_CALLBACK_OnServer
_CALLBACK_PCloseWndCallBack
_CALLBACK_PConsoleMsgCallBack
_CALLBACK_PLoadEndCallBack
_CALLBACK_PRbuttonDownCallBack
_CALLBACK_PSigleActiveWndCallBack
fun_PlugStop
main
Behavioral task
behavioral1
Sample
c841a4766f3397fee9b0e069f8280067f767e39528e870b4b89707f4bcd01a11.dll
Resource
win7-20231023-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
c841a4766f3397fee9b0e069f8280067f767e39528e870b4b89707f4bcd01a11.dll
Resource
win10v2004-20231023-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
c841a4766f3397fee9b0e069f8280067f767e39528e870b4b89707f4bcd01a11
-
Size
1.8MB
-
MD5
2e99329425ba138b743855776eba81dd
-
SHA1
5f355a0fbf00f76d86f9b19932fc7aa266da4c34
-
SHA256
c841a4766f3397fee9b0e069f8280067f767e39528e870b4b89707f4bcd01a11
-
SHA512
ba1fdd4abafec2adad58c9cfb746b912c139b1fb8c7e68ca36f3f8ad7815abf19308199f3c0b0662f6a7004ea1d3fbc6befcc3d3b312ad56d2369418cfac0a99
-
SSDEEP
49152:5grVAlbotU8dWrWCKfq2QDUGsgZd7bcA5lXB/AY:0i8dWrWCKfq2QDUGsGxf
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c841a4766f3397fee9b0e069f8280067f767e39528e870b4b89707f4bcd01a11
Files
-
c841a4766f3397fee9b0e069f8280067f767e39528e870b4b89707f4bcd01a11.dll windows:4 windows x86
7f41aea6d7693f1621188c2639061d01
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
LoadLibraryA
GetCommandLineA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
GetFileSize
GetStartupInfoA
CreateDirectoryA
DeleteFileA
SetFileAttributesA
LCMapStringA
MoveFileA
CopyFileA
GetLocalTime
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
WritePrivateProfileStringA
GetModuleFileNameA
SetFilePointer
GetTickCount
GetSystemTimeAsFileTime
ReadProcessMemory
OpenThread
GetComputerNameExA
SetDllDirectoryA
ProcessIdToSessionId
ReadDirectoryChangesW
GlobalMemoryStatusEx
FreeLibrary
GetModuleHandleA
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetTimeFormatA
GetDateFormatA
lstrcatA
CreateProcessA
ResetEvent
WaitForSingleObject
GetPrivateProfileStringA
TerminateProcess
lstrcpynA
OpenProcess
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
HeapFree
HeapAlloc
GetProcessHeap
ReadFile
GetFileSizeEx
CreateFileA
CloseHandle
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
FlushFileBuffers
GetCurrentProcess
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
GlobalFlags
GetVersion
lstrcpyA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalFree
LocalAlloc
GlobalDeleteAtom
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
Sleep
GetProcAddress
IsBadReadPtr
HeapReAlloc
ExitProcess
CreateMutexA
TryEnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcmpA
lstrlenA
IsWow64Process
MulDiv
LocalSize
ReleaseMutex
OpenMutexA
WriteFile
CreatePipe
VirtualFree
VirtualAlloc
lstrcmpiW
lstrcmpW
lstrlenW
HeapCreate
HeapDestroy
RtlZeroMemory
InterlockedDecrement
InterlockedIncrement
InterlockedExchangeAdd
RtlMoveMemory
CreateThread
InitializeCriticalSection
GetLastError
user32
DestroyMenu
PostThreadMessageA
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
UpdateWindow
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
GetSystemMetrics
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
IsDialogMessageA
CreateDialogIndirectParamA
GetDlgItem
GrayStringA
TabbedTextOutA
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
MonitorFromPoint
UpdateLayeredWindow
GetClientRect
InvertRect
FillRect
DrawTextA
DrawIconEx
GetIconInfo
wvsprintfA
ExitWindowsEx
GetLastInputInfo
SwitchToThisWindow
GetWindowThreadProcessId
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetCursorPos
ReleaseDC
GetWindowRect
GetDesktopWindow
GetDC
EndDialog
MessageBoxA
SendDlgItemMessageA
wsprintfA
GetShellWindow
SystemParametersInfoA
CreateWindowExA
ws2_32
bind
WSAIoctl
ioctlsocket
recv
ntohs
getpeername
accept
listen
inet_addr
inet_ntoa
WSACleanup
getsockname
send
gethostbyname
WSAStartup
WSAGetLastError
socket
gethostname
setsockopt
htons
select
connect
closesocket
shlwapi
PathFindFileNameA
PathIsRelativeA
PathIsDirectoryA
StrToIntExW
StrToIntW
PathFileExistsA
PathRemoveBackslashA
PathFindExtensionA
PathRemoveExtensionA
PathRemoveFileSpecA
advapi32
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
CryptDecrypt
CryptDeriveKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptGetKeyParam
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptReleaseContext
CryptImportKey
CryptAcquireContextA
ChangeServiceConfigA
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
iphlpapi
GetAdaptersInfo
ole32
OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleFlushClipboard
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CLSIDFromString
CoInitialize
CreateStreamOnHGlobal
StringFromGUID2
GetHGlobalFromStream
OleRun
CLSIDFromProgID
wininet
InternetCloseHandle
HttpQueryInfoA
InternetSetCookieA
InternetQueryOptionA
InternetSetOptionA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetReadFile
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetTimeToSystemTime
shell32
SHGetSpecialFolderPathA
SHGetFolderPathA
ShellExecuteA
ord727
SHGetFileInfoA
oleaut32
VariantChangeType
LoadTypeLi
LHashValOfNameSys
SystemTimeToVariantTime
VariantInit
RegisterTypeLi
VariantCopy
SafeArrayCreate
VariantTimeToSystemTime
SafeArrayDestroy
VarR8FromBool
SysAllocString
VariantClear
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
dbghelp
MiniDumpWriteDump
gdiplus
GdipGetRegionBoundsI
GdipGetRegionDataSize
GdipGetRegionData
GdipGetRegionHRgn
GdipIsEmptyRegion
GdipIsInfiniteRegion
GdipIsEqualRegion
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipGetRegionScansCount
GdipGetRegionScans
GdipGetRegionScansI
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipTranslateRegionI
GdipTranslateRegion
GdipCombineRegionPath
GdipCreateBitmapFromResource
GdipCreateBitmapFromHICON
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetPropertyIdList
GdipGetPropertyCount
GdipRemovePropertyItem
GdipSetPropertyItem
GdipGetPropertyItem
GdipCombineRegionRegion
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageGetFrameCount
GdipGetImageThumbnail
GdipSetImagePalette
GdipGetImagePalette
GdipGetRegionBounds
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageFlags
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipCombineRegionRectI
GdipCombineRegionRect
GdipSetEmpty
GdipSetInfinite
GdipCloneBitmapArea
GdipCloneRegion
GdipCreateRegionRgnData
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRectI
GdipCreateRegionRect
GdipDeleteRegion
GdipGetStringFormatMeasurableCharacterRangeCount
GdipSetStringFormatMeasurableCharacterRanges
GdipGetStringFormatDigitSubstitution
GdipSetStringFormatDigitSubstitution
GdipGetImageBounds
GdipGetImageDimension
GdipGetImageType
GdipSaveAddImage
GdipSaveAdd
GdipSaveImageToStream
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateHICONFromBitmap
GdipCreateBitmapFromStream
GdiplusStartup
GdiplusShutdown
GdipGetImagePaletteSize
GdipTransformRegion
GdipGetStringFormatTabStops
GdipGetStringFormatTabStopCount
GdipSetStringFormatTabStops
GdipGetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatTrimming
GdipSetStringFormatTrimming
GdipGetStringFormatLineAlign
GdipSetStringFormatLineAlign
GdipGetStringFormatAlign
GdipSetStringFormatAlign
GdipGetStringFormatFlags
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipStringFormatGetGenericDefault
GdipCreateStringFormat
GdipDeleteStringFormat
GdipGetFontHeightGivenDPI
GdipGetFontHeight
GdipGetFontUnit
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily
GdipGetLogFontW
GdipGetLogFontA
GdipCloneFont
GdipCreateFontFromLogfontW
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFont
GdipDeleteFont
GdipGetLineSpacing
GdipGetCellDescent
GdipGetCellAscent
GdipGetEmHeight
GdipIsStyleAvailable
GdipGetFamilyName
GdipCloneFontFamily
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySerif
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetSolidFillColor
GdipSetSolidFillColor
GdipGetBrushType
GdipCloneBrush
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipSetPenCompoundArray
GdipSetPenDashArray
GdipGetPenDashArray
GdipGetPenDashCount
GdipSetPenDashOffset
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipSetPenDashStyle
GdipGetPenFillType
GdipGetPenBrushFill
GdipSetPenBrushFill
GdipSetPenColor
GdipGetPenColor
GdipScalePenTransform
GdipTranslatePenTransform
GdipRotatePenTransform
GdipMultiplyPenTransform
GdipResetPenTransform
GdipGetPenTransform
GdipSetPenTransform
GdipGetPenMode
GdipSetPenMode
GdipGetPenMiterLimit
GdipSetPenMiterLimit
GdipGetPenCustomEndCap
GdipCreateHBITMAPFromBitmap
GdipGetPenCustomStartCap
GdipSetPenCustomStartCap
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineCap197819
GdipSetPenUnit
GdipGetPenUnit
GdipSetPenWidth
GdipGetPenWidth
GdipClonePen
GdipCreatePen2
GdipCreatePen1
GdipDeletePen
GdipComment
GdipEndContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBeginContainer
GdipRestoreGraphics
GdipSaveGraphics
GdipIsVisibleRectI
GdipIsVisibleRect
GdipIsVisiblePointI
GdipIsVisiblePoint
GdipIsVisibleClipEmpty
GdipIsClipEmpty
GdipGetVisibleClipBoundsI
GdipGetVisibleClipBounds
GdipGetClipBoundsI
GdipGetClipBounds
GdipGetClip
GdipTranslateClipI
GdipTranslateClip
GdipResetClip
GdipSetClipHrgn
GdipSetClipRegion
GdipSetClipRectI
GdipSetClipRect
GdipSetClipPath
GdipSetClipGraphics
GdipEnumerateMetafileSrcRectDestRectI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoint
GdipDrawImagePointsRectI
GdipDrawImagePointsRect
GdipDrawImagePointRectI
GdipDrawImagePointRect
GdipDrawImagePointsI
GdipDrawImagePoints
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDrawImageRect
GdipDrawImageRectRect
GdipDrawCachedBitmap
GdipDrawImageI
GdipDrawDriverString
GdipMeasureCharacterRanges
GdipCreateRegion
GdipMeasureString
GdipDrawString
GdipFillRegion
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillClosedCurve2
GdipFillClosedCurve
GdipFillPath
GdipFillPieI
GdipFillPie
GdipFillEllipseI
GdipFillEllipse
GdipFillPolygonI
GdipFillPolygon
GdipFillRectanglesI
GdipFillRectangles
GdipFillRectangleI
GdipGraphicsClear
GdipDrawClosedCurve2I
GdipDrawClosedCurve2
GdipDrawClosedCurveI
GdipDrawClosedCurve
GdipDrawCurve3I
GdipDrawCurve3
GdipDrawCurve2I
GdipDrawCurve2
GdipDrawCurveI
GdipDrawCurve
GdipDrawPath
GdipDrawPolygonI
GdipDrawPolygon
GdipDrawPieI
GdipDrawPie
GdipDrawEllipseI
GdipDrawEllipse
GdipDrawRectanglesI
GdipDrawRectangles
GdipDrawRectangleI
GdipDrawRectangle
GdipDrawBeziersI
GdipDrawBeziers
GdipDrawBezierI
GdipDrawBezier
GdipDrawArcI
GdipDrawArc
GdipDrawLinesI
GdipDrawLines
GdipDrawLineI
GdipDrawLine
GdipGetNearestColor
GdipTransformPointsI
GdipTransformPoints
GdipGetDpiY
GdipGetDpiX
GdipGetPageScale
GdipSetPageScale
GdipGetPageUnit
GdipSetPageUnit
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipMultiplyWorldTransform
GdipGetWorldTransform
GdipGetPixelOffsetMode
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGetInterpolationMode
GdipGetTextContrast
GdipSetTextContrast
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipGetCompositingQuality
GdipSetCompositingMode
GdipGetCompositingMode
GdipSetRenderingOrigin
GdipGetRenderingOrigin
GdipReleaseDC
GdipGetDC
GdipCreateFromHDC2
GdipCreateFromHDC
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipFlush
GdipDeleteMatrix
GdipResetWorldTransform
GdipDrawImage
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipCreateMatrix
GdipSetInterpolationMode
GdipDeleteBrush
GdipFillRectangle
GdipDeleteGraphics
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipBitmapSetResolution
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipCloneBitmapAreaI
GdipGetPropertyItemSize
GdipSetPenCustomEndCap
psapi
GetProcessMemoryInfo
EnumProcesses
comctl32
ImageList_GetIcon
ord17
gdi32
CreateCompatibleDC
GetDIBits
DeleteDC
DeleteObject
CreateDIBSection
SelectObject
CreateHatchBrush
SetBkColor
CreateFontA
TextOutA
StretchBlt
CreateSolidBrush
GetObjectA
Rectangle
LineTo
GetPixel
SetPixel
Chord
Pie
Ellipse
Arc
Polygon
PolyBezierTo
MoveToEx
GetDeviceCaps
BitBlt
SetStretchBltMode
CreateCompatibleBitmap
GetStockObject
GetObjectW
CreateBitmap
SaveDC
RestoreDC
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
RectVisible
PtVisible
msimg32
TransparentBlt
AlphaBlend
winspool.drv
ClosePrinter
OpenPrinterA
DocumentPropertiesA
oledlg
ord8
Exports
Exports
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 40KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 212KB - Virtual size: 285KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 744B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 64KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ