blackmoon | 7e2106e90bc7ad871593fd9bc37a3638bf7bd7592ffecbd29e88ae59da795702

Sharing

Copy URL Twitter E-mail

General

Target

7e2106e90bc7ad871593fd9bc37a3638bf7bd7592ffecbd29e88ae59da795702
Size

852KB
MD5

950384a6e9f494044a2d9c262a5ae324
SHA1

2caaea00dc20252d8fcd8a8f2acf60161d7e705f
SHA256

7e2106e90bc7ad871593fd9bc37a3638bf7bd7592ffecbd29e88ae59da795702
SHA512

40ff7c0b0dad0a4c5e3a6d97f6a9874f69eefcede234e2dba36b9a64343c2bd67e96278965f847bd332e7df293c8f7ebeacf0bd83b836f5860cc20fdc0e0877c
SSDEEP

24576:ZyJxWOZDx+VfDemDa5OivK9bufoD+82k5mhPYgoKiTmpRH:IRYDemDa5OisELp9

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e2106e90bc7ad871593fd9bc37a3638bf7bd7592ffecbd29e88ae59da795702

Files

7e2106e90bc7ad871593fd9bc37a3638bf7bd7592ffecbd29e88ae59da795702
.dll windows:4 windows x86

ede75d1b0ff4b08b11b96b50a7da8098

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateIoCompletionPort
HeapCreate
InitializeCriticalSection
CreateThread
EnterCriticalSection
LCMapStringA
FreeLibrary
GetCommandLineA
GetCurrentDirectoryA
GetDiskFreeSpaceA
MulDiv
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetTickCount
RtlZeroMemory
GetLastError
ExitThread
GetLocalTime
GetUserDefaultLCID
WritePrivateProfileStringA
DeleteFileA
GetFileSize
ReadFile
GetModuleFileNameA
Sleep
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
WriteProcessMemory
GetCurrentThread
VirtualProtectEx
VirtualQueryEx
LoadLibraryA
GetTempPathA
GetVersionExA
VirtualProtect
FlushInstructionCache
GetProcAddress
GetModuleHandleA
GlobalFree
GetCurrentProcess
VirtualFree
lstrcpynA
CreateFileA
GetThreadTimes
OpenThread
lstrlenA
SetHandleInformation
GlobalSize
lstrcpyn
GlobalUnlock
GlobalLock
ResumeThread
QueueUserAPC
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
QueryDosDeviceA
GetLogicalDriveStringsA
CreateRemoteThread
ReadProcessMemory
MultiByteToWideChar
VirtualFreeEx
GetSystemDirectoryA
GetTempFileNameA
VirtualAllocEx
CopyFileA
DebugActiveProcessStop
ContinueDebugEvent
WaitForDebugEvent
DebugActiveProcess
OpenProcess
WideCharToMultiByte
lstrlenW
LocalFree
LocalAlloc
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetCurrentThreadId
GlobalAlloc
lstrcmpiA
ExitProcess
VirtualAlloc
TlsSetValue
DeleteCriticalSection
Process32Next
Process32First
WriteFile
SetFilePointer
TerminateProcess
GetWindowsDirectoryA
lstrcpyA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
GetVersion
SetSystemPowerState
GlobalReAlloc
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
SetEndOfFile
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GlobalHandle
TlsFree
LocalReAlloc
SetErrorMode
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
InterlockedExchange
TlsGetValue
TlsAlloc
IsBadReadPtr
IsBadCodePtr
RtlMoveMemory
CloseHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
VirtualQuery
SetEnvironmentVariableA
GetEnvironmentVariableA
LeaveCriticalSection
GetCurrentProcessId

shlwapi

PathFindFileNameA
PathFileExistsA

ws2_32

getsockname
recvfrom
htonl
WSASocketA
getpeername
recv
select
__WSAFDIsSet
accept
bind
listen
gethostname
closesocket
connect
htons
inet_addr
WSAStartup
ntohs
send
WSARecv
gethostbyname
socket
WSACleanup
WSASend
inet_ntoa
sendto

user32

TabbedTextOutA
DrawTextA
GrayStringA
PostQuitMessage
SetCursor
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
BeginPaint
EndPaint
UnhookWindowsHookEx
DestroyWindow
CreateDialogIndirectParamA
EndDialog
SendDlgItemMessageA
IsDialogMessageA
SetWindowTextA
GetDlgCtrlID
MoveWindow
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
GetMessagePos
GetMessageTime
RemovePropA
GetClassLongA
CreateWindowExA
MessageBoxA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
WinHelpA
GetCapture
GetTopWindow
AdjustWindowRectEx
MapWindowPoints
LoadIconA
UnregisterClassA
GetSysColorBrush
LoadStringA
DestroyMenu
WindowFromDC
SetPropA
GetPropA
CallWindowProcA
GetSysColor
GetClassInfoA
DefWindowProcA
LoadCursorA
PostMessageA
CopyRect
SetRect
GetClientRect
InvalidateRect
ExitWindowsEx
SetForegroundWindow
SetActiveWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
EnableWindow
GetParent
PtInRect
GetWindowLongA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
FindWindowA
IsWindow
SendMessageA
wvsprintfA
GetSystemMetrics
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
RegisterWindowMessageA
EnumWindows
GetWindowRect
GetWindowTextA
CloseWindowStation
CreateWindowStationA
ReleaseDC
DrawIcon
GetDC
GetIconInfo
GetCursorInfo
PostThreadMessageA
WaitForInputIdle
MsgWaitForMultipleObjects
IsWindowVisible
GetWindowTextLengthW
GetClassNameA
GetWindowThreadProcessId
GetWindow
GetDesktopWindow

gdi32

CreateDIBSection
Rectangle
CreateFontIndirectA
SetWindowOrgEx
SaveDC
RestoreDC
CreatePenIndirect
CreateBrushIndirect
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetNearestPaletteIndex
CreateDIBitmap
CreatePalette
CreateBitmap
ScaleWindowExtEx
SetBkColor
SetBkMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
GdiFlush
SetWindowExtEx
GetClipBox
MoveToEx
LineTo
GetStockObject
GetObjectA
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
ScaleViewportExtEx

advapi32

RegCreateKeyExA
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CreateStreamOnHGlobal
CLSIDFromString
GetHGlobalFromStream
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoInitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoUninitialize
CoCreateInstance
CLSIDFromProgID
OleRun

mswsock

AcceptEx

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

gdiplus

GdipCreateBitmapFromStream
GdiplusStartup
GdipSaveImageToStream
GdiplusShutdown
GdipDisposeImage

oledlg

ord8

oleaut32

VariantClear
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
SafeArrayDestroy
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

shell32

SHGetSpecialFolderPathA

comctl32

ord17
_TrackMouseEvent

Exports

Exports

Webzen
_��ӳ��

Sections

.text
Size: 592KB - Virtual size: 591KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ede75d1b0ff4b08b11b96b50a7da8098

Headers

File Characteristics

Imports

kernel32

shlwapi

ws2_32

user32

gdi32

advapi32

ole32

mswsock

psapi

gdiplus

oledlg

oleaut32

winspool.drv

shell32

comctl32

Exports

Exports

Sections

.text Size: 592KB - Virtual size: 591KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 164KB - Virtual size: 370KB

.rsrc Size: 4KB - Virtual size: 352B

.reloc Size: 52KB - Virtual size: 51KB

.text
Size: 592KB - Virtual size: 591KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 164KB - Virtual size: 370KB

.rsrc
Size: 4KB - Virtual size: 352B

.reloc
Size: 52KB - Virtual size: 51KB