blackmoon | 4c035a0ddc62d5d32ab9a7a5a8eedf8365ed9f9311d3ef0f0c18eb5c8505f1f9

Sharing

Copy URL Twitter E-mail

General

Target

4c035a0ddc62d5d32ab9a7a5a8eedf8365ed9f9311d3ef0f0c18eb5c8505f1f9
Size

1.1MB
MD5

bd11f4a33721ca067ee6833c0c87397e
SHA1

304c23bb278dbe5dd46a51762c4ef183cfddae2e
SHA256

4c035a0ddc62d5d32ab9a7a5a8eedf8365ed9f9311d3ef0f0c18eb5c8505f1f9
SHA512

8fd878b790006a1d0e4565b1f86246272765feeedccb8eda17dff026c5b68949a8cfc8c86de1721f9a70b2356b26dc9078c6df3f166fee20ef4869352bba29fa
SSDEEP

24576:jA0qLqXu0bL2rGY+kqrHFVMWO9NY/tQUyP2fPfMyztui:kxgWvqrlmWOM/D

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c035a0ddc62d5d32ab9a7a5a8eedf8365ed9f9311d3ef0f0c18eb5c8505f1f9

Files

4c035a0ddc62d5d32ab9a7a5a8eedf8365ed9f9311d3ef0f0c18eb5c8505f1f9
.dll windows:4 windows x86

3bf1199580c2e47ffbffff56f1f70c66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GlobalFree
GlobalUnlock
GlobalLock
SetFilePointer
GlobalAlloc
SetLastError
lstrcatA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
lstrcpynA
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
MulDiv
WideCharToMultiByte
GetLastError
GetVersionExA
Sleep
GetWindowsDirectoryA
GetSystemDirectoryA
lstrlenA
LCMapStringA
GetCommandLineA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetEnvironmentVariableA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
DeleteFileA
CopyFileA
GetLocalTime
GetStartupInfoA
WaitForSingleObject
SetFileAttributesA
GetTickCount
WriteFile
CreateFileA
GetFileSize
ReadFile
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
TerminateProcess
ResumeThread
SetThreadContext
VirtualProtectEx
WriteProcessMemory
ReadProcessMemory
GetThreadContext
CreateProcessA
LocalSize
CreateDirectoryW
FindClose
FindNextFileW
DeleteFileW
lstrlenW
FindFirstFileW
GetCurrentProcessId
MoveFileA
CreateDirectoryA
Process32Next
Process32First
CreateToolhelp32Snapshot
FreeLibrary
MoveFileExA
GetTempFileNameA
GetTempPathA
DeviceIoControl
MultiByteToWideChar
CloseHandle
LocalFree
LocalAlloc
OpenProcess
GetCurrentProcess
GetModuleHandleA
GetProcAddress
LoadLibraryA
RtlMoveMemory
CreateThread
VirtualAllocEx

user32

SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
DrawTextA
TabbedTextOutA
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
SetWindowPos
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
GrayStringA
SetCursor
PostMessageA
PostQuitMessage
GetWindow
PtInRect
IsWindowVisible
GetWindowTextA
GetDlgItem
ShowWindow
SystemParametersInfoA
GetClassNameA
GetWindowRect
UnregisterHotKey
SetWindowLongA
SetCapture
SendMessageA
ScreenToClient
ReleaseCapture
RegisterHotKey
LoadBitmapA
GetSysColor
GetCursorPos
CreateWindowExA
CallWindowProcA
SetForegroundWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
GetMenuItemCount
SetWindowTextA
GetDlgCtrlID
UnregisterClassA
DestroyWindow
UnhookWindowsHookEx
GetFocus
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetSystemMetrics
wsprintfA
MessageBoxA
GetAsyncKeyState
wvsprintfA
MsgWaitForMultipleObjects
GetClientRect
ReleaseDC
GetDC
GetWindowLongA
GetWindowThreadProcessId
FindWindowA
GetActiveWindow

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
LookupAccountSidA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
SetSecurityInfo
InitializeAcl
AdjustTokenPrivileges
LookupPrivilegeValueA
GetTokenInformation
OpenProcessToken

gdi32

CreateBitmap
SaveDC
RestoreDC
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ExtTextOutA
RectVisible
PtVisible
TranslateCharsetInfo
GetDeviceCaps
Escape
CreateSolidBrush
GetBkColor
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreatePen
MoveToEx
LineTo
CreateFontA
SetBkColor
TextOutA
GetObjectA
GetStockObject
SetWindowExtEx
ScaleWindowExtEx
GetClipBox

shlwapi

PathFileExistsA
PathIsDirectoryW

shell32

SHGetSpecialFolderPathA
DragQueryFileA
DragFinish
DragAcceptFiles

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_BeginDrag

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

Exports

Exports

TPHelperBase
��_ʮ��ʮ
�ı��
�ı��

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 704KB - Virtual size: 855KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bf1199580c2e47ffbffff56f1f70c66

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

shlwapi

shell32

comctl32

winspool.drv

Exports

Exports

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 704KB - Virtual size: 855KB

.rsrc Size: 4KB - Virtual size: 672B

.reloc Size: 36KB - Virtual size: 33KB

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 704KB - Virtual size: 855KB

.rsrc
Size: 4KB - Virtual size: 672B

.reloc
Size: 36KB - Virtual size: 33KB