blackmoon | e6a55da2e54470ca33d0f3f000b1f51cfa7d3543c5c72fc35aa231468f76c424

Sharing

Copy URL Twitter E-mail

General

Target

e6a55da2e54470ca33d0f3f000b1f51cfa7d3543c5c72fc35aa231468f76c424
Size

328KB
MD5

2702d9e2fd27396a1877865f40f12fe6
SHA1

9e28c85ff040912737dc552ed0334b224747543f
SHA256

e6a55da2e54470ca33d0f3f000b1f51cfa7d3543c5c72fc35aa231468f76c424
SHA512

3c7c7037f152e531fed02a9186260a2e2cdccf47b5de361a3f7b8c3d9e36843f22b0ea06f7f19c4a9930bd81a045917840a34a84242c2fcfe467dd34e5c1748a
SSDEEP

3072:rUfgAEVos0FnRL75oCXLdcJDWFG7XU8F5iMi6Tg4NyAuaS7sA2OcFT4izeoJ3ctj:rUfgAEVoDFC3TYQAHDoBoDs/z

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6a55da2e54470ca33d0f3f000b1f51cfa7d3543c5c72fc35aa231468f76c424

Files

e6a55da2e54470ca33d0f3f000b1f51cfa7d3543c5c72fc35aa231468f76c424
.dll windows:4 windows x86 arch:x86

a2948a84684393246e35e7808192d9d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetCommandLineA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetLocalTime
GetFileSize
WriteFile
ReadFile
SetFilePointer
CreateFileA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
GlobalSize
lstrcpynA
lstrcpyn
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
CloseHandle
OpenProcess
GetCurrentProcess
LocalAlloc
LocalFree
WideCharToMultiByte
lstrlenW
FindClose
FindFirstFileW
GetFileAttributesW
MultiByteToWideChar
VirtualProtect
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
GetStringTypeW
GetStringTypeA
Sleep
GetTickCount
GetTimeZoneInformation
SetLastError
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
lstrcpyA
DeleteCriticalSection
FlushFileBuffers
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatA
GetVersion
MulDiv
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
TerminateProcess
RaiseException
GetSystemTime
GetACP
HeapSize
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
RtlMoveMemory

user32

GetDlgCtrlID
GetWindow
ClientToScreen
GetMenuItemCount
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowPos
ShowWindow
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
CheckMenuItem
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
GetWindowRect
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
GetWindowLongA
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
SetForegroundWindow
SetActiveWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
IsWindow
SetWindowTextA
GetWindowTextA
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
GetSystemMetrics
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
ShowWindowAsync
CallWindowProcA
SetPropA
RegisterHotKey
RemovePropA
UnregisterHotKey
SetWindowLongA
GetPropA
ReleaseDC
GetDC
GetSubMenu

gdi32

GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
ExtTextOutA
SetMapMode
RectVisible
PtVisible
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetDIBits
DeleteObject
DeleteDC
GetObjectA
GetStockObject
SetTextColor
SetBkColor
RestoreDC
SaveDC
TextOutA
Escape
CreateBitmap

wininet

InternetConnectA
InternetCloseHandle
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenA

advapi32

CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

ole32

CreateStreamOnHGlobal
CLSIDFromString
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

gdiplus

GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipSaveImageToStream
GdipLoadImageFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdiplusStartup
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteGraphics
GdipDrawImageRectRect
GdipFillRectangle

oledlg

ord8

rasapi32

RasHangUpA
RasGetConnectStatusA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

wsock32

WSAStartup
WSACleanup
select
closesocket
recv
send

shell32

SHGetSpecialFolderPathA

Exports

Exports

luaopen_emh

Sections

.text
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2948a84684393246e35e7808192d9d1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

wininet

advapi32

ole32

gdiplus

oledlg

rasapi32

winspool.drv

comctl32

wsock32

shell32

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 224KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 36KB - Virtual size: 181KB

.rsrc Size: 4KB - Virtual size: 664B

.reloc Size: 28KB - Virtual size: 26KB

.text
Size: 228KB - Virtual size: 224KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 36KB - Virtual size: 181KB

.rsrc
Size: 4KB - Virtual size: 664B

.reloc
Size: 28KB - Virtual size: 26KB