blackmoon | 8276de5e079c92316766888faaf572048099e6f590904a99df0a8210d8e9a97a

Sharing

Copy URL Twitter E-mail

General

Target

8276de5e079c92316766888faaf572048099e6f590904a99df0a8210d8e9a97a
Size

3.7MB
MD5

c946ad7ce8764b3bfbf8bc4908a1b61b
SHA1

58975ae3e9bcca236fbb1b184054713aa82ab494
SHA256

8276de5e079c92316766888faaf572048099e6f590904a99df0a8210d8e9a97a
SHA512

f35f29e152d32d6cb648b008ce6c4374787f96202a7f187b64053da6b6535b9a9bf2aabc3fb883564347b44e1420468f38e706eeb7b1fc9882d4af4c775046dd
SSDEEP

24576:OnB2gCv5Yja1jAL1sYJD1mT4ipt/C/qWn1FxB/DC9zaaX7g1sbBk+1aj63bVLmr7:O8zMxN6L8FelGYEmmW5Rdin1vp9b

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8276de5e079c92316766888faaf572048099e6f590904a99df0a8210d8e9a97a

Files

8276de5e079c92316766888faaf572048099e6f590904a99df0a8210d8e9a97a
.exe windows:4 windows x86

f8542ca3262eb158e6fe2dec59283c9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetCommandLineA
DeleteFileA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
SetFileAttributesA
WriteFile
GetTickCount
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
Sleep
GetModuleHandleA
DeviceIoControl
GetLastError
CreateFileA
WideCharToMultiByte
MultiByteToWideChar
SetWaitableTimer
CreateWaitableTimerA
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
TerminateProcess
RtlUnwind
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
GetCurrentProcess
SetErrorMode
GetProcessVersion
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
InterlockedIncrement
lstrcpyA
lstrcatA
WritePrivateProfileStringA
InterlockedDecrement
GlobalFlags
lstrlenA
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
CloseHandle
CreateThread
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentVariableA
FreeEnvironmentStringsA
DeleteCriticalSection
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
GetOEMCP
LocalSize
lstrlenW
LocalAlloc
WideCharToMultiByte
VirtualProtectEx
VirtualAlloc
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleA
SetStdHandle
RtlMoveMemory
LocalFree
GlobalAlloc
GlobalLock
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapFree
IsBadReadPtr
GlobalUnlock
GlobalFree
LoadLibraryW
GetProcAddress
MultiByteToWideChar
CreateFileMappingA
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
RaiseException
GetStringTypeA
GetStringTypeW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadCodePtr
LCMapStringW
MapViewOfFile
FlushFileBuffers
LCMapStringA
LoadLibraryA
FreeLibrary
GetCurrentDirectoryA
GetLocalTime
Sleep
GetTempPathA
GetTickCount
GetFileSize
ReadFile
CreateFileA
WriteFile
CloseHandle
GetModuleFileNameA

user32

GetAsyncKeyState
IsWindow
MsgWaitForMultipleObjects
GetWindowThreadProcessId
LoadCursorA
CreateWindowExA
FindWindowA
ShowWindow
SetWindowLongA
SetWindowPos
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
SetLayeredWindowAttributes
DestroyMenu
LoadStringA
GetSysColorBrush
LoadIconA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
UnregisterClassA
GetMenuItemCount
UnhookWindowsHookEx
GetWindowTextA
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetCursorPos
wsprintfA
MessageBoxA
ShowWindow
TrackMouseEvent
CallWindowProcA
IsWindow
ReleaseDC
UpdateLayeredWindow
GetClipboardData
GetMessageA
TranslateMessage
PeekMessageA
GetDC
GetWindowRect
GetWindowLongA
DispatchMessageA
GetClassNameA
OpenClipboard
GetSystemMetrics
CreateWindowExA
EnumWindows
GetAncestor
SendMessageA
EnumChildWindows
GetPropA
SetPropA
CloseClipboard

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetTextColor
Escape
ExtTextOutA
TextOutA
SetViewportOrgEx
PtVisible
GetObjectA
GetStockObject
GetDeviceCaps
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap
RectVisible
SetMapMode
SelectObject
DeleteDC
CreateDIBSection
DeleteObject
CreateCompatibleDC

shlwapi

PathFileExistsA
PathFileExistsA

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
DeleteService
CreateServiceA
StartServiceA
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegOpenKeyExA

gdiplus

GdipDrawRectangleI
GdipGetImageWidth
GdipLoadImageFromFile
GdipGetRegionBounds
GdipSetTextRenderingHint
GdipDeleteBrush
GdipCreateSolidFill
GdipSetSolidFillColor
GdiplusStartup
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipGetImageHeight
GdipSetSmoothingMode
GdipDeletePen
GdipLoadImageFromStream

ole32

CLSIDFromString
CreateStreamOnHGlobal

imm32

ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmAssociateContext

shell32

SHAppBarMessage
ShellExecuteA

winmm

PlaySoundA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8542ca3262eb158e6fe2dec59283c9f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shlwapi

advapi32

gdiplus

ole32

imm32

shell32

winmm

winspool.drv

comctl32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 1.2MB - Virtual size: 1.3MB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 1.2MB - Virtual size: 1.3MB

.rsrc
Size: 4KB - Virtual size: 664B