blackmoon | 600d12e64bda030af2f65a0b100e3748d1aa5902ea23032b6d7c569415076732

Sharing

Copy URL Twitter E-mail

General

Target

600d12e64bda030af2f65a0b100e3748d1aa5902ea23032b6d7c569415076732
Size

10.2MB
MD5

aa2d617e3fa3fe37abf8153dbeb5c8d2
SHA1

89917ac812af608169195d75b96803c500f9fa3a
SHA256

600d12e64bda030af2f65a0b100e3748d1aa5902ea23032b6d7c569415076732
SHA512

68c8afe8ad8577344c4aa9ff6b73e934f86da41e1042e00f0ebcd68fe5834160f886aef185c567276ee7ce5c514168b7f46e5df7657eef08b3ec9bbf0b54925b
SSDEEP

196608:S+GIsH0meshQxOC5zDCBJx7+7/oxWhGDQDYPGK:S+GIsHT1CxC+7/DhGDQ0b

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
600d12e64bda030af2f65a0b100e3748d1aa5902ea23032b6d7c569415076732

Files

600d12e64bda030af2f65a0b100e3748d1aa5902ea23032b6d7c569415076732
.exe windows:4 windows x86

13fd28cc1d63bead0bfeacecb7567e79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendStringA

kernel32

CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
MultiByteToWideChar
LocalAlloc
CreateDirectoryW
LocalFree
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
SetFilePointer
Sleep
lstrcpyA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
GetTimeZoneInformation
GetVersion
GetTickCount
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
WaitForSingleObject
FindFirstFileW
MulDiv
FlushFileBuffers
lstrcpynA
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
RaiseException
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
FindClose
GetCurrentProcessId
GetLocalTime
lstrlenA
IsBadCodePtr
RtlMoveMemory
IsBadReadPtr
lstrlenW
RtlZeroMemory
GetCurrentProcess
OpenProcess
TerminateProcess
DeleteFileA
WideCharToMultiByte
CreateThread
GetDiskFreeSpaceExA
CreateWaitableTimerA
SetWaitableTimer
GetExitCodeThread
TerminateThread
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetProcessHeap
HeapAlloc
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
HeapFree
HeapDestroy
LCMapStringA
LoadLibraryA
GetCommandLineA
GetFileSize
ReadFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
SetFileAttributesA
CreateFileA
WriteFile
GetModuleFileNameA
HeapCreate
lstrcmpW
lstrcmpiW
VirtualAlloc
VirtualFree
GetModuleHandleA
HeapReAlloc
ExitProcess

user32

CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
IsIconic
GetWindowPlacement
SetFocus
SetWindowPos
IsDialogMessageA
SendDlgItemMessageA
GetMenuItemCount
GetDlgCtrlID
EndDialog
CreateDialogIndirectParamA
DestroyWindow
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
ClientToScreen
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
SetCursor
PostMessageA
PostQuitMessage
SetWindowTextA
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetWindowTextA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
GetDC
FindWindowA
GetWindowThreadProcessId
GetClassNameA
SendMessageA
GetWindowRect
GetSystemMetrics
SetForegroundWindow
SetActiveWindow
GetActiveWindow
IsWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
DefWindowProcA
GetTopWindow
GetCursorPos
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
PostMessageW
LoadCursorW
LoadCursorFromFileW
SetTimer
CallWindowProcA
MsgWaitForMultipleObjects
FindWindowExA
SetWindowLongA
ReleaseDC

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoRevokeClassObject

shlwapi

PathIsDirectoryW
StrToIntW
PathFileExistsA
StrToIntExW

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetObjectA
GetStockObject
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
DeleteObject
DeleteDC
SelectObject
GetDeviceCaps
ScaleViewportExtEx

oleaut32

SystemTimeToVariantTime
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
VariantInit
SafeArrayAllocDescriptor

oledlg

ord8

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

ws2_32

select
recv
send
WSACleanup
WSAStartup
closesocket

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetCloseHandle

rasapi32

RasGetConnectStatusA
RasHangUpA

Sections

.text
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9.0MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

13fd28cc1d63bead0bfeacecb7567e79

Headers

File Characteristics

Imports

winmm

kernel32

user32

ole32

shlwapi

gdi32

oleaut32

oledlg

advapi32

shell32

ws2_32

winspool.drv

comctl32

wininet

rasapi32

Sections

.text Size: 516KB - Virtual size: 515KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 9.0MB - Virtual size: 9.2MB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 516KB - Virtual size: 515KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 9.0MB - Virtual size: 9.2MB

.rsrc
Size: 8KB - Virtual size: 5KB