Behavioral task
behavioral1
Sample
0133588db01b364f4dc18757214bb10bf69032215cacf73a3e46047243ddf38c.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral2
Sample
0133588db01b364f4dc18757214bb10bf69032215cacf73a3e46047243ddf38c.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
General
-
Target
0133588db01b364f4dc18757214bb10bf69032215cacf73a3e46047243ddf38c
-
Size
5.1MB
-
MD5
499350b92090e4d4aeb934e6917190c7
-
SHA1
9f7f57586d54fddc28cb44310d5ff92c1da2440c
-
SHA256
0133588db01b364f4dc18757214bb10bf69032215cacf73a3e46047243ddf38c
-
SHA512
63f804aa5fe86c0354ceb82f46a16ae2b7d23dd0bff92fbe6573eaf219dbe8193da3ae245637bad1472a46bf78f0eb93d0d83a75145290a5040a7881fcea6226
-
SSDEEP
98304:/7o9Fhhthvr0SMqxrVXdg+dwps6qYZPNywcwN8Kla2lPJsIGXY6XFJ9bg+0nta6x:/QrthdAxPVsIGXjXbK+0nI6Qw3rth5Wh
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0133588db01b364f4dc18757214bb10bf69032215cacf73a3e46047243ddf38c
Files
-
0133588db01b364f4dc18757214bb10bf69032215cacf73a3e46047243ddf38c.exe windows:6 windows x86
09cd23b8aa1c594eacf91d83508cfcba
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FileTimeToSystemTime
GetLocalTime
GetFileInformationByHandle
SystemTimeToFileTime
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
GetFileAttributesA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
MultiByteToWideChar
MoveFileExA
CopyFileA
FindResourceA
CreateFileMappingA
lstrlenA
FreeResource
UnmapViewOfFile
MapViewOfFile
GetTickCount
GetSystemInfo
GlobalMemoryStatusEx
CreateProcessA
CreateThread
GetCurrentProcessId
Sleep
Beep
GetTempPathA
WriteFile
SetFileAttributesA
ReadFile
GetFileSize
CreateFileA
CreateDirectoryA
SetCurrentDirectoryA
CreateMutexA
GetCommandLineW
WinExec
RemoveDirectoryA
DeleteFileA
Module32Next
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcpyA
lstrcmpA
LocalFree
WriteProcessMemory
VirtualAllocEx
OpenProcess
CreateRemoteThread
TerminateProcess
GetCurrentProcess
WaitForSingleObject
CloseHandle
GetModuleFileNameA
GetLogicalDrives
FindFirstFileA
FindClose
GetCurrentDirectoryA
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
FindResourceW
WriteConsoleW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
FindNextFileW
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetDriveTypeW
GetTimeZoneInformation
GetFileAttributesExW
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetStdHandle
QueryPerformanceFrequency
GetFileType
SetStdHandle
HeapQueryInformation
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
GetFullPathNameW
VirtualQuery
VirtualAlloc
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStringTypeW
LCMapStringW
FormatMessageW
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalUnlock
LocalLock
GetProfileIntA
SearchPathA
SetErrorMode
FindResourceExW
GetWindowsDirectoryA
VerifyVersionInfoA
VerSetConditionMask
GetUserDefaultLCID
ReplaceFileA
GetTempFileNameA
GetDiskFreeSpaceA
GetStringTypeExA
GetVolumeInformationA
MoveFileA
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameA
FlushFileBuffers
GetFileTime
GetFileSizeEx
SizeofResource
LockResource
LoadResource
GetLastError
SetLastError
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
FormatMessageA
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
LoadLibraryA
LoadLibraryW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
LocalAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FindNextFileA
SetEvent
CreateEventA
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
GetVersionExA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetAtomNameA
GetThreadLocale
GetACP
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetOEMCP
GetCPInfo
GetFileAttributesExA
user32
DestroyCursor
DestroyIcon
CreateIconIndirect
GetIconInfo
IsWindow
GetMenuStringA
GetMenuState
InsertMenuA
RemoveMenu
SendDlgItemMessageA
SetRectEmpty
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
RegisterWindowMessageA
DispatchMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoExA
CreateWindowExA
IsMenu
IsChild
DestroyWindow
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
SetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
TrackPopupMenu
SetActiveWindow
GetForegroundWindow
BeginPaint
EndPaint
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
ScreenToClient
MapWindowPoints
EqualRect
PtInRect
GetClassLongA
GetTopWindow
GetLastActivePopup
GetWindow
SetWindowsHookExA
UnhookWindowsHookEx
SetScrollInfo
GetScrollInfo
WinHelpA
MonitorFromWindow
GetMonitorInfoA
ShowWindow
MoveWindow
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
IsWindowEnabled
ScrollWindowEx
IsDialogMessageA
CreateDialogIndirectParamA
EndDialog
IntersectRect
LoadBitmapA
BringWindowToTop
ReleaseCapture
LoadAcceleratorsA
TranslateAcceleratorA
InsertMenuItemA
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
IsZoomed
GetMessageA
TranslateMessage
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
GetMenuItemInfoA
SystemParametersInfoA
SetCapture
WindowFromPoint
KillTimer
GetParent
WaitMessage
GetKeyNameTextA
MapVirtualKeyA
GetSysColorBrush
LoadCursorA
TrackMouseEvent
LoadImageW
RealChildWindowFromPoint
CopyImage
GetAsyncKeyState
GetDialogBaseUnits
CharUpperA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetRect
UnionRect
GetSystemMenu
DeleteMenu
SetParent
LoadMenuW
MessageBeep
NotifyWinEvent
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
MonitorFromPoint
SetLayeredWindowAttributes
EnumDisplayMonitors
GetNextDlgGroupItem
DrawIconEx
HideCaret
InvertRect
LoadImageA
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawEdge
DrawFrameControl
SetCursorPos
CopyIcon
LoadAcceleratorsW
RegisterClipboardFormatA
GetDCEx
LockWindowUpdate
CharUpperBuffA
ModifyMenuA
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
PostThreadMessageA
GetComboBoxInfo
IsCharLowerA
MapVirtualKeyExA
GetDoubleClickTime
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
EnumChildWindows
SendNotifyMessageA
InSendMessage
WindowFromDC
CreateMenu
SubtractRect
GetWindowRgn
GetTabbedTextExtentA
GetTabbedTextExtentW
RedrawWindow
SetWindowLongA
GetFocus
MessageBoxA
AdjustWindowRectEx
PeekMessageA
PostQuitMessage
GetClassInfoA
ClientToScreen
SetCursor
GetDC
DrawStateA
TrackPopupMenuEx
GetSubMenu
DestroyMenu
ReleaseDC
SetWindowRgn
InvalidateRect
GetClientRect
SendMessageA
OpenIcon
SetForegroundWindow
FindWindowA
wsprintfA
IsWindowVisible
IsIconic
GetSystemMetrics
CreatePopupMenu
CheckMenuItem
GetMenuItemID
GetMenuItemCount
AppendMenuA
DrawIcon
GetWindowLongA
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
IsRectEmpty
GetSysColor
UpdateWindow
SwitchToThisWindow
SetWindowTextA
SetWindowPos
EnableWindow
PostMessageA
GetWindowDC
GetWindowRect
LoadMenuA
GetActiveWindow
GetNextDlgTabItem
SetTimer
SetClassLongA
GetDesktopWindow
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
UnregisterClassA
CreateIconFromResource
LoadIconW
LoadIconA
LoadCursorW
CallNextHookEx
GetWindowThreadProcessId
GetClassNameA
EnumWindows
GetCursorPos
GetWindowTextA
gdi32
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetBkMode
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocA
ArcTo
SetTextCharacterExtra
ExtSelectClipRgn
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
SelectClipRgn
SaveDC
RestoreDC
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetCurrentPositionEx
GetClipRgn
ExtTextOutA
TextOutA
RectVisible
PtVisible
Escape
CreateSolidBrush
GetClipBox
ExcludeClipRect
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
GetDeviceCaps
CreateBitmap
CreateDCA
CopyMetaFileA
GetStockObject
SetBkColor
SetPixel
SelectPalette
GetTextFaceA
GetTextExtentPoint32W
GetTextExtentPointA
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
SetPixelV
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DeleteMetaFile
CreateMetaFileA
CloseMetaFile
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
SetPaletteEntries
ExtFloodFill
Rectangle
GetCurrentObject
OffsetRgn
EnumFontFamiliesExA
Polyline
Polygon
CreatePolygonRgn
SetDIBColorTable
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
CreateRoundRectRgn
StretchDIBits
GetCharWidthA
CreateFontA
GetRgnBox
GetTextColor
LPtoDP
CreateDIBSection
Ellipse
CreateEllipticRgn
GetTextMetricsA
GetTextExtentPoint32A
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CreateFontIndirectA
ScaleWindowExtEx
ScaleViewportExtEx
BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgn
DeleteObject
GetBkColor
GetDIBits
SelectObject
StretchBlt
GetObjectA
GetPixel
DeleteDC
SetTextColor
advapi32
RegEnumKeyA
RegSetValueA
IsTextUnicode
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueA
RegOpenKeyExW
SetFileSecurityA
GetFileSecurityA
RegEnumValueA
RegEnumKeyExA
SystemFunction036
RegCreateKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
SetEntriesInAclA
SetSecurityInfo
BuildExplicitAccessWithNameA
RegCloseKey
shell32
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA
DragQueryFileA
DragFinish
SHGetFileInfoA
SHAddToRecentDocs
ExtractIconA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
SHGetMalloc
SHBrowseForFolderA
CommandLineToArgvW
ole32
RegisterDragDrop
RevokeDragDrop
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleRegGetMiscStatus
OleRegEnumVerbs
CoLockObjectExternal
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
OleGetClipboard
CoInitializeEx
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleRun
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
PropVariantCopy
CoDisconnectObject
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
OleDraw
CreateStreamOnHGlobal
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoUninitialize
CoCreateInstance
CoInitialize
OleCreateMenuDescriptor
msimg32
AlphaBlend
TransparentBlt
comctl32
_TrackMouseEvent
shlwapi
PathFindFileNameA
PathFindExtensionA
PathRemoveExtensionA
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
PathRemoveFileSpecW
UrlUnescapeA
uxtheme
DrawThemeBackground
GetThemeSysColor
GetWindowTheme
IsAppThemed
DrawThemeText
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemePartSize
GetThemeColor
oledlg
ord8
urlmon
URLDownloadToFileA
gdiplus
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImagePaletteSize
winmm
PlaySoundA
wininet
FtpGetFileA
FtpFindFirstFileA
InternetGetLastResponseInfoA
FtpDeleteFileA
FtpRenameFileA
FtpOpenFileA
InternetSetStatusCallback
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpCommandA
GopherCreateLocatorA
GopherFindFirstFileA
GopherOpenFileA
GopherGetAttributeA
HttpAddRequestHeadersA
HttpSendRequestExA
HttpEndRequestA
InternetSetCookieA
InternetGetCookieA
InternetErrorDlg
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
DeleteUrlCacheEntry
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable
InternetFindNextFileA
InternetQueryOptionA
InternetSetOptionExA
FtpPutFileA
ws2_32
WSAGetLastError
WSASetLastError
gethostbyname
sendto
select
recvfrom
closesocket
connect
htons
inet_addr
send
WSAAsyncSelect
socket
recv
ntohs
inet_ntoa
htonl
getsockname
getpeername
bind
accept
WSACleanup
WSAStartup
oleacc
LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject
imm32
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
winspool.drv
DocumentPropertiesA
OpenPrinterA
ClosePrinter
GetJobA
oleaut32
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
VarDecFromStr
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
SysStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
OleCreateFontIndirect
SafeArrayCreateVector
SafeArrayRedim
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 604KB - Virtual size: 604KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 37KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ