blackmoon | 5210ab521ad7b36a0f0e6b7cdd4502081204b1c235d19231d3bfb92e1e814016

Sharing

Copy URL Twitter E-mail

General

Target

5210ab521ad7b36a0f0e6b7cdd4502081204b1c235d19231d3bfb92e1e814016
Size

2.2MB
MD5

66282a58ec30eb31e558cf90f049da08
SHA1

02a9eba3179afe68211423deda0a76164898544a
SHA256

5210ab521ad7b36a0f0e6b7cdd4502081204b1c235d19231d3bfb92e1e814016
SHA512

a62ddaeb0c5a77c58dec714b98aea27b7301d113e0af50c052091b40903d7fedea04a38da3635550556231dda143278deae243fb40c285a471c8b47ac660d7d0
SSDEEP

24576:NkyrTT795bEvc3AvwAepR/z6mt4Ado5g2TW533pEmxuwzL18HF+MWvXypB772b1Z:N1TT795bH5BGQ771Cph72bLHv3

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5210ab521ad7b36a0f0e6b7cdd4502081204b1c235d19231d3bfb92e1e814016

Files

5210ab521ad7b36a0f0e6b7cdd4502081204b1c235d19231d3bfb92e1e814016
.exe windows:4 windows x86

8372b1e3fa4e0b718672376caa28cadf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultLCID
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
GetEnvironmentVariableA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
FindClose
FindFirstFileA
FindNextFileA
WriteFile
SetFilePointer
GetFileSize
ReadFile
CreateFileA
GetModuleFileNameA
IsBadReadPtr
HeapFree
FlushFileBuffers
HeapReAlloc
SetStdHandle
LCMapStringW
IsBadCodePtr
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
RaiseException
IsBadWritePtr
HeapCreate
HeapDestroy
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetVersion
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetLastError
HeapAlloc
ExitProcess
GetProcessHeap
lstrlenW
Sleep
GetCurrentThreadId
GetVersionExA
ReadProcessMemory
GetCurrentProcess
VirtualFree
RtlMoveMemory
VirtualAlloc
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetLocalTime
lstrcpyn
GetCurrentProcessId
CloseHandle
SetWaitableTimer
CreateWaitableTimerA

user32

GetMessageA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
LoadImageA
LoadCursorA
RegisterClassExA
GetPropA
DefWindowProcA
SetPropA
GetWindowRect
SetForegroundWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
SetWindowPos
GetClientRect
UpdateLayeredWindow
MessageBeep
SetTimer
KillTimer
IsWindow
SystemParametersInfoA
SetActiveWindow
EnableWindow
SendMessageA
PostMessageA
BeginPaint
InvalidateRect
GetParent
TrackMouseEvent
GetClassLongA
SetClassLongA
SetFocus
GetKeyState
CallWindowProcA
ShowWindow
MoveWindow
IsWindowVisible
GetDC
FindWindowExA
GetAncestor
ClientToScreen
OffsetRect
GetWindowLongA
CreateWindowExA
UnregisterClassA
GetWindowThreadProcessId
PeekMessageA
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetSysColor
GetCursorPos
GetDesktopWindow
wsprintfA
MessageBoxA
DestroyWindow
IsRectEmpty
GetUpdateRect
LoadCursorFromFileA
DestroyCursor
SetWindowRgn
GetWindowDC
GetFocus
SetRectEmpty
SetCursor
DestroyIcon
DrawIconEx
ReleaseDC
SetParent
GetWindowTextA
GetWindowTextLengthA
SetWindowLongA
WaitMessage

ole32

CLSIDFromProgID
CoCreateInstance
OleRun
GetHGlobalFromStream
CreateStreamOnHGlobal
CLSIDFromString
StringFromGUID2
CoUninitialize
CoInitialize

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpQueryHeaders

gdiplus

GdipGetImageEncoders
GdipSaveImageToStream
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeletePen
GdipMultiplyMatrix
GdipInvertMatrix
GdipGetImageEncodersSize
GdipSetTextRenderingHint
GdiplusStartup
GdipGetImageGraphicsContext
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipGetTextRenderingHint
GdipSetWorldTransform
GdipDrawRectangle
GdipDrawRectangleI
GdipSetImageAttributesColorMatrix
GdipDeleteBrush
GdipCreateSolidFill
GdipSetSolidFillColor
GdipGetSolidFillColor
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream

shlwapi

PathFileExistsA
PathRemoveBlanksA

gdi32

SetBkMode
CreateCompatibleBitmap
SetStretchBltMode
GetObjectA
GetDIBits
GetPixel
CreateDIBSection
GetRgnBox
CombineRgn
CreateRoundRectRgn
ExtSelectClipRgn
IntersectClipRect
SelectClipRgn
RectInRegion
CreateRectRgn
BitBlt
DeleteObject
SelectObject
StretchBlt
DeleteDC
ExcludeClipRect
CreateCompatibleDC

msimg32

AlphaBlend

imm32

ImmGetCompositionWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

oleaut32

VariantClear
SafeArrayDestroy
RegisterTypeLi
SysAllocString
LoadTypeLi
VariantChangeType
SafeArrayCreate
LHashValOfNameSys
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
VariantCopy

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8372b1e3fa4e0b718672376caa28cadf

Headers

File Characteristics

Imports

kernel32

user32

ole32

winhttp

gdiplus

shlwapi

gdi32

msimg32

imm32

oleaut32

shell32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 300KB - Virtual size: 376KB

.rsrc Size: 268KB - Virtual size: 264KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 300KB - Virtual size: 376KB

.rsrc
Size: 268KB - Virtual size: 264KB