Behavioral task
behavioral1
Sample
498ebbb6b23084b27001630b8d84bd2e35581d4883e8a72abee6f8bc3d8e610a.exe
Resource
win7-20230831-en
windows7-x64
General
-
Target
498ebbb6b23084b27001630b8d84bd2e35581d4883e8a72abee6f8bc3d8e610a
-
Size
14.3MB
-
MD5
2020c6673ff4e241ed8d14ab18d4bd41
-
SHA1
d4d598beafab0e23b7948e3266411a9b8db27caa
-
SHA256
498ebbb6b23084b27001630b8d84bd2e35581d4883e8a72abee6f8bc3d8e610a
-
SHA512
84acaf44453e82543f608ff3d85f024bf4b21a984c8ab04c6be49f0732aa01388cf0c305b9257fb929a74cc253b0a5cab5fe9db1a47c4f7a6f78d74b477b21b9
-
SSDEEP
196608:5li8/34rrZaPnslxypEKbDpArOOw0MZsrGmvEh:y8/orr6exypEKblLOw04spE
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 498ebbb6b23084b27001630b8d84bd2e35581d4883e8a72abee6f8bc3d8e610a
Files
-
498ebbb6b23084b27001630b8d84bd2e35581d4883e8a72abee6f8bc3d8e610a.exe windows:4 windows x86
df5d2c1d8b7caf0626846c531024fdd5
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
lstrcpynA
FlushFileBuffers
LocalFree
MulDiv
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetVersion
FindResourceA
LoadResource
LockResource
lstrcatA
SetLastError
lstrcpyA
OpenProcess
TerminateProcess
SetFilePointer
GetCurrentProcess
GetLastError
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
LCMapStringA
FreeLibrary
GetCommandLineA
WriteFile
MoveFileA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
WritePrivateProfileStringA
Sleep
GetLocalTime
GetFileSize
ReadFile
GlobalFree
GetUserDefaultLCID
GetModuleFileNameA
GetPrivateProfileStringA
GetTickCount
IsBadReadPtr
HeapReAlloc
ExitProcess
CreateMutexA
GetModuleHandleA
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
RtlZeroMemory
lstrcmpiA
HeapDestroy
HeapCreate
GetAtomNameW
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
lstrcatW
lstrcmpiW
lstrcmpA
lstrlenA
HeapFree
InterlockedDecrement
InterlockedIncrement
RtlMoveMemory
LocalSize
HeapAlloc
GetProcessHeap
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
lstrcpyn
GetProcAddress
LoadLibraryA
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ReleaseMutex
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
DeviceIoControl
CreateFileA
GetTempPathA
LoadLibraryExA
VirtualFreeEx
TerminateThread
GetNativeSystemInfo
CreateWaitableTimerA
SetWaitableTimer
VirtualQuery
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateRemoteThread
GetExitCodeThread
Module32First
Module32Next
OpenThread
LeaveCriticalSection
GetVersionExA
GetCurrentProcess
HeapCreate
ReadProcessMemory
VirtualQueryEx
CreateFileA
DeviceIoControl
CreateProcessA
PeekNamedPipe
lstrlenW
lstrcpyA
InitializeCriticalSection
GetCurrentThreadId
SetProcessAffinityMask
EnterCriticalSection
DeleteCriticalSection
RtlZeroMemory
HeapAlloc
HeapFree
lstrcmpW
lstrcmpiW
GetProcessHeap
ExitProcess
HeapReAlloc
IsBadReadPtr
WriteFile
ReadFile
GetFileSize
DeleteFileA
LCMapStringA
GetTickCount
GetModuleFileNameA
GetUserDefaultLCID
GetDiskFreeSpaceExA
GetCurrentDirectoryA
SetFileAttributesA
GetLastError
SetCurrentDirectoryA
GetStartupInfoA
RtlMoveMemory
FindFirstFileA
FindClose
GetCommandLineA
LoadLibraryA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
SetFilePointer
RaiseException
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
MultiByteToWideChar
GetTempPathA
GetSystemDirectoryA
GetTempFileNameA
CopyFileA
DuplicateHandle
VirtualProtect
WriteProcessMemory
VirtualAllocEx
lstrcpyn
GetModuleHandleA
IsWow64Process
OpenProcess
CloseHandle
lstrcpynW
WideCharToMultiByte
GetWindowsDirectoryA
GetProcAddress
SetLastError
TlsFree
TlsAlloc
TlsSetValue
TerminateProcess
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetVersion
WaitForSingleObject
FindNextFileA
lstrcpynA
FreeLibrary
shlwapi
StrTrimW
StrToIntW
wvnsprintfW
StrToIntExW
PathFileExistsA
PathFindFileNameW
PathRemoveFileSpecW
StrToIntExW
PathFindFileNameA
PathFindExtensionA
StrToIntExA
PathFileExistsA
StrToIntW
user32
GetClassNameW
GetWindowTextLengthW
GetWindowTextW
FindWindowExW
IsWindow
GetAsyncKeyState
SetWindowLongW
GetAncestor
GetDlgItem
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
CharLowerW
CharUpperW
LoadStringW
SetMenuDefaultItem
PostThreadMessageA
UnregisterClassA
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
MapWindowPoints
AdjustWindowRectEx
TrackMouseEvent
EndPaint
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
CreateWindowExA
GetClassLongA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
GetWindowPlacement
IsDialogMessageA
SendDlgItemMessageA
SetWindowTextA
GetDlgCtrlID
CreateDialogIndirectParamA
UnhookWindowsHookEx
GrayStringA
TabbedTextOutA
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
PostMessageA
GetWindow
PtInRect
GetWindowLongA
GetWindowTextA
GetCursorPos
SetWindowLongA
SystemParametersInfoA
FindWindowA
GetWindowThreadProcessId
GetClassNameA
SendMessageA
SetActiveWindow
GetActiveWindow
GetForegroundWindow
GetParent
GetWindowLongW
SendMessageW
DestroyCursor
BeginPaint
SetWindowRgn
SetMenuItemInfoW
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
CallWindowProcA
GetMenuState
GetMenuItemRect
GetMenuStringW
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuW
AppendMenuW
GetMenuItemInfoW
GetMenuItemCount
DestroyMenu
GetMenuInfo
LoadMenuW
GetSystemMenu
CreatePopupMenu
CreateMenu
DrawIconEx
LoadImageW
CreateIconFromResourceEx
UpdateLayeredWindow
SystemParametersInfoW
RegisterWindowMessageW
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
SetRect
LoadIconW
EnumPropsExW
RemovePropA
RemovePropW
GetPropA
GetPropW
SetPropA
SetPropW
KillTimer
SetTimer
MessageBoxW
SetWindowTextW
SetParent
MoveWindow
UpdateWindow
ValidateRect
ScreenToClient
GetIconInfo
CopyIcon
PostMessageW
SetCursor
ShowWindow
CallWindowProcW
CreateMDIWindowW
DialogBoxParamW
CreateDialogParamW
EndDialog
DialogBoxIndirectParamW
DestroyWindow
SetClassLongW
GetClassLongW
CreateDialogIndirectParamW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
PostQuitMessage
DispatchMessageW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
TranslateMDISysAccel
IsChild
GetMessageW
GetFocus
InvalidateRect
ClientToScreen
FillRect
GetWindowDC
DefWindowProcW
OffsetRect
ReleaseDC
DrawTextA
GetDC
SetFocus
GetNextDlgTabItem
GetWindowRect
SetWindowPos
EnableWindow
IsWindowEnabled
IsWindowVisible
GetSysColor
DestroyAcceleratorTable
DestroyIcon
LoadCursorW
ReleaseCapture
SetCapture
GetClientRect
GetCursorPos
GetForegroundWindow
ClientToScreen
IsWindowVisible
GetWindowThreadProcessId
GetWindowTextA
GetClassNameA
MsgWaitForMultipleObjects
WindowFromPoint
GetDlgItem
RegisterWindowMessageA
GetParent
GetAncestor
CallWindowProcA
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
GetMessageA
EnumWindows
ShowWindow
MessageBoxA
FindWindowA
SendMessageA
advapi32
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
LookupPrivilegeValueA
RegQueryValueExA
RegCloseKey
DeleteService
ControlService
StartServiceA
CloseServiceHandle
OpenServiceA
CreateServiceA
OpenSCManagerA
AdjustTokenPrivileges
OpenProcessToken
CryptGetHashParam
CryptHashData
RegOpenKeyA
shell32
DragFinish
DragQueryFileW
Shell_NotifyIconW
CommandLineToArgvW
DragAcceptFiles
SHGetSpecialFolderPathA
SHGetSpecialFolderPathA
ole32
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
StringFromGUID2
GetHGlobalFromStream
CLSIDFromString
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CLSIDFromProgID
OleRun
CoInitialize
CoUninitialize
CoCreateInstance
oleaut32
SafeArrayDestroy
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
SafeArrayGetLBound
VariantChangeType
SafeArrayDestroy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
VariantInit
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
gdi32
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetObjectA
GetDIBits
CreatePatternBrush
CreateEllipticRgn
CreateFontIndirectW
GetObjectW
StretchBlt
SetStretchBltMode
GetStretchBltMode
CreateDIBSection
CreateCompatibleDC
BitBlt
CreateRoundRectRgn
CreateSolidBrush
GetStockObject
SetBkMode
SetTextColor
DeleteDC
SelectObject
DeleteObject
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetBkColor
comctl32
ord17
InitCommonControlsEx
winhttp
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpCloseHandle
gdiplus
GdipSetImageAttributesColorKeys
GdipSetImageAttributesOutputChannel
GdipSetImageAttributesOutputChannelColorProfile
GdipSetImageAttributesRemapTable
GdipSetImageAttributesWrapMode
GdipGetImageAttributesAdjustedPalette
GdipSetImageAttributesColorMatrix
GdipCreateHBITMAPFromBitmap
GdipCreateFromHDC
GdipFlush
GdipGetDC
GdipReleaseDC
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipSetInterpolationMode
GdipGetInterpolationMode
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipSetPixelOffsetMode
GdipGetPixelOffsetMode
GdipSetWorldTransform
GdipGetWorldTransform
GdipDeleteMatrix
GdipDrawImagePointRect
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipScaleWorldTransform
GdipRotateWorldTransform
GdipSetImageAttributesGamma
GdipSetPageUnit
GdipGetPageUnit
GdipSetPageScale
GdipDrawImagePointsRect
GdipSetClipGraphics
GdipSetClipPath
GdipGetPageScale
GdipGetDpiX
GdipGetDpiY
GdipTransformPoints
GdipTransformPointsI
GdipGetNearestColor
GdipDrawLine
GdipDrawArc
GdipDrawBezier
GdipDrawRectangle
GdipDrawEllipse
GdipDrawPie
GdipDrawPolygon
GdipSetClipRect
GdipSetClipRegion
GdipSetClipHrgn
GdipResetClip
GdipTranslateClip
GdipDrawImageRect
GdipDrawImageRectRect
GdipDrawImage
GdipDrawDriverString
GdipMeasureCharacterRanges
GdipCreateRegion
GdipMeasureString
GdipDeleteRegion
GdipDeletePath
GdipDeleteFont
GdiplusStartup
GdipDrawString
GdipFillRegion
GdipDisposeImage
GdipFillClosedCurve
GdipFillPath
GdipFillPie
GdipFillEllipse
GdipFillPolygon
GdipGraphicsClear
GdipDrawClosedCurve2
GdipDrawClosedCurve
GdipDrawCurve2
GdipDrawCurve
GdipSetImageAttributesNoOp
GdipGetClip
GdipGetClipBounds
GdipGetVisibleClipBounds
GdipIsClipEmpty
GdipIsVisibleClipEmpty
GdipIsVisiblePoint
GdipIsVisibleRect
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer
GdipBeginContainer2
GdipEndContainer
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipCloneImage
GdipGetImageRawFormat
GdipGetImagePixelFormat
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImageDimension
GdipGetImageBounds
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipGetImageThumbnail
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipCreateHICONFromBitmap
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateFromHWND
GdipGetImageGraphicsContext
GdipCreateFont
GdipCreateFontFromLogfontW
GdipDeletePrivateFontCollection
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneFont
GdipGetLogFontW
GdipGetLogFontA
GdipGetFamily
GdipGetFontStyle
GdipGetFontSize
GdipGetFontUnit
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipCreatePath
GdipCreatePath2
GdipClonePath
GdipResetPath
GdipGetPathFillMode
GdipSetPathFillMode
GdipGetPointCount
GdipGetPathData
GdipStartPathFigure
GdipClosePathFigure
GdipClosePathFigures
GdipSetPathMarker
GdipClearPathMarkers
GdipReversePath
GdipGetPathLastPoint
GdipAddPathLine
GdipAddPathArc
GdipAddPathBezier
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathRectangle
GdipAddPathEllipse
GdipAddPathPie
GdipAddPathPolygon
GdipAddPathPath
GdipAddPathString
GdipTransformPath
GdipGetPathWorldBounds
GdipFlattenPath
GdipDrawImagePoints
GdipWidenPath
GdipWindingModeOutline
GdipWarpPath
GdipGetLineSpacing
GdipGetCellDescent
GdipGetCellAscent
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipDeleteBrush
GdipFillRectangle
GdipCreateTexture
GdipSetImageAttributesThreshold
GdipResetImageAttributes
GdipSetImageAttributesToIdentity
GdipCloneImageAttributes
GdipDrawPath
GdipCreateImageAttributes
GdipFillClosedCurve2
GdipMultiplyMatrix
GdipGetEmHeight
GdipIsStyleAvailable
GdipGetFamilyName
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySerif
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipGetFontCollectionFamilyCount
GdipPrivateAddMemoryFont
GdipPrivateAddFontFile
GdipNewPrivateFontCollection
GdipNewInstalledFontCollection
GdipCreateSolidFill
GdipBitmapSetResolution
GdipCloneBitmapArea
GdipCreateBitmapFromResource
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipVectorTransformMatrixPoints
GdipTransformMatrixPoints
GdipShearMatrix
GdipScaleMatrix
GdipInvertMatrix
GdipRotateMatrix
GdipTranslateMatrix
GdipIsVisiblePathPoint
GdipGetMatrixElements
GdipSetMatrixElements
GdipCloneMatrix
GdipCreateMatrix3
GdipCreateMatrix2
GdipCreateMatrix
GdipGetRegionScans
GdipGetRegionScansCount
GdipIsVisibleRegionRect
GdipIsVisibleRegionPoint
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsEmptyRegion
GdipGetRegionHRgn
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionBounds
GdipTransformRegion
GdipTranslateRegion
GdipCombineRegionPath
GdipCombineRegionRegion
GdipCombineRegionRect
GdipSetEmpty
GdipSetInfinite
GdipCloneRegion
GdipCreateRegionRgnData
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipIsOutlineVisiblePathPoint
atl
ord42
crypt32
CryptStringToBinaryW
msimg32
AlphaBlend
ws2_32
htons
WSAStartup
WSACleanup
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
psapi
GetModuleInformation
oledlg
ord8
winspool.drv
ClosePrinter
DocumentPropertiesA
OpenPrinterA
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 52KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13.0MB - Virtual size: 13.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 624B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE