blackmoon | c92afccffe471f388fa67fcbbccec679ce5ecf572975e0704e2ef006648f42a0

Sharing

Copy URL

Twitter E-mail

General

Target

c92afccffe471f388fa67fcbbccec679ce5ecf572975e0704e2ef006648f42a0
Size

364KB
MD5

38287a70c7720fba288b4b5e807323d9
SHA1

0c9fe169b70f3d27e3e400100e0af2dc2abe6017
SHA256

c92afccffe471f388fa67fcbbccec679ce5ecf572975e0704e2ef006648f42a0
SHA512

65ec50b989e724b0ec2f9fd95ea7ccecdc8fa5bcf2de9faf773447e32c2897e35a4365b364434e26c183a4b07395c51a29da025a28111c1ef80fb6c0f570519a
SSDEEP

6144:60KcXbPC5g8c1MVVvgYaqanPz4cm47pUz4Dlr5:NPXjC5g8c1MVBIqanPza47pUilt

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c92afccffe471f388fa67fcbbccec679ce5ecf572975e0704e2ef006648f42a0

Files

c92afccffe471f388fa67fcbbccec679ce5ecf572975e0704e2ef006648f42a0
.exe windows:4 windows x86

68d4e425c88483063c3f2fa0c59d346a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
GetFileType
GetStdHandle
OpenFileMappingA
GetEnvironmentStringsW
GetEnvironmentStrings
HeapDestroy
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
HeapCreate
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateWaitableTimerA
SetWaitableTimer
VirtualProtect
GetFileAttributesA
CreateToolhelp32Snapshot
Module32Next
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
CreateFileA
FreeLibrary
GetCommandLineA
LCMapStringA
GetVersionExA
WriteFile
GetFileSize
ReadFile
DeleteFileA
GetModuleFileNameA
GetPrivateProfileStringA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
RtlMoveMemory
VirtualFreeEx
VirtualAllocEx
SetProcessWorkingSetSize
GetCurrentProcess
GetProcAddress
LoadLibraryA
OpenProcess
CloseHandle
CreateEventA
OpenEventA
CreateMutexA
GetCurrentProcessId
VirtualFree
VirtualAlloc
Process32Next
FreeEnvironmentStringsW
Process32First
RaiseException
TerminateProcess
RtlUnwind
GetStartupInfoA
SetHandleCount
Sleep
GetTickCount
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
LocalAlloc
LocalFree
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcatA
lstrcpyA
InterlockedIncrement
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
SetErrorMode
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP

user32

GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
IsWindowVisible
MessageBoxA
MessageBoxTimeoutA
CallWindowProcA
DestroyMenu
CreateWindowStationA
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
GetClientRect
CopyRect
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
EnableWindow
GetParent
IsWindowEnabled
GetForegroundWindow
GetActiveWindow
SetForegroundWindow
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
GetWindowLongA
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
GetDC
ReleaseDC
UnregisterClassA
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow

advapi32

RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

ntohs
getsockname
recv
send
WSAAsyncSelect
connect
inet_addr
htons
closesocket
socket
select
WSACleanup
gethostbyname
WSAStartup

wininet

InternetOpenA
InternetGetCookieA
InternetGetCookieExA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetSetCookieA

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap
GetStockObject
GetObjectA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comctl32

ord17

shlwapi

PathFileExistsA

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68d4e425c88483063c3f2fa0c59d346a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wininet

gdi32

winspool.drv

comctl32

shlwapi

Sections

.text Size: 300KB - Virtual size: 299KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 32KB - Virtual size: 129KB

.rsrc Size: 4KB - Virtual size: 612B

.text
Size: 300KB - Virtual size: 299KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 32KB - Virtual size: 129KB

.rsrc
Size: 4KB - Virtual size: 612B