blackmoon | e924475d1e017623894e7b1446c8ffb7672fb96e2fa74a6d3fdcb68dd7c450d0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e924475d1e017623894e7b1446c8ffb7672fb96e2fa74a6d3fdcb68dd7c450d0_JC.exe
Size

7.8MB
MD5

cbf63c296b20d53b859553e57e654437
SHA1

0dff27c15ad80b15dff149299be7fdc41914c98d
SHA256

e924475d1e017623894e7b1446c8ffb7672fb96e2fa74a6d3fdcb68dd7c450d0
SHA512

69cc9d9a3633dca4e0164edaa0abcf0fdefa3c27e55105a7da4b3625591b14c9e39babe2dadcef5d1a9ddfd974ec2474b1313b768d7954142c789737cee4a459
SSDEEP

98304:WrZ4IkEk5yGNRjyQ0mPAgTYyBq60I7tTv6TvYe0FKrYaXVV0JBfCTKLSmmm:mZ4nEENFWmvYq3BDU5rYWVkCTTm

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e924475d1e017623894e7b1446c8ffb7672fb96e2fa74a6d3fdcb68dd7c450d0_JC.exe

Files

e924475d1e017623894e7b1446c8ffb7672fb96e2fa74a6d3fdcb68dd7c450d0_JC.exe
.dll windows:5 windows x86

ebf6348ade4c1ef3d6593037d64dff88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GetStartupInfoA
CreateProcessA
GetEnvironmentVariableA
WriteFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
GetCurrentDirectoryA
GetDiskFreeSpaceA
MulDiv
DeleteFileA
CreateFileA
GetFileSize
ReadFile
WritePrivateProfileStringA
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
CreateThread
LocalFree
LocalAlloc
OpenProcess
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetLocalTime
Sleep
QueryDosDeviceA
GetLogicalDriveStringsA
GetVersionExA
IsDebuggerPresent
OpenThread
ReadProcessMemory
CloseHandle
CreateRemoteThread
ResumeThread
GetCurrentThreadId
MultiByteToWideChar
GetSystemDirectoryA
GetTempPathA
GetTempFileNameA
WideCharToMultiByte
VirtualAllocEx
CopyFileA
GetCurrentProcess
InterlockedExchange
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
lstrcpynA
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
GetTickCount
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetVersion
QueryPerformanceCounter
QueryPerformanceFrequency
FindResourceA
LoadResource
LockResource
lstrcatA
SetLastError
lstrlenA
lstrcpyA
TerminateProcess
GetLastError
SetFilePointer
SetWaitableTimer
CreateWaitableTimerA
GetSystemDirectoryA
GetTempPathA
GetTempFileNameA
CloseHandle
CopyFileA
GetModuleHandleA
VirtualAllocEx
lstrcpynA
LeaveCriticalSection
WideCharToMultiByte
lstrcpyn
GetLastError
GetNativeSystemInfo
SetLastError
TlsFree
TlsAlloc
TlsSetValue
TerminateProcess
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetVersion
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
SetCurrentDirectoryA
FreeLibrary
SetFileAttributesA
LCMapStringA
WriteFile
GetModuleFileNameA
GetCurrentDirectoryA
GetDiskFreeSpaceExA
GetTickCount
DeleteFileA
GetFileSize
ReadFile
IsBadReadPtr
HeapReAlloc
WriteProcessMemory
GetProcessHeap
lstrcmpiW
lstrcmpW
HeapFree
HeapAlloc
RtlZeroMemory
lstrcpyA
lstrlenW
PeekNamedPipe
CreateProcessA
HeapDestroy
EnterCriticalSection
SetProcessAffinityMask
VirtualFree
VirtualAlloc
IsBadWritePtr
LoadLibraryExA
VirtualProtect
GetProcAddress
TlsGetValue
SetHandleCount
GetStdHandle
GetUserDefaultLCID
GetStartupInfoA
FindNextFileA
FindFirstFileA
FindClose
GetCommandLineA
LoadLibraryA
FlushFileBuffers
DeleteCriticalSection
SetStdHandle
IsBadCodePtr
DuplicateHandle
OpenProcess
MultiByteToWideChar
IsWow64Process
WaitForSingleObject
RtlMoveMemory
GetVersionExA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenThread
Module32First
Module32Next
GetWindowsDirectoryA
RaiseException
GetFileType
ExitProcess
FreeEnvironmentStringsA
VirtualQuery
VirtualFreeEx
CreateRemoteThread
GetExitCodeThread
TerminateThread
HeapCreate
GetCurrentProcess
ReadProcessMemory
VirtualQueryEx
CreateFileA
DeviceIoControl
InitializeCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
SetFilePointer
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

shlwapi

PathFindFileNameA
StrToIntExA
PathFindExtensionA
StrToIntW
StrToIntExW
PathFindFileNameA
PathFileExistsA

user32

ClientToScreen
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetForegroundWindow
GetAncestor
GetWindowThreadProcessId
GetParent
EnumWindows
RegisterWindowMessageA
ExitWindowsEx
GetClassNameA
GetWindowTextA
IsWindowVisible
MsgWaitForMultipleObjects
PostThreadMessageA
SetTimer
TabbedTextOutA
DestroyMenu
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
SetForegroundWindow
IsIconic
GetWindowPlacement
SetFocus
SetWindowPos
IsDialogMessageA
SendDlgItemMessageA
DrawTextA
GrayStringA
UnhookWindowsHookEx
GetMenuItemCount
SetWindowTextA
GetDlgCtrlID
UnregisterClassA
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
GetSystemMetrics
GetWindowRect
SendMessageA
IsWindow
ReleaseDC
GetDC
SystemParametersInfoA
UpdateWindow
ShowWindow
GetDlgItem
SetWindowLongA
GetCursorPos
GetWindowLongA
PtInRect
GetWindow
PostQuitMessage
PostMessageA
SetCursor
EnableWindow
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
ShowWindow
GetWindowThreadProcessId
GetWindowTextA
PeekMessageA
FindWindowA
CallWindowProcA
GetAncestor
TranslateMessage
EnumWindows
RegisterWindowMessageA
GetDlgItem
GetClassNameA
IsWindowVisible
MsgWaitForMultipleObjects
GetForegroundWindow
WindowFromPoint
GetCursorPos
DispatchMessageA
SendMessageA
GetMessageA
wsprintfA
GetParent
MessageBoxA
ClientToScreen
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA
RegCloseKey
ControlService
OpenProcessToken
CryptGetHashParam
CryptHashData
RegOpenKeyA
StartServiceA
CloseServiceHandle
OpenServiceA
LookupPrivilegeValueA
CreateServiceA
OpenSCManagerA
AdjustTokenPrivileges
DeleteService

ole32

CLSIDFromString
CLSIDFromProgID
OleRun
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize

oleaut32

gdi32

GetDeviceCaps
CreateBitmap
SaveDC
RestoreDC
SetBkColor
GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SelectObject
DeleteDC
DeleteObject
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
GetObjectA

wininet

InternetTimeToSystemTime

ws2_32

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

SHGetSpecialFolderPathA

psapi

GetModuleInformation

iphlpapi

GetAdaptersInfo

oledlg

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

wtsapi32

WTSSendMessageW

Exports

Exports

CreateClock1
EnHotkey
GetK
HideDisWin
MoveFile
SetK
UnHotkey
Xtcl
cjjjiam
cjjjiamkey
cjjjiem
cjjjiemkey
getN
getOstime
getS
getSave
getYinPanXiLieHao
getbjsj
getnewsave
guanBi
newSave
newSave1
newsave
setSave

Sections

.text
Size: 936KB - Virtual size: 936KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vm0
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vm1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 584B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ebf6348ade4c1ef3d6593037d64dff88

Headers

File Characteristics

Imports

kernel32

shlwapi

user32

advapi32

ole32

oleaut32

gdi32

wininet

ws2_32

version

shell32

psapi

iphlpapi

oledlg

winspool.drv

comctl32

wtsapi32

Exports

Exports

Sections

.text Size: 936KB - Virtual size: 936KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 1.7MB - Virtual size: 1.7MB

.vm0 Size: 3.1MB - Virtual size: 3.1MB

.vm1 Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 40KB - Virtual size: 40KB

.rsrc Size: 584B - Virtual size: 584B

.l1 Size: 28KB - Virtual size: 28KB

.text
Size: 936KB - Virtual size: 936KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.vm0
Size: 3.1MB - Virtual size: 3.1MB

.vm1
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 584B - Virtual size: 584B

.l1
Size: 28KB - Virtual size: 28KB