blackmoon | 80bb0f12e5c3f9894ded201931520adfe4ae62af970cfdf424332a748fcb5ed7

Sharing

Copy URL Twitter E-mail

General

Target

80bb0f12e5c3f9894ded201931520adfe4ae62af970cfdf424332a748fcb5ed7
Size

4.1MB
MD5

f3071f7020c0368553bc33f51bedbf4f
SHA1

888ab84c63b7bccc2f36b45afca2a2e561cc7398
SHA256

80bb0f12e5c3f9894ded201931520adfe4ae62af970cfdf424332a748fcb5ed7
SHA512

ec347d68cfd70d8123563e9012e3cc7e58a632db8ee1d7a0734bffa689053d7ba15ca5754b1a04c3e6c45d671026048c19a7d52bd600fbb09d2362920afc2acd
SSDEEP

49152:MDTjZ18YLVHiwojrHLyRaX8l5tuN5hDsjgz53wJWqj2NLAJJ3/Aqo1um3:88sVHVoj7/N5tsj+E+N4m3

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
80bb0f12e5c3f9894ded201931520adfe4ae62af970cfdf424332a748fcb5ed7

Files

80bb0f12e5c3f9894ded201931520adfe4ae62af970cfdf424332a748fcb5ed7
.exe windows:4 windows x86

f433b4d1d6e4a8ed903e26260757617b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
HeapReAlloc
IsBadReadPtr
LCMapStringA
WriteFile
GetDiskFreeSpaceExA
GetCurrentDirectoryA
ReadFile
GetFileSize
DeleteFileA
GetTickCount
GetModuleFileNameA
GetUserDefaultLCID
GetSystemDirectoryA
SetCurrentDirectoryA
GetStartupInfoA
FindNextFileA
FindFirstFileA
FindClose
SetFileAttributesA
Sleep
ReadProcessMemory
LoadLibraryA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
VirtualQueryEx
lstrcpyA
lstrlenW
GetProcessHeap
lstrcmpiW
lstrcmpW
HeapFree
HeapAlloc
DeleteCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSection
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
SetFilePointer
IsBadWritePtr
VirtualAlloc
RaiseException
VirtualFree
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
RtlZeroMemory
TlsFree
GetTempFileNameA
GetTempPathA
CopyFileA
GetVersionExA
WaitForSingleObject
lstrcpynA
IsWow64Process
OpenProcess
GetNativeSystemInfo
WideCharToMultiByte
VirtualProtect
WriteProcessMemory
VirtualAllocEx
HeapCreate
TerminateThread
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
GetWindowsDirectoryA
lstrcpyn
TlsAlloc
TlsSetValue
TerminateProcess
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetVersion
PeekNamedPipe
CreateProcessA
CreateThread
LeaveCriticalSection
VirtualQuery
lstrcpynW
GetCurrentProcess
Module32Next
GetCurrentProcessId
CreateDirectoryA
MoveFileA
InterlockedCompareExchange
GetSystemInfo
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
GetSystemTime
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
WritePrivateProfileStringA
GlobalFlags
SetErrorMode
LocalReAlloc
GlobalReAlloc
GlobalHandle
MulDiv
GetStringTypeExA
LocalAlloc
LocalFree
Module32First
FreeLibrary
LoadLibraryExA
SetWaitableTimer
CreateWaitableTimerA
SetProcessAffinityMask
OpenThread
GetExitCodeThread
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
FindResourceA
LoadResource
LockResource
lstrcatA
lstrlenA
GetTimeZoneInformation
VirtualProtectEx
RemoveDirectoryA
GetLocalTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FormatMessageA
CreateRemoteThread
CreateFileA
VirtualFreeEx
GetProcAddress
GetModuleHandleA
RtlMoveMemory
DuplicateHandle
DeviceIoControl
SetLastError
GetLastError
GetCommandLineA
MultiByteToWideChar
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetEnvironmentStrings
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
InterlockedIncrement
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedExchange
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
GetCurrentProcess
SetFilePointer
GetFileSize
TerminateProcess
SetLastError
GetTimeZoneInformation
GetVersion
GetProcessVersion

shlwapi

PathFindFileNameA
PathFindExtensionA
StrToIntW
StrToIntExW
StrToIntExA
PathFileExistsA

ws2_32

WSAStartup
htons
WSACleanup
inet_ntoa
WSAAsyncSelect
closesocket
WSACleanup
accept
getpeername
recv
ioctlsocket
recvfrom

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

user32

TranslateMessage
GetMessageA
GetSystemMetrics
ShowWindow
FindWindowA
GetDlgItem
DispatchMessageA
wsprintfA
ClientToScreen
DefWindowProcA
RemovePropA
MessageBoxA
GetCursorPos
SendMessageA
WindowFromPoint
MsgWaitForMultipleObjects
GetClassNameA
GetWindowTextA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
PeekMessageA
LoadStringA
GetForegroundWindow
DestroyMenu
GetMenuItemCount
GetDlgCtrlID
UnregisterClassA
EndDialog
CreateDialogIndirectParamA
DestroyWindow
SetForegroundWindow
SetActiveWindow
GetActiveWindow
IsWindowEnabled
EnableWindow
IsWindow
SetWindowTextA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
SetCursor
PostMessageA
PostQuitMessage
GetWindow
PtInRect
GetWindowLongA
SetWindowLongA
UpdateWindow
SystemParametersInfoA
GetDC
ReleaseDC
wvsprintfA
GetWindowRect
GetSysColorBrush
CallWindowProcA
SendDlgItemMessageA
IsDialogMessageA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
GetMessagePos
GetMessageTime
RegisterWindowMessageA
GetAncestor
GetWindowThreadProcessId
IsWindowVisible
GetParent
EnumWindows
PostThreadMessageA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
DefWindowProcA
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
GetClassInfoA
IsZoomed
PostQuitMessage
SetCapture
CopyAcceleratorTableA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetForegroundWindow
GetWindowTextLengthA
CharUpperA
GetWindowDC
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA
GetSysColorBrush
EnableMenuItem
GetDesktopWindow
GetClassNameA
UnregisterClassA
GetDlgItem
GetWindowTextA
GetSubMenu
GetDlgCtrlID
BeginPaint
CreateAcceleratorTableA
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon

advapi32

CreateServiceA
DeleteService
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
CryptGetHashParam
CryptHashData
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CreateProcessAsUserA
StartServiceA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA
Shell_NotifyIconA

ole32

OleInitialize
OleUninitialize
CLSIDFromString
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoRevokeClassObject
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize
OleRun
CLSIDFromString

psapi

GetModuleInformation

oleaut32

VariantCopy
SafeArrayGetDim
SafeArrayAccessData
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
SafeArrayGetLBound
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAllocData
SafeArrayGetUBound
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

gdi32

SetWindowExtEx
GetDeviceCaps
ScaleWindowExtEx
SetViewportExtEx
DeleteObject
SetViewportOrgEx
DeleteDC
SelectObject
ScaleViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetStockObject
GetObjectA
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
OffsetViewportOrgEx
GetClipBox
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CombineRgn
PatBlt
CreatePen
GetObjectA
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
CreateRectRgn
FillRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
GetTextExtentPoint32A
GetDeviceCaps
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetPolyFillMode

wininet

InternetReadFile
HttpQueryInfoA
HttpSendRequestA
InternetCanonicalizeUrlA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetSetCookieA
InternetGetCookieA
InternetSetOptionA
InternetCrackUrlA
HttpOpenRequestA

winhttp

WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpCheckPlatform
WinHttpReadData
WinHttpQueryHeaders

rasapi32

RasGetConnectStatusA
RasHangUpA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
OpenPrinterA
DocumentPropertiesA
ClosePrinter

wsock32

send
select
WSACleanup
closesocket
recv

winmm

midiStreamClose
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
midiStreamRestart
waveOutPrepareHeader
midiOutReset
midiStreamStop
waveOutUnprepareHeader

comctl32

ImageList_Destroy
ord17

comdlg32

GetSaveFileNameA
ChooseColorA
GetFileTitleA
GetOpenFileNameA

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f433b4d1d6e4a8ed903e26260757617b

Headers

File Characteristics

Imports

kernel32

shlwapi

ws2_32

version

user32

advapi32

shell32

ole32

psapi

oleaut32

gdi32

wininet

winhttp

rasapi32

winspool.drv

wsock32

winmm

comctl32

comdlg32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 152KB - Virtual size: 149KB

.data Size: 2.2MB - Virtual size: 2.4MB

.rsrc Size: 24KB - Virtual size: 22KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 152KB - Virtual size: 149KB

.data
Size: 2.2MB - Virtual size: 2.4MB

.rsrc
Size: 24KB - Virtual size: 22KB