blackmoon | b2b8b060dfb0e80563a93634c213c108187deda7882fabc8969a6a9ac208f620

Sharing

Copy URL Twitter E-mail

General

Target

b2b8b060dfb0e80563a93634c213c108187deda7882fabc8969a6a9ac208f620
Size

696KB
MD5

f4ef1be23c9ebe654cd8aab09beb57fa
SHA1

03bfe350b2d25fe0a7caa417998647a4f52e18cc
SHA256

b2b8b060dfb0e80563a93634c213c108187deda7882fabc8969a6a9ac208f620
SHA512

7a8ce21815b8c9793e0267157859517a5a9e9d5f62780807194b6a95b79fd41a176f4a354055e9d6dcea0efe49519c17ce848e933957993a5b3b01f489d38470
SSDEEP

12288:P8x1CSx+vFnRZI/lo9Du749qwXzbdWbPy4d8hKzVqXcK2sFMx6ClwMoSKXH0:P8x1CSx+vFnRONoFu749qwXzbQKnNUss

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2b8b060dfb0e80563a93634c213c108187deda7882fabc8969a6a9ac208f620

Files

b2b8b060dfb0e80563a93634c213c108187deda7882fabc8969a6a9ac208f620
.exe windows:4 windows x86

d751abd1554bd9d34c71f266ea7ba82a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
CreateWaitableTimerA
SetWaitableTimer
CreatePipe
ReadConsoleInputA
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetStartupInfoA
WaitForSingleObject
SetFilePointer
GetVersionExA
DeleteFileA
CreateFileA
ReadConsoleA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
lstrcatA
lstrcpyA
SetConsoleMode
GetCurrentThreadId
GetCurrentThread
Sleep
GetUserDefaultLCID
GetCurrentProcess
lstrlenA
lstrcpynA
SetErrorMode
lstrcmpiA
GlobalDeleteAtom
SetEvent
ResumeThread
SetThreadPriority
SuspendThread
InterlockedIncrement
InterlockedDecrement
GetLastError
LocalAlloc
LocalFree
DeleteCriticalSection
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetVersion
SetLastError
GlobalFlags
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetFileAttributesA
GetFileSize
GetFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
TerminateProcess
ExitThread
GetTimeZoneInformation
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
GetTickCount
GetModuleFileNameA
WriteFile
HeapFree
IsBadReadPtr
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCommandLineA
GetModuleHandleA
GetExitCodeProcess
ReadFile
PeekNamedPipe
DuplicateHandle
CreateProcessA
GetConsoleMode
GetStdHandle
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
CreateEventA
lstrcmpA
OpenEventA

user32

GetWindowPlacement
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
LoadCursorA
SetFocus
DestroyMenu
IsWindowEnabled
GetWindowLongA
EnableWindow
PostMessageA
SystemParametersInfoA
GetClientRect
GetDlgItem
IsWindowVisible
FindWindowExA
IsWindow
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
ShowWindow
DefWindowProcA
DestroyWindow
PostQuitMessage
UnregisterHotKey
SetWindowLongA
SetCapture
SendMessageA
ScreenToClient
ReleaseCapture
RegisterHotKey
LoadBitmapA
GetSysColor
GetDC
GetCursorPos
CreateWindowExA
GetSysColorBrush
GetMenuItemCount
SetWindowTextA
ClientToScreen
GetWindow
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetClassNameA
SetWindowPos
GetDlgCtrlID
GetWindowRect
PtInRect
LoadStringA
UnhookWindowsHookEx
GetSystemMetrics
CharUpperA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetParent
IsIconic
OpenIcon
MsgWaitForMultipleObjects
CallWindowProcA
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
PeekMessageA
GetMessageA
GetLastActivePopup

advapi32

CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize

gdi32

CreateFontA
GetDeviceCaps
TranslateCharsetInfo
CreateBitmap
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
GetStockObject

oleaut32

SafeArrayDestroy
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
VariantClear

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetSetOptionA
InternetGetConnectedState
InternetOpenUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA

shlwapi

PathFileExistsA

shell32

DragFinish
DragQueryFileA
DragAcceptFiles

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_BeginDrag

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

Sections

.text
Size: 280KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 376KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d751abd1554bd9d34c71f266ea7ba82a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

gdi32

oleaut32

wininet

shlwapi

shell32

comctl32

comdlg32

winspool.drv

Sections

.text Size: 280KB - Virtual size: 277KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 376KB - Virtual size: 444KB

.rsrc Size: 4KB - Virtual size: 740B

.text
Size: 280KB - Virtual size: 277KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 376KB - Virtual size: 444KB

.rsrc
Size: 4KB - Virtual size: 740B