blackmoon | 7a60143cf20e82d8b8867b4ea76cbf7d14c3239ae110ac738a52b95bab2f9756

Sharing

Copy URL Twitter E-mail

General

Target

7a60143cf20e82d8b8867b4ea76cbf7d14c3239ae110ac738a52b95bab2f9756
Size

1.2MB
MD5

30fec16fe973a5c43339e7d346146656
SHA1

0a9163f27d7adb4f865bbdaa75ef2b085d9219da
SHA256

7a60143cf20e82d8b8867b4ea76cbf7d14c3239ae110ac738a52b95bab2f9756
SHA512

fe7f706b9d362e634aab63f5b1d79ac3c0526edc29ef50c4fe9d88372964c9c96b92a2c8693a8e51e2b0528cd13b67263636d9a846eeff9ab6eb8e2d8e01e7e9
SSDEEP

24576:WyrftsLHH1E0qGPpzXOPKB0HDFRCUwy6Rje/tudNRlNrUeOu1WTbXPb:WyyGyje/t2Hxj12X

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a60143cf20e82d8b8867b4ea76cbf7d14c3239ae110ac738a52b95bab2f9756

Files

7a60143cf20e82d8b8867b4ea76cbf7d14c3239ae110ac738a52b95bab2f9756
.dll windows:4 windows x86

777dca9a7fd1e7a78082178166afa307

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
LocalFree
InterlockedIncrement
InterlockedDecrement
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetVersion
MulDiv
WritePrivateProfileStringA
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
GetCurrentProcess
ReadFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetStringTypeExA
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
TerminateProcess
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
Sleep
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
IsBadCodePtr
VirtualProtect
VirtualQuery
GetSystemInfo
InterlockedCompareExchange
InterlockedExchange
GetTickCount
LCMapStringA
LoadLibraryA
FreeLibrary
GetModuleFileNameA
GetCommandLineA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
WriteFile
CloseHandle
GetLocalTime
IsBadReadPtr
HeapReAlloc
HeapAlloc
ExitProcess
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
HeapFree
RtlMoveMemory
GetProcAddress
GetModuleHandleA
IsBadStringPtrA
GlobalFlags
GetProcessHeap

user32

GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
CallWindowProcA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
EnableWindow

gdi32

Escape
DeleteObject
DeleteDC
ExtTextOutA
TextOutA
GetObjectA
GetStockObject
RectVisible
PtVisible
SaveDC
RestoreDC
SelectObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
CreateBitmap

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

shlwapi

StrTrimA
PathFileExistsA

wininet

InternetTimeToSystemTime

oleaut32

LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime

ole32

CLSIDFromProgID
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CLSIDFromString
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

oledlg

ord8

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

Exports

Exports

GetNewInf
YYDS_Base64��_YYDS
YYDS_Base64��_YYDS
YYDS_GZIP_��ѹ_�ı�
YYDS_GZIP_��ѹ_ָ��
YYDS_GZIP_��ѹ_ָ��2
YYDS_GZIP_��ѹ_�ֽڼ�
YYDS_GZIP_ѹ��ı�
YYDS_GZIP_ѹ��ֽڼ�
YYDS_HEX��_
YYDS_HEX��_
YYDS_ProcessNotifyLib
YYDS_YYDS_��·��ʽ
YYDS_deflate_��ѹ
YYDS_deflate_��ѹ_ָ��
YYDS_deflate_��ѹ_ָ��2
YYDS_��CRC_
YYDS_��ֵ��_
YYDS_��б�_
YYDS_��ʱ��ı�_
YYDS_��ı�_
YYDS_��ȡ��ֵ��YZC__��ļ�
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��Base64��
YYDS_��ȡ��ֵ��YZC__��JSON��
YYDS_��ȡ��ֵ��YZC__�ӱ��
YYDS_��ȡ��ֵ��YZC__��ļ��
YYDS_��ȡ��ֵ��YZC__��ָ��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ļ�
YYDS_��ȡ��ֵ��YZC__��Base64
YYDS_��ȡ��ֵ��YZC__��JSON
YYDS_��ȡ��ֵ��YZC__��JSON��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ı�
YYDS_��ȡ��ֵ��YZC__��ı�
YYDS_��ȡ��ֵ��YZC__�ر��ļ�
YYDS_��ȡ��ֵ��YZC__�ϲ��
YYDS_��ȡ��ֵ��YZC__��ֵ��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ֵ
YYDS_��ȡ��ֵ��YZC__��ļ�
YYDS_��ȡ��ֵ��YZC__�ڲ��ʼ��
YYDS_��ȡ��ֵ��YZC__�ڲ��
YYDS_��ȡ��ֵ��YZC__�ڲ��ͷ�
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__ȡJSONֵ
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��ֵ��
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ�б�
YYDS_��ȡ��ֵ��YZC__ȡ�߼�ֵ
YYDS_��ȡ��ֵ��YZC__ȡʱ��
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��ֵ��
YYDS_��ȡ��ֵ��YZC__ȡ˫��С��
YYDS_��ȡ��ֵ��YZC__ȡ�ı�
YYDS_��ȡ��ֵ��YZC__ȡС��
YYDS_��ȡ��ֵ��YZC__ȡ��ü�ֵ��
YYDS_��ȡ��ֵ��YZC__ȡ��б�
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��б�
YYDS_��ȡ��ֵ��YZC__ȡ�ֽڼ�
YYDS_��ȡ��ֵ��YZC__ɾ��
YYDS_��ȡ��ֵ��YZC__�Ƿ��
YYDS_��ȡ��ֵ��YZC__�Ƿ�Ϊ��ֵ
YYDS_��ȡ��ֵ��YZC__�ͷ��ڴ�
YYDS_��ȡ��ֵ��YZC__��ӳ��
YYDS_��ȡ��ֵ��YZC__��Ӽ�ֵ��
YYDS_��ȡ��ֵ��YZC__��б�
YYDS_��ȡ��ֵ��YZC__��߼�ֵ
YYDS_��ȡ��ֵ��YZC__��ʱ��
YYDS_��ȡ��ֵ��YZC__��˫��С��
YYDS_��ȡ��ֵ��YZC__��ı�
YYDS_��ȡ��ֵ��YZC__��С��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ֵ
YYDS_��ȡ��ֵ��YZC__��ֽڼ�
YYDS_��ȡ��ֵ��YZC__δʵ��
YYDS_��ȡ��ֵ��YZC__��JSONֵ
YYDS_��ȡ��ֵ��YZC__�ó��
YYDS_��ȡ��ֵ��YZC__�ü�ֵ��
YYDS_��ȡ��ֵ��YZC__��б�
YYDS_��ȡ��ֵ��YZC__��߼�ֵ
YYDS_��ȡ��ֵ��YZC__��ʱ��
YYDS_��ȡ��ֵ��YZC__��˫��С��
YYDS_��ȡ��ֵ��YZC__��Ϊ��ֵ
YYDS_��ȡ��ֵ��YZC__��ı�
YYDS_��ȡ��ֵ��YZC__��С��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ֵ
YYDS_��ȡ��ֵ��YZC__��ֽڼ�
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��б��
YYDS_��ȡ��ֵ��YZC__��б�ɾ��
YYDS_��ȡ��ֵ��YZC__��б��
YYDS_��ȡ�б�YZC__��ļ�
YYDS_��ȡ�б�YZC__��볤��
YYDS_��ȡ�б�YZC__��ֵ��
YYDS_��ȡ�б�YZC__��б�
YYDS_��ȡ�б�YZC__��߼�
YYDS_��ȡ�б�YZC__��ʱ��
YYDS_��ȡ�б�YZC__��˫��С��
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__��С��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ֵ
YYDS_��ȡ�б�YZC__��ֽڼ�
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��Base64��
YYDS_��ȡ�б�YZC__��CSV��
YYDS_��ȡ�б�YZC__��JSON��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ı��ָ�
YYDS_��ȡ�б�YZC__��ļ��
YYDS_��ȡ�б�YZC__��ָ��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ļ�
YYDS_��ȡ�б�YZC__��Base64
YYDS_��ȡ�б�YZC__��CSV
YYDS_��ȡ�б�YZC__��JSON
YYDS_��ȡ�б�YZC__��JSON��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__�ر��ļ�
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__�ϲ��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__��ļ�
YYDS_��ȡ�б�YZC__�ڲ��ʼ��
YYDS_��ȡ�б�YZC__�ڲ��
YYDS_��ȡ�б�YZC__�ڲ��ͷ�
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__ȡJSONֵ
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ�
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ��ֵ��
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ�б�
YYDS_��ȡ�б�YZC__ȡ�߼�ֵ
YYDS_��ȡ�б�YZC__ȡʱ��
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ��ֵ��
YYDS_��ȡ�б�YZC__ȡ˫��С��
YYDS_��ȡ�б�YZC__ȡ�ı�
YYDS_��ȡ�б�YZC__ȡС��
YYDS_��ȡ�б�YZC__ȡ��ü�ֵ��
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ��б�
YYDS_��ȡ�б�YZC__ȡ�ֽڼ�
YYDS_��ȡ�б�YZC__ȥ�ظ�
YYDS_��ȡ�б�YZC__ɾ��
YYDS_��ȡ�б�YZC__�Ƿ��
YYDS_��ȡ�б�YZC__�Ƿ�Ϊ��ֵ
YYDS_��ȡ�б�YZC__�ͷ��ڴ�
YYDS_��ȡ�б�YZC__��ӳ��
YYDS_��ȡ�б�YZC__��Ӽ�ֵ��
YYDS_��ȡ�б�YZC__��б�
YYDS_��ȡ�б�YZC__��߼�ֵ
YYDS_��ȡ�б�YZC__��ʱ��
YYDS_��ȡ�б�YZC__��˫��С��
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__��С��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ֵ
YYDS_��ȡ�б�YZC__��ֽڼ�
YYDS_��ȡ�б�YZC__��JSONֵ
YYDS_��ȡ�б�YZC__�ó��
YYDS_��ȡ�б�YZC__�ü�ֵ��
YYDS_��ȡ�б�YZC__��б�
YYDS_��ȡ�б�YZC__��߼�ֵ
YYDS_��ȡ�б�YZC__��ʱ��
YYDS_��ȡ�б�YZC__��˫��
YYDS_��ȡ�б�YZC__��Ϊ��ֵ
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__��С��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ֵ
YYDS_��ȡ�б�YZC__��ֽڼ�
YYDS_��ȡ�б�YZC__��
YYDS_��ʽ��_δʵ��
YYDS_��֤��YZC__��JSON��
YYDS_��֤��YZC__��JSON
YYDS_��֤��YZC__��
YYDS_��֤��YZC__��ʼ��
YYDS_��֤��YZC__�ڲ��ʼ��
YYDS_��֤��YZC__�ڲ��
YYDS_��֤��YZC__�ڲ��ͷ�
YYDS_��֤��YZC__��
YYDS_��֤��YZC__��ӳ��ӳ��
YYDS_��֤��YZC__��֤��
YYDS_��֤��YZC__��֤��
YYDS_��֤��YZC__��֤��
YYDS_ӳ��_��ʼ��
YYDS_ӳ��_��ֵ��_ת�Զ��
YYDS_ӳ��_�б�_ת�Զ��
YYDS_ӳ��_��
YYDS_ӳ��_�Զ��_ת��ֵ��
YYDS_ӳ��_�Զ��_ת�б�

Sections

.text
Size: 900KB - Virtual size: 896KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 236KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

777dca9a7fd1e7a78082178166afa307

Headers

File Characteristics

Imports

kernel32

user32

gdi32

crypt32

shlwapi

wininet

oleaut32

ole32

oledlg

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.text Size: 900KB - Virtual size: 896KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 236KB - Virtual size: 367KB

.rsrc Size: 4KB - Virtual size: 664B

.reloc Size: 44KB - Virtual size: 42KB

.text
Size: 900KB - Virtual size: 896KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 236KB - Virtual size: 367KB

.rsrc
Size: 4KB - Virtual size: 664B

.reloc
Size: 44KB - Virtual size: 42KB