blackmoon | 4c7cbca37f3c42477d6c643ff561b71ba2f26eb28a28479998dfea62df0d612c

Sharing

Copy URL Twitter E-mail

General

Target

4c7cbca37f3c42477d6c643ff561b71ba2f26eb28a28479998dfea62df0d612c
Size

4.0MB
MD5

458b0ff0635b9827f96565060c20dfb4
SHA1

7a2531e46e6b401c310a289e7a9c30a4acdc56b5
SHA256

4c7cbca37f3c42477d6c643ff561b71ba2f26eb28a28479998dfea62df0d612c
SHA512

f083eb77cc24d069c6b092e7ceadbec79e5bfb72a8c73a696ee4f83ab197b66caa40aa4f7da7fae7daaaf332d8e6556fca38a838e11879f75650c12f8b48aff9
SSDEEP

98304:OdR61KQyndRf2VrRIECCHoNTaxj1GNVzi8:YNPditroY112H

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c7cbca37f3c42477d6c643ff561b71ba2f26eb28a28479998dfea62df0d612c

Files

4c7cbca37f3c42477d6c643ff561b71ba2f26eb28a28479998dfea62df0d612c
.dll windows:4 windows x86

5836656d1f2181d2fc91aa315d3608fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MulDiv
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
SetLastError
GetLastError
GlobalFindAtomA
IsBadStringPtrA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessHeap
LockResource
LoadResource
FindResourceA
GetProcessVersion
FlushFileBuffers
HeapCreate
GetCPInfo
HeapDestroy
TlsAlloc
GetVersion
TlsSetValue
GetCurrentProcessId
GetEnvironmentVariableA
SetEnvironmentVariableA
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
GetStdHandle
CopyFileA
InterlockedDecrement
LocalReAlloc
GlobalReAlloc
TlsFree
GlobalHandle
DeleteCriticalSection
IsBadWritePtr
VirtualFree
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
GetOEMCP
GetFileAttributesA
LocalFree
RtlUnwind
LocalAlloc
RaiseException
GlobalAlloc
FreeLibrary
CreatePipe
CreateProcessA
CloseHandle
PeekNamedPipe
ReadFile
GetExitCodeProcess
GlobalFree
ExitProcess
HeapReAlloc
IsBadReadPtr
WriteFile
GetTickCount
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
GetTempPathA
GlobalDeleteAtom
TerminateProcess
HeapSize
SetEndOfFile
GetACP
GetStringTypeExA
TlsGetValue
SetHandleCount
FreeEnvironmentStringsA
GetSystemDirectoryA
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
GetModuleHandleA
RtlMoveMemory
HeapFree
Sleep
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
SetFilePointer
VirtualProtect
VirtualQuery
GetSystemInfo
InterlockedCompareExchange
InterlockedExchange
lstrlenA
lstrcpyn
CreateThread
VirtualAlloc
GetCurrentProcess
VirtualFreeEx
HeapAlloc
CreateFileA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
GetModuleFileNameA
GetCommandLineA
GetVersionExA
GlobalLock
GlobalUnlock
GetUserDefaultLCID
FindClose
FindFirstFileA
FindNextFileA
GetFileSize
lstrcmpA
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
GetLocalTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
InterlockedIncrement
SetStdHandle
GetSystemTimeAsFileTime
GetSystemTime
LockFile
UnlockFile
SetEndOfFile
FlushFileBuffers
SuspendThread
TerminateThread
ReleaseMutex
CreateMutexA
GetTempPathW
CreateFileW
SetFilePointer
GetFileSize
GetCurrentProcess
TerminateProcess
DeleteFileW
GetVersionExW
LoadLibraryW
VirtualQuery
GetModuleHandleW
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
CreateDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
CloseHandle
WaitForSingleObject
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress

user32

PostQuitMessage
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnhookWindowsHookEx
UnregisterClassA
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
CreateDialogIndirectParamA
IsDialogMessageA
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
EndDialog
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
SendDlgItemMessageA
PeekMessageA
GetMessageTime
RegisterClassA
GetMenuItemCount
GetMenuItemID
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GrayStringA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
CharUpperA
GetWindowTextLengthA
GetWindowTextA
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
GetDesktopWindow
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
MessageBoxW
UnregisterClassA
LoadStringA
GetSysColorBrush
TrackPopupMenu
MessageBoxA

ole32

CLSIDFromProgID
CLSIDFromString
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
CLSIDFromProgID
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize

shell32

ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
VariantChangeType
SafeArrayGetElemsize
LoadTypeLi
RegisterTypeLi
VariantCopy
VarR8FromBool
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime
VarR8FromCy
LHashValOfNameSys
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy

wininet

InternetTimeToSystemTime

shlwapi

PathFindExtensionA
StrTrimA
PathFileExistsA
PathFindFileNameA

dbghelp

MakeSureDirectoryPathExists

winhttp

WinHttpQueryHeaders
WinHttpOpen
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpWriteData
WinHttpSetCredentials
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpReadData
WinHttpSetOption
WinHttpAddRequestHeaders

crypt32

CryptStringToBinaryA
CryptBinaryToStringA
CryptImportPublicKeyInfo
CertFreeCertificateContext
CryptDecodeObjectEx
CertCloseStore

advapi32

CryptSetKeyParam
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextA
CryptExportKey
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptGetKeyParam
CryptHashData
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
CryptAcquireContextA
CryptCreateHash
RegCloseKey
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

gdi32

PtVisible
RectVisible
TextOutA
GetDeviceCaps
Escape
GetObjectA
GetClipBox
GetStockObject
CreateBitmap
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtTextOutA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SaveDC
GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
Ellipse
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
GetTextMetricsA
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
GetDeviceCaps
GetTextExtentPoint32A
RoundRect
GetCurrentObject
DPtoLP
LPtoDP
Rectangle
RestoreDC
CreatePolygonRgn

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA
DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17
ord17
ImageList_Destroy

oledlg

ord8

winmm

waveOutReset
midiStreamClose
midiOutReset
midiStreamStop
waveOutRestart
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
midiStreamRestart
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut

ws2_32

inet_ntoa
ntohl
accept
getpeername
WSACleanup
recv
ioctlsocket
recvfrom
WSAAsyncSelect
closesocket

comdlg32

ChooseColorA
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA
GetFileTitleA

Exports

Exports

QX_free
QX_func
QX_init
QX_menu

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 580KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 620KB - Virtual size: 782KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5836656d1f2181d2fc91aa315d3608fb

Headers

File Characteristics

Imports

kernel32

user32

ole32

shell32

oleaut32

wininet

shlwapi

dbghelp

winhttp

crypt32

advapi32

gdi32

winspool.drv

comctl32

oledlg

winmm

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 580KB - Virtual size: 576KB

.data Size: 620KB - Virtual size: 782KB

.rsrc Size: 24KB - Virtual size: 22KB

.reloc Size: 148KB - Virtual size: 145KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 580KB - Virtual size: 576KB

.data
Size: 620KB - Virtual size: 782KB

.rsrc
Size: 24KB - Virtual size: 22KB

.reloc
Size: 148KB - Virtual size: 145KB