blackmoon | dbe6e19094985902e75649cecb2230f693c51f9067eda5ee1c1cffa11624ad57

Sharing

Copy URL

Twitter E-mail

General

Target

dbe6e19094985902e75649cecb2230f693c51f9067eda5ee1c1cffa11624ad57
Size

392KB
MD5

14f4ac252dcda3cdbd9bf658030b86c4
SHA1

60a27f9eb940de6fbb4f0e1721059bc3a7acbc06
SHA256

dbe6e19094985902e75649cecb2230f693c51f9067eda5ee1c1cffa11624ad57
SHA512

622c5a2b8b317fee05b9b7bf958c6dbc4dd6002b40053d0f45dffb3bb225bebfac188c3eddc02d8f47570681e17ef76c8f3054d75076db2c91d5a589ab9ae3b6
SSDEEP

12288:ggfHSQjc1V6FyAC4+GOCRt7qJt1tK1ebLgS:ggfyQjc1V6FyAC4+GOCD2Jty16LZ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbe6e19094985902e75649cecb2230f693c51f9067eda5ee1c1cffa11624ad57

Files

dbe6e19094985902e75649cecb2230f693c51f9067eda5ee1c1cffa11624ad57
.exe windows:4 windows x86

7bc95959804cd660eacce33574b3cb6c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
OpenProcess
lstrcpyA
lstrlenA
MultiByteToWideChar
GlobalAlloc
SetLastError
lstrcatA
GetVersion
CreateThread
DeleteCriticalSection
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
LocalFree
FlushFileBuffers
lstrcpynA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
GetVersionExA
GetCurrentProcess
GetLastError
WriteFile
GlobalLock
GlobalUnlock
GlobalFree
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
FindClose
FindFirstFileA
FindNextFileA
SetFilePointer
GetTickCount
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CreateFileA
GetFileSize
ReadFile
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
RtlMoveMemory
IsDebuggerPresent
MulDiv
Module32First
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetLocalTime
GetProcAddress
Sleep
VirtualFree
VirtualAlloc
GlobalMemoryStatusEx

shlwapi

PathFileExistsA

ws2_32

inet_addr
inet_ntoa
gethostbyname
WSACleanup
select
WSAAsyncSelect
ntohs
getsockname
recv
send
connect
htons
socket
closesocket
WSAStartup

user32

UnhookWindowsHookEx
GetDlgCtrlID
GetMenuItemCount
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
GetLastActivePopup
GrayStringA
EnableWindow
SetCursor
UnregisterHotKey
RegisterHotKey
LoadBitmapA
GetSysColor
CreateWindowExA
CallWindowProcA
GetParent
GetWindow
PtInRect
GetCursorPos
SystemParametersInfoA
FindWindowA
ReleaseCapture
SetCapture
GetSystemMetrics
DrawTextA
TabbedTextOutA
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
PeekMessageA
CreateDialogIndirectParamA
UpdateWindow
GetMessageA
SendMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
ShowWindow
ScreenToClient
GetWindowTextLengthA
wsprintfA
MessageBoxA
PostMessageA
IsWindow
ReleaseDC
GetDC
SetWindowPos
GetWindowRect
ShowWindowAsync
GetWindowInfo
GetWindowThreadProcessId
EnumWindows
SetLayeredWindowAttributes
SetWindowLongA
GetClassNameA
GetWindowTextA
IsWindowVisible
GetWindowLongA
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowEnabled
SetWindowsHookExA
UnregisterClassA

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetClipBox
ScaleWindowExtEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
TranslateCharsetInfo
Escape
ExtTextOutA
RectVisible
PtVisible
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetBkMode
DeleteObject
DeleteDC
CreateFontA
TextOutA
GetObjectA
GetStockObject
GetDeviceCaps
SetWindowExtEx

advapi32

RegCloseKey
RegCreateKeyExA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegOpenKeyExA
RegSetValueExA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

shell32

DragAcceptFiles
DragFinish
DragQueryFileA

comctl32

ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_Add

Sections

.text
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bc95959804cd660eacce33574b3cb6c

Headers

File Characteristics

Imports

kernel32

shlwapi

ws2_32

user32

gdi32

advapi32

winspool.drv

shell32

comctl32

Sections

.text Size: 304KB - Virtual size: 302KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 56KB - Virtual size: 184KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 304KB - Virtual size: 302KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 56KB - Virtual size: 184KB

.rsrc
Size: 4KB - Virtual size: 664B