blackmoon | c61382910ffc7fb40a192d3e30833b70561ced9c4fc5e3e18b543abc1a44dd1b

Sharing

Copy URL Twitter E-mail

General

Target

c61382910ffc7fb40a192d3e30833b70561ced9c4fc5e3e18b543abc1a44dd1b
Size

11.3MB
MD5

05c12e4c5dc8480f7b3266ea66b95415
SHA1

346cad5da3be7a3b64d2b832babd4618c07651ce
SHA256

c61382910ffc7fb40a192d3e30833b70561ced9c4fc5e3e18b543abc1a44dd1b
SHA512

ecc4072fa0190685850759ef0765464ec2c0b73d97f7863cc4e6e92acbdc27ca51853b80039fa510899c0ecf533462b17e0e9aba8db5f4b0e436792b0d4df585
SSDEEP

196608:zNym2iBYGfsV3LOinXUMD+cpvJ/4H3nmghWoa/fsysMF4JD85lPkji3:zN4H3hUMFgXnU7sElPy

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c61382910ffc7fb40a192d3e30833b70561ced9c4fc5e3e18b543abc1a44dd1b

Files

c61382910ffc7fb40a192d3e30833b70561ced9c4fc5e3e18b543abc1a44dd1b
.exe windows:5 windows x86 arch:x86

1731b5d7fffeb69c27de9f635b2aa343

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord219

kernel32

GetEnvironmentVariableA
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
SetLastError
FormatMessageW
VerSetConditionMask
VerifyVersionInfoW
CompareFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
CreateFileW
FindResourceW
WriteFile
SizeofResource
LoadResource
MoveFileExW
GetModuleHandleW
SleepEx
GetTickCount
WaitForSingleObject
SetEvent
ExitProcess
CreateDirectoryW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GetSystemDirectoryW
Sleep
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
FindClose
WideCharToMultiByte
MultiByteToWideChar
CreateProcessW
GetModuleFileNameW
LoadLibraryW
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetProcAddress
FreeLibrary
DecodePointer
GetOEMCP
GetStringTypeW
EncodePointer
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
FlushConsoleInputBuffer
OutputDebugStringA
GetCurrentThreadId
GetModuleHandleA
GlobalMemoryStatus
LoadLibraryA
GetSystemTime
SystemTimeToFileTime
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetCurrentDirectoryW
FreeResource
LockResource
GetACP
GetFileSize
MulDiv
DuplicateHandle
SetFilePointer
DosDateTimeToFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocalTime
LocalFree
GetFileAttributesExW
SetEndOfFile
SetEnvironmentVariableA
GetVersionExA
ReleaseMutex
CreateMutexW
RtlUnwind
LoadLibraryExW
InterlockedPushEntrySList
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
SetConsoleCtrlHandler
GetConsoleMode
IsValidCodePage
ReadConsoleInputA
SetConsoleMode
WriteConsoleW
ReadConsoleW
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetTimeZoneInformation
GetFullPathNameW
SetStdHandle
FindFirstFileExW

user32

SetWindowLongW
CreateCaret
SetCaretPos
KillTimer
SetTimer
GetCaretBlinkTime
GetFocus
IntersectRect
GetWindow
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
IsIconic
UnionRect
GetWindowRect
UpdateLayeredWindow
InvalidateRect
CreateWindowExW
IsWindowVisible
ScreenToClient
GetCursorPos
GetMessageW
TranslateMessage
DispatchMessageW
IsWindow
SetCapture
ReleaseCapture
PostMessageW
PtInRect
GetParent
OffsetRect
SetCursor
LoadCursorW
DefWindowProcW
GetWindowLongW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetSystemMetrics
RegisterClassW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetPropW
GetPropW
IsZoomed
MonitorFromPoint
SetWindowRgn
MessageBoxW
MoveWindow
GetWindowRgn
CharNextW
DrawTextW
FillRect
SetRect
CharPrevW
ShowCaret
HideCaret
ClientToScreen
GetSysColor
GetCaretPos
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
MapWindowPoints
InvalidateRgn
CreateAcceleratorTableW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
SetWindowPos
GetClientRect
DestroyWindow
GetKeyState
ReleaseDC
EnableWindow
FindWindowW
SetForegroundWindow
SetActiveWindow
SetFocus
ShowWindow
PostQuitMessage
SendMessageW
wsprintfW
GetDC

shell32

SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHChangeNotify
SHGetPathFromIDListW

ole32

CLSIDFromProgID
OleLockRunning
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal

shlwapi

wnsprintfW

crypt32

CertGetIntendedKeyUsage
CertOpenSystemStoreW
CertOpenStore
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore

comctl32

ord17
_TrackMouseEvent

ws2_32

send
recv
closesocket
WSAGetLastError
bind
shutdown
ntohl
inet_addr
connect
getpeername
getsockname
getsockopt
getservbyname
gethostname
sendto
recvfrom
htons
ntohs
setsockopt
socket
WSAIoctl
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
gethostbyname
htonl
accept
WSACleanup
WSAStartup
WSASetLastError

gdi32

SetBkColor
CreateCompatibleBitmap
GetTextExtentPoint32W
TextOutW
GetTextMetricsW
BitBlt
RestoreDC
SaveDC
SelectObject
CreateCompatibleDC
SetTextColor
SetBkMode
StretchBlt
SetStretchBltMode
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
PtInRegion
CreateRectRgn
CreateDIBSection
CreateRoundRectRgn
DeleteDC
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
GetObjectA
GetDeviceCaps
DeleteObject
CreateSolidBrush
GetCharABCWidthsW

advapi32

CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptEnumProvidersA

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdiplus

GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipCreatePen1
GdipDeletePen
GdipSetStringFormatTrimming
GdipDrawLineI
GdipSetPenMode
GdipDrawRectangleI
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipDrawPath
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipCloneImage
GdipDrawImageRectI
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusStartup
GdipSetPenDashStyle

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1731b5d7fffeb69c27de9f635b2aa343

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

kernel32

user32

shell32

ole32

shlwapi

crypt32

comctl32

ws2_32

gdi32

advapi32

oleaut32

gdiplus

imm32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 568KB - Virtual size: 567KB

.data Size: 52KB - Virtual size: 73KB

.gfids Size: 1024B - Virtual size: 592B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 8.4MB - Virtual size: 8.4MB

.reloc Size: 106KB - Virtual size: 105KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 568KB - Virtual size: 567KB

.data
Size: 52KB - Virtual size: 73KB

.gfids
Size: 1024B - Virtual size: 592B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 8.4MB - Virtual size: 8.4MB

.reloc
Size: 106KB - Virtual size: 105KB