blackmoon | 9b5e9b32b990cdf07ef1b6d92642255b603932e114bd625c235be33e649c4d77

Sharing

Copy URL Twitter E-mail

General

Target

9b5e9b32b990cdf07ef1b6d92642255b603932e114bd625c235be33e649c4d77
Size

884KB
MD5

82b7222ff7d71a2ad803047cb2add89c
SHA1

23695ac4dba832995a1fac0466263503b5b88882
SHA256

9b5e9b32b990cdf07ef1b6d92642255b603932e114bd625c235be33e649c4d77
SHA512

f4eb4e03fc232fb4f5040fe350adce73b253179d1db691f8ec79d1fbd1a9a7a1371f8684e815438adf084499e85f8ab8b29200a9d226c9049b2ae53918405162
SSDEEP

24576:yztiyVgya6CvaXVc2pi5490WCLEyLM3c2oFT/Dg8fOu:yA5bi8Gu

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b5e9b32b990cdf07ef1b6d92642255b603932e114bd625c235be33e649c4d77

Files

9b5e9b32b990cdf07ef1b6d92642255b603932e114bd625c235be33e649c4d77
.exe windows:4 windows x86

d3b389511d98b082081021b12c02bbe0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
SetLocalTime
SetCurrentDirectoryA
WritePrivateProfileStringA
GetVersionExA
GetTickCount
RemoveDirectoryA
DeleteFileA
FindFirstFileA
FindNextFileA
GetStartupInfoA
GetModuleFileNameA
GetLocalTime
HeapFree
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
IsBadCodePtr
IsBadReadPtr
LocalFree
LocalAlloc
IsDebuggerPresent
GetLastError
TerminateProcess
GetWindowsDirectoryA
Sleep
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessW
CreatePipe
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
CreateEventA
OpenEventA
CreateMutexA
GetCurrentProcessId
VirtualFree
VirtualAlloc
CreateFileA
GetDiskFreeSpaceExA
GlobalMemoryStatusEx
Module32Next
GetFileAttributesA
VirtualProtect
lstrlenA
WaitForSingleObject
CreateProcessA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
RtlMoveMemory
WideCharToMultiByte
lstrlenW
QueryDosDeviceW
OpenProcess
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle
SetWaitableTimer
CreateWaitableTimerA
HeapAlloc
GetProcessHeap
WTSGetActiveConsoleSessionId
MoveFileA
CreateDirectoryA
lstrcpyn
MultiByteToWideChar
SetStdHandle
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
RtlUnwind
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTempPathA
GetSystemDirectoryA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
MulDiv
GlobalFlags
InterlockedDecrement
lstrcatA
lstrcpyA
InterlockedIncrement
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
LockResource
LoadResource
FindResourceA
GetProcessVersion
SetErrorMode
WriteFile
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP

user32

CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
EnableMenuItem
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
SetForegroundWindow
SetActiveWindow
GetActiveWindow
IsWindow
GetForegroundWindow
IsWindowEnabled
GetParent
MsgWaitForMultipleObjects
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
CreateWindowStationA
EnumWindows
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetClassNameA
WaitForInputIdle
IsWindowVisible
GetWindowTextA
CallWindowProcA
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetWindowLongA
SetCursor
SendMessageA
PostMessageA
GetMenuItemID
PostQuitMessage
EnableWindow

advapi32

AllocateAndInitializeSid
FreeSid
ImpersonateLoggedOnUser
RevertToSelf
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
StartServiceA
CreateServiceA
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegFlushKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
CheckTokenMembership

shell32

ShellExecuteA
SHGetFolderPathA
SHGetSpecialFolderPathA

ole32

CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize
CoInitialize
CoCreateInstance
CoSetProxyBlanket
OleRun
CLSIDFromString
CLSIDFromProgID
CoUninitialize

shlwapi

PathFindFileNameA
PathIsDirectoryW
PathFileExistsA

ws2_32

send
WSAStartup
closesocket
socket
htons
inet_addr
connect
gethostbyname
recv
getsockname
ntohs
WSAAsyncSelect
select
WSACleanup

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

gdi32

SetWindowExtEx
GetClipBox
ScaleViewportExtEx
GetObjectA
GetStockObject
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
ScaleWindowExtEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBitmap

wininet

InternetTimeToSystemTime
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetOpenA
InternetConnectA
InternetCloseHandle
InternetCheckConnectionA
HttpOpenRequestA
InternetSetOptionA

wtsapi32

WTSQueryUserToken

psapi

GetProcessImageFileNameW

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl
WinHttpSetOption
WinHttpCheckPlatform

oleaut32

SystemTimeToVariantTime
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime
SysFreeString

oledlg

ord8

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 484KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 364KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3b389511d98b082081021b12c02bbe0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

ws2_32

version

gdi32

wininet

wtsapi32

psapi

winhttp

oleaut32

oledlg

winspool.drv

comctl32

Sections

.text Size: 484KB - Virtual size: 480KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 364KB - Virtual size: 463KB

.rsrc Size: 4KB - Virtual size: 752B

.text
Size: 484KB - Virtual size: 480KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 364KB - Virtual size: 463KB

.rsrc
Size: 4KB - Virtual size: 752B