blackmoon | d2b26ab6dfb8d8fcf78df7764c74d18429fc8b252b9662ba2e5f49d7c98a4aa7

Sharing

Copy URL Twitter E-mail

General

Target

d2b26ab6dfb8d8fcf78df7764c74d18429fc8b252b9662ba2e5f49d7c98a4aa7
Size

896KB
MD5

7b53549a6561fff851533a318f685bac
SHA1

8f2e7138169bb14a25377f540a6532ccc98f0787
SHA256

d2b26ab6dfb8d8fcf78df7764c74d18429fc8b252b9662ba2e5f49d7c98a4aa7
SHA512

ccd618d16f8f72862d72b5ab294092563b455c3baa2790d3979fcff2c368fe8d0905fcef943afc3cc8d84c58893931efaea3c5732759fc4de5b640d734598621
SSDEEP

24576:zFQn61zsI4n40Q6W4LjuYAOzl/HOt5SU3c2oFT/Dg8fOC:zROVpVbi8GC

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2b26ab6dfb8d8fcf78df7764c74d18429fc8b252b9662ba2e5f49d7c98a4aa7

Files

d2b26ab6dfb8d8fcf78df7764c74d18429fc8b252b9662ba2e5f49d7c98a4aa7
.exe windows:4 windows x86

8d28eedbbfb1037e1dcdee1837e2cbb1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
SetLocalTime
SetCurrentDirectoryA
WritePrivateProfileStringA
GetVersionExA
GetTickCount
RemoveDirectoryA
DeleteFileA
FindFirstFileA
FindNextFileA
GetStartupInfoA
GetModuleFileNameA
GetLocalTime
HeapFree
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
IsBadCodePtr
IsBadReadPtr
IsDebuggerPresent
Process32NextW
Process32FirstW
GetLastError
TerminateProcess
GetWindowsDirectoryA
Sleep
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessW
CreatePipe
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
CreateEventA
OpenEventA
CreateMutexA
GetCurrentProcessId
VirtualFree
VirtualAlloc
CreateFileA
GetDiskFreeSpaceExA
GlobalMemoryStatusEx
Module32Next
GetFileAttributesA
VirtualProtect
lstrlenA
WaitForSingleObject
CreateProcessA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
RtlMoveMemory
WideCharToMultiByte
lstrlenW
QueryDosDeviceW
Process32Next
Process32First
CreateToolhelp32Snapshot
SetWaitableTimer
CreateWaitableTimerA
WTSGetActiveConsoleSessionId
MoveFileA
CreateDirectoryA
lstrcpyn
MultiByteToWideChar
HeapAlloc
GetProcessHeap
CloseHandle
LocalFree
LocalAlloc
OpenProcess
GetCurrentProcess
SetStdHandle
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
RtlUnwind
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTempPathA
GetSystemDirectoryA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
MulDiv
GlobalFlags
InterlockedDecrement
lstrcatA
lstrcpyA
InterlockedIncrement
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
LockResource
LoadResource
FindResourceA
GetProcessVersion
SetErrorMode
WriteFile
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP

user32

GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
GetActiveWindow
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetKeyState
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
IsWindow
GetForegroundWindow
IsWindowEnabled
GetParent
MsgWaitForMultipleObjects
CreateWindowStationA
EnumWindows
GetWindowThreadProcessId
CallNextHookEx
ValidateRect
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
GetWindowLongA
SetCursor
GetWindowTextLengthW
GetWindowTextW
GetClassNameA
WaitForInputIdle
IsWindowVisible
GetWindowTextA
CallWindowProcA
GetWindowInfo
FindWindowExA
ShowWindowAsync
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
SendMessageA
PostMessageA
PostQuitMessage
SetForegroundWindow
SetActiveWindow
EnableWindow
SetWindowLongA

advapi32

RegDeleteValueA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
ImpersonateLoggedOnUser
RevertToSelf
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
StartServiceA
CreateServiceA
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegFlushKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA

shell32

ShellExecuteA
SHGetFolderPathA
SHGetSpecialFolderPathA

ole32

CoRegisterMessageFilter
CoRevokeClassObject
OleUninitialize
OleInitialize
OleFlushClipboard
OleIsCurrentClipboard
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
OleRun
CLSIDFromString
CLSIDFromProgID

shlwapi

PathFindFileNameA
PathIsDirectoryW
PathFileExistsA

ws2_32

select
connect
gethostbyname
WSAAsyncSelect
htons
socket
closesocket
recv
getsockname
ntohs
WSACleanup
send
WSAStartup
inet_addr

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

gdi32

GetClipBox
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetObjectA
GetStockObject
SetMapMode
SetTextColor
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

wininet

InternetCloseHandle
InternetTimeToSystemTime
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCheckConnectionA

wtsapi32

WTSQueryUserToken

psapi

GetProcessImageFileNameW

winhttp

WinHttpConnect
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpCrackUrl
WinHttpSetOption
WinHttpReadData
WinHttpQueryHeaders
WinHttpCheckPlatform

oleaut32

SystemTimeToVariantTime
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime
SysFreeString

oledlg

ord8

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

Sections

.text
Size: 492KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 368KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d28eedbbfb1037e1dcdee1837e2cbb1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

ws2_32

version

gdi32

wininet

wtsapi32

psapi

winhttp

oleaut32

oledlg

winspool.drv

comctl32

Sections

.text Size: 492KB - Virtual size: 490KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 368KB - Virtual size: 464KB

.rsrc Size: 4KB - Virtual size: 752B

.text
Size: 492KB - Virtual size: 490KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 368KB - Virtual size: 464KB

.rsrc
Size: 4KB - Virtual size: 752B