAlloc
GetProcessHeap
ReadFile
CloseHandle
GetFileSizeEx
CreateFileA
CreateThread
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
LCMapStringW
IsBadWritePtr
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetTimeZoneInformation
GetACP
RaiseException
TerminateProcess
RtlUnwind
GetOEMCP
GetCPInfo
GetCurrentProcess
SetErrorMode
GetProcessVersion
FindResourceA
LoadResource
LockResource
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetTimeFormatA
GetDateFormatA
GetLastError
lstrcpyA
GlobalFlags
MulDiv
UnmapViewOfFile
UnlockFileEx
UnlockFile
SystemTimeToFileTime
SetEndOfFile
QueryPerformanceCounter
MapViewOfFile
LockFileEx
LockFile
LocalFree
LoadLibraryW
HeapValidate
HeapSize
GetVersionExA
GetTempPathW
GetTempPathA
GetSystemTime
GetSystemInfo
GetFullPathNameW
GetFullPathNameA
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FormatMessageW
FlushFileBuffers
DeleteFileW
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileW
AreFileApisANSI
InterlockedCompareExchange
GetCurrentThread
lstrcmpiA
GlobalDeleteAtom
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue

user32

MapVirtualKeyA
GetMessageW
CallWindowProcW
BeginPaint
GetClientRect
IntersectRect
EndPaint
GetFocus
SetFocus
SetCapture
LoadIconW
CreateWindowExW
SystemParametersInfoW
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
GetKeyState
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
GetClassNameA
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
UpdateLayeredWindow
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
CallNextHookEx
IsDialogMessageA
SetWindowLongA
DefWindowProcW
SetWindowPos
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
CallWindowProcA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
SetActiveWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
ShowWindow
DispatchMessageW
TranslateMessage
SetWindowsHookExW
PeekMessageA
GetMessageA
DispatchMessageA
MessageBeep
wsprintfA
MessageBoxA
wvsprintfA
RemovePropA
InvalidateRect
ReleaseDC
GetDC
OffsetRect
GetWindowRect
RegisterClassExW
LoadCursorW
DefWindowProcA
GetPropA
ReleaseCapture
ScreenToClient
IsRectEmpty
IsZoomed
PtInRect
IsWindow
GetWindowLongW
SetWindowLongW
SetPropA

gdi32

GetClipBox
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
ScaleWindowExtEx
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA
GetCurrentObject
BitBlt
PtVisible
GetDeviceCaps
GetStockObject
SetWindowExtEx
SetBkColor
RestoreDC
SaveDC
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible

advapi32

CryptDestroyHash
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
CryptAcquireContextA
CryptCreateHash
CryptHashData
RegCloseKey
CryptGetHashParam
CryptDeriveKey
CryptEncrypt
CryptDestroyKey
CryptDecrypt
CryptReleaseContext

ole32

OleIsCurrentClipboard
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleFlushClipboard
CoRevokeClassObject
OleInitialize
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleRun
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

oleaut32

VariantTimeToSystemTime
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
SafeArrayDestroy
SystemTimeToVariantTime

ws2_32

WSACleanup
WSAStartup
setsockopt
WSAGetLastError
inet_addr
ntohs
WSASetLastError
htons
connect
select
__WSAFDIsSet
inet_ntoa
getpeername
getsockname
gethostbyname
closesocket
htonl
bind
send
recv
listen
accept
socket
sendto
recvfrom

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipDisposeImage
GdipDrawImageRect
GdiplusStartup
GdipGetImageDimension
GdipLoadImageFromStream
GdiplusShutdown

iphlpapi

GetAdaptersInfo

shell32

ShellExecuteA

shlwapi

StrToIntW
StrToIntExW
PathFileExistsA

wininet

HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionA
InternetSetCookieA
HttpQueryInfoA
InternetCloseHandle

comdlg32

GetSaveFileNameA
GetOpenFileNameW

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

oledlg

ord8

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 904KB - Virtual size: 901KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ecd3844837d8b5262b1ed3236b080734

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

gdiplus

iphlpapi

shell32

shlwapi

wininet

comdlg32

imm32

oledlg

winspool.drv

comctl32

Sections

.text Size: 904KB - Virtual size: 901KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 72KB - Virtual size: 154KB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 904KB - Virtual size: 901KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 72KB - Virtual size: 154KB

.rsrc
Size: 20KB - Virtual size: 18KB