blackmoon | eb80cb7899e4d318aab8de7c9174f0ce60f07008d3ac5651407a9ddd8bec59d1

Sharing

Copy URL Twitter E-mail

General

Target

eb80cb7899e4d318aab8de7c9174f0ce60f07008d3ac5651407a9ddd8bec59d1
Size

176KB
MD5

87ee8cd0852ddddadb4ee8aaba68394c
SHA1

35d64b5ac6ce123a046f22e2d6cd9962ee7f4cc4
SHA256

eb80cb7899e4d318aab8de7c9174f0ce60f07008d3ac5651407a9ddd8bec59d1
SHA512

0c49a8a3c53319685ed27c1b655b27220f0722386f52713bb8c4446a345a1868b6e9649db6ac6de84ab268145d39de3f565992d53886b0fd9515adda1b04c219
SSDEEP

3072:+0UznoG9oAL8yPgs3akXGids3Q8Xet3dnBuQte51:+0UznF9oUfgs39XGiO583dnG51

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb80cb7899e4d318aab8de7c9174f0ce60f07008d3ac5651407a9ddd8bec59d1

Files

eb80cb7899e4d318aab8de7c9174f0ce60f07008d3ac5651407a9ddd8bec59d1
.exe windows:4 windows x86

1fcc04a8b175958c09f8f305dc191be9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
lstrlenA
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcatA
lstrcpyA
InterlockedIncrement
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
SetErrorMode
GetCurrentProcess
WriteFile
SetFilePointer
FlushFileBuffers
TlsGetValue
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
TerminateProcess
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
DeleteCriticalSection
GlobalAlloc
TlsAlloc
InitializeCriticalSection
GlobalLock
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
GetModuleFileNameA
IsBadReadPtr
HeapReAlloc
ExitProcess
FindClose
FindFirstFileW
VirtualFreeEx
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
CreateProcessW
HeapFree
HeapAlloc
GetProcessHeap
OpenProcess
LocalFree
lstrcmpiW
LocalAlloc
MultiByteToWideChar
CloseHandle
Process32Next
CreateToolhelp32Snapshot
WideCharToMultiByte
lstrlenW
GlobalFree
RtlMoveMemory

user32

SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
UnhookWindowsHookEx
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
WaitForInputIdle
CloseDesktop
CreateDesktopW
GetParent
UnregisterClassA

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
Escape
ExtTextOutA
GetObjectA
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
TextOutA
RectVisible
PtVisible
GetDeviceCaps
CreateBitmap

advapi32

RegCreateKeyExA
CreateProcessWithTokenW
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
LookupAccountSidW
RegSetValueExA
RegCloseKey
RegOpenKeyExA

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

oleaut32

VariantTimeToSystemTime

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fcc04a8b175958c09f8f305dc191be9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wtsapi32

oleaut32

winspool.drv

comctl32

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 28KB - Virtual size: 88KB

.rsrc Size: 4KB - Virtual size: 784B

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 28KB - Virtual size: 88KB

.rsrc
Size: 4KB - Virtual size: 784B