blackmoon | 1db4134cf8b699d3c884f9b87d118d17db7601dfd8ad4d978d538f752dc77def

Sharing

Copy URL Twitter E-mail

General

Target

1db4134cf8b699d3c884f9b87d118d17db7601dfd8ad4d978d538f752dc77def
Size

748KB
MD5

518c4ebcfb09d085aa93e53f4165d573
SHA1

1e903fdb90c1d6929de124bd333abc218fcad55d
SHA256

1db4134cf8b699d3c884f9b87d118d17db7601dfd8ad4d978d538f752dc77def
SHA512

ac4d19a44bea72f31c1707ad0c9413fb23fc3ffb278832a369148eda5c480d6e75437ad27512e031c5ad99b8cc3fe9735d73e76c89d9f61864f905620178dd58
SSDEEP

12288:bxz7ATpl6+ijQsOcY0HL+X5e+KollTNU6Ni65wQaBWA4JnPmpQptGp:bxz7Kl6+qQsOcY0HL+X5eporTNni65w7

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1db4134cf8b699d3c884f9b87d118d17db7601dfd8ad4d978d538f752dc77def

Files

1db4134cf8b699d3c884f9b87d118d17db7601dfd8ad4d978d538f752dc77def
.dll windows:4 windows x86

6abe819a9367635f5f6975d0256998cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQuery
ExitProcess
GetModuleHandleA
GetProcAddress
GetCurrentThread
ExitThread
LoadLibraryA
RtlZeroMemory
GetTickCount
CreateIoCompletionPort
HeapCreate
InitializeCriticalSection
CreateThread
EnterCriticalSection
LeaveCriticalSection
GetQueuedCompletionStatus
PostQueuedCompletionStatus
LocalAlloc
LocalFree
lstrlenW
WideCharToMultiByte
OpenProcess
DebugActiveProcess
WaitForDebugEvent
LCMapStringA
GetLastError
FreeLibrary
GetCommandLineA
GetCurrentDirectoryA
GetDiskFreeSpaceA
MulDiv
GlobalFree
GlobalAlloc
GetCurrentThreadId
CloseHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
TlsSetValue
TlsGetValue
TlsAlloc
VirtualAlloc
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetLocalTime
GetUserDefaultLCID
WritePrivateProfileStringA
DeleteFileA
GetFileSize
ReadFile
Sleep
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
WriteProcessMemory
VirtualProtectEx
VirtualQueryEx
VirtualProtect
FlushInstructionCache
GetCurrentProcess
VirtualFree
GetTempPathA
GetVersionExA
lstrcpynA
CreateFileA
GetThreadTimes
OpenThread
SetHandleInformation
GlobalSize
lstrcpyn
GlobalUnlock
GlobalLock
ResumeThread
QueueUserAPC
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
QueryDosDeviceA
GetLogicalDriveStringsA
CreateRemoteThread
ReadProcessMemory
MultiByteToWideChar
DeleteCriticalSection
Process32Next
Process32First
WriteFile
SetFilePointer
TerminateProcess
GetWindowsDirectoryA
lstrcpyA
lstrlenA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
GetVersion
SetSystemPowerState
GlobalReAlloc
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GlobalHandle
TlsFree
LocalReAlloc
SetErrorMode
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
InterlockedExchange
RtlMoveMemory
SetEnvironmentVariableA
GetEnvironmentVariableA
GetCurrentProcessId
IsBadCodePtr
IsBadReadPtr
VirtualFreeEx
GetSystemDirectoryA
GetTempFileNameA
VirtualAllocEx
CopyFileA
DebugActiveProcessStop
ContinueDebugEvent
lstrcmpiA

user32

EndPaint
UnhookWindowsHookEx
DestroyWindow
CreateDialogIndirectParamA
EndDialog
SendDlgItemMessageA
IsDialogMessageA
SetWindowTextA
GetDlgCtrlID
MoveWindow
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
GetMessagePos
GetMessageTime
RemovePropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
BeginPaint
WinHelpA
GetCapture
GetTopWindow
AdjustWindowRectEx
MapWindowPoints
LoadIconA
UnregisterClassA
GetSysColorBrush
LoadStringA
DestroyMenu
IsWindow
SendMessageA
ClientToScreen
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
SetCursor
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
WindowFromDC
SetPropA
GetPropA
CallWindowProcA
GetSysColor
GetClassInfoA
DefWindowProcA
LoadCursorA
PostMessageA
CopyRect
SetRect
GetClientRect
InvalidateRect
ExitWindowsEx
SetForegroundWindow
SetActiveWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
EnableWindow
GetParent
PtInRect
GetWindowLongA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
RegisterClassA
GetSystemMetrics
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
RegisterWindowMessageA
EnumWindows
GetWindowRect
GetWindowTextA
CloseWindowStation
CreateWindowStationA
ReleaseDC
DrawIcon
GetDC
GetIconInfo
GetCursorInfo
PostThreadMessageA
WaitForInputIdle
MsgWaitForMultipleObjects
IsWindowVisible
GetWindowTextLengthW
GetClassNameA
GetWindowThreadProcessId
GetWindow
GetDesktopWindow
MessageBoxA
wvsprintfA

gdi32

SetViewportOrgEx
GetDeviceCaps
GdiFlush
CreateDIBSection
Rectangle
CreateFontIndirectA
SetWindowOrgEx
SaveDC
RestoreDC
CreatePenIndirect
CreateBrushIndirect
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetNearestPaletteIndex
CreateDIBitmap
CreatePalette
CreateBitmap
SetBkColor
SetBkMode
SetTextColor
SetMapMode
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
MoveToEx
LineTo
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
GetObjectA
GetStockObject

advapi32

OpenProcessToken
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA

shlwapi

PathFileExistsA
PathFindFileNameA

ws2_32

send
WSAStartup
inet_addr
htons
connect
closesocket
WSASocketA
recvfrom
WSARecv
gethostbyname
socket
WSACleanup
WSASend
inet_ntoa
gethostname
sendto
listen
bind
accept
__WSAFDIsSet
select
recv
getpeername
ntohs
htonl
getsockname

ole32

OleRun
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
GetHGlobalFromStream
CoCreateInstance
OleIsCurrentClipboard
CreateStreamOnHGlobal
CLSIDFromString
OleFlushClipboard
CLSIDFromProgID
CoRevokeClassObject

mswsock

AcceptEx

psapi

GetProcessImageFileNameA
GetModuleFileNameExA

gdiplus

GdiplusShutdown
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromStream
GdiplusStartup

oledlg

ord8

oleaut32

VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17
_TrackMouseEvent

shell32

SHGetSpecialFolderPathA

Exports

Exports

Webzen
_��ӳ��

Sections

.text
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6abe819a9367635f5f6975d0256998cd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

ws2_32

ole32

mswsock

psapi

gdiplus

oledlg

oleaut32

winspool.drv

comctl32

shell32

Exports

Exports

Sections

.text Size: 488KB - Virtual size: 487KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 164KB - Virtual size: 360KB

.rsrc Size: 4KB - Virtual size: 352B

.reloc Size: 52KB - Virtual size: 48KB

.text
Size: 488KB - Virtual size: 487KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 164KB - Virtual size: 360KB

.rsrc
Size: 4KB - Virtual size: 352B

.reloc
Size: 52KB - Virtual size: 48KB