Behavioral task
behavioral1
Sample
3d4879904b2da4ba8041f0d45f5d16536fccf91f364533e17847dc73364b28cd.exe
Resource
win7-20231020-en
windows7-x64
General
-
Target
3d4879904b2da4ba8041f0d45f5d16536fccf91f364533e17847dc73364b28cd
-
Size
3.9MB
-
MD5
983fe27fd0916d28e6782606ea24f97d
-
SHA1
ac4983a5686a73995ab6e1892411e289b208a0c1
-
SHA256
3d4879904b2da4ba8041f0d45f5d16536fccf91f364533e17847dc73364b28cd
-
SHA512
9436697eb2bb9556e2965c08c8ace975ade15083d5ed16204b3c7a61bde9838540d303ec0a3e93307ab881589aa355ac99336736674c25060be3153b3bbb833b
-
SSDEEP
49152:qKCTN43I9NMM6Sc1ZhDX0/n8aUpnS6thhQjwCffgC:QR43IHMMSQ8aUpnS6VzCP
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3d4879904b2da4ba8041f0d45f5d16536fccf91f364533e17847dc73364b28cd
Files
-
3d4879904b2da4ba8041f0d45f5d16536fccf91f364533e17847dc73364b28cd.exe windows:4 windows x86 arch:x86
eecb95d39afa1a3c6bf3b05592772817
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetCommandLineA
WritePrivateProfileStringA
DeviceIoControl
GetVolumeInformationA
GetVersionExA
GetComputerNameA
CreatePipe
CreateProcessA
PeekNamedPipe
ReadFile
GetExitCodeProcess
GetLastError
FormatMessageA
LoadLibraryExA
FreeLibrary
LCMapStringA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
GlobalFree
RtlFillMemory
CreateMutexA
ReleaseMutex
OpenMutexA
HeapFree
DebugActiveProcess
CreateEventA
GetShortPathNameA
WriteFile
Sleep
GetVersion
VirtualProtectEx
SetProcessWorkingSetSize
GetCurrentProcessId
VirtualQueryEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
GetProcessTimes
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetModuleFileNameA
Module32Next
LocalFree
LocalAlloc
TerminateThread
TerminateProcess
FileTimeToSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
LCMapStringW
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStdHandle
SetHandleCount
GetFileType
SetStdHandle
HeapSize
GetACP
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
GetLocalTime
GetThreadTimes
ResumeThread
SuspendThread
SetFileAttributesA
GetFileAttributesA
GetCurrentDirectoryA
SetLocalTime
GetStartupInfoA
SetFilePointer
SetEndOfFile
InterlockedIncrement
GetUserDefaultLCID
CreateDirectoryA
FindFirstFileA
CopyFileA
RemoveDirectoryA
FindNextFileA
FindClose
GetFileSize
GetTickCount
IsBadReadPtr
IsDBCSLeadByteEx
GetDateFormatA
GetTimeFormatA
HeapReAlloc
OpenThread
RtlMoveMemory
lstrlenA
GetCurrentThreadId
DeleteFileA
MoveFileA
GetThreadContext
ExitProcess
VirtualFree
VirtualAlloc
SetThreadContext
VirtualAllocEx
CreateThread
SetWaitableTimer
CreateWaitableTimerA
InterlockedDecrement
OpenEventA
Thread32Next
Thread32First
WaitForSingleObject
CreateRemoteThread
MulDiv
lstrcatA
SetErrorMode
TlsGetValue
CreateFileA
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
FlushFileBuffers
GetLongPathNameA
lstrcpyn
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
ReadProcessMemory
lstrcpyA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
SetLastError
GetTimeZoneInformation
IsDebuggerPresent
GetProcessHeap
HeapAlloc
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
Module32First
OpenProcess
WriteProcessMemory
GetModuleHandleA
GetProcAddress
GetExitCodeThread
VirtualFreeEx
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetCurrentProcess
lstrcpynA
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
LocalReAlloc
GlobalHandle
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
GetFileType
SetEnvironmentVariableA
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableW
LCMapStringA
GlobalUnlock
FindFirstFileA
FindClose
SetFileAttributesA
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
ReleaseMutex
SuspendThread
SetNamedPipeHandleState
WaitNamedPipeA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
OpenEventA
LCMapStringW
VirtualAlloc
IsBadWritePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetStringTypeA
GetStringTypeW
SetStdHandle
SetUnhandledExceptionFilter
CompareStringA
TlsAlloc
TlsFree
CompareStringW
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
GlobalLock
GlobalAlloc
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
GetDriveTypeA
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrlenW
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
DeviceIoControl
CreateFileA
WaitForMultipleObjects
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
TerminateThread
GetWindowsDirectoryA
GetCurrentProcess
TlsSetValue
TlsGetValue
InterlockedIncrement
InterlockedDecrement
CreateMutexA
user32
GetAncestor
GetGUIThreadInfo
DefWindowProcA
UpdateLayeredWindow
IsZoomed
CreateWindowExA
SetPropA
DestroyWindow
RemovePropA
GetPropA
ReleaseDC
GetDC
GetDlgItem
OpenIcon
GetWindowInfo
FlashWindow
EnumWindows
GetDlgCtrlID
InvalidateRect
IsIconic
SetForegroundWindow
PostQuitMessage
SetCursor
IsWindowEnabled
GetLastActivePopup
ValidateRect
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnregisterClassA
PtInRect
GetMenuItemCount
TabbedTextOutA
DrawTextA
GrayStringA
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
GetMessagePos
GetMessageTime
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
GetWindowTextA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
ExitWindowsEx
SetWindowPos
SetParent
UpdateWindow
GetWindowRect
SetLayeredWindowAttributes
GetWindowLongA
SetWindowTextA
GetWindowTextLengthA
GetClassNameA
GetParent
SwapMouseButton
SetClassLongA
LoadCursorFromFileA
CallNextHookEx
SetWindowsHookExA
GetKeyboardState
GetAsyncKeyState
ShowCursor
SetCapture
ReleaseCapture
ClipCursor
FindWindowExA
GetDoubleClickTime
mouse_event
SetCursorPos
ClientToScreen
SendInput
EnumChildWindows
GetWindow
GetDesktopWindow
SetTimer
ChangeDisplaySettingsA
EnumDisplaySettingsA
FindWindowA
MoveWindow
SetWindowLongA
MsgWaitForMultipleObjects
UnhookWindowsHookEx
PrintWindow
RegisterWindowMessageA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
KillTimer
CreateWindowStationA
CharUpperA
PostMessageA
GetWindowThreadProcessId
GetClientRect
GetForegroundWindow
AttachThreadInput
GetFocus
SetFocus
wvsprintfA
GetKeyState
EnableWindow
CallWindowProcA
keybd_event
MapVirtualKeyA
GetCaretPos
EnumThreadWindows
SendMessageTimeoutA
CharLowerA
IsWindowVisible
ShowWindow
GetCursorPos
WindowFromPoint
SendMessageA
FlashWindowEx
ShowWindowAsync
EmptyClipboard
SetClipboardData
UnloadKeyboardLayout
GetKeyboardLayoutList
SystemParametersInfoA
GetKeyboardLayout
ActivateKeyboardLayout
GetKeyboardLayoutNameA
LoadKeyboardLayoutA
MessageBoxA
wsprintfA
GetSystemMetrics
SetActiveWindow
IsWindow
CloseClipboard
GetClipboardData
WinHelpA
OpenClipboard
GetActiveWindow
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
LockWindowUpdate
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
SystemParametersInfoA
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
GetMenuItemCount
SetWindowTextA
GetWindowTextA
GetSystemMenu
LoadImageA
EnumDisplaySettingsA
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
ShowWindow
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetWindowTextLengthA
CharUpperA
BeginPaint
EndPaint
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetClassLongA
CreateWindowExA
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
GetForegroundWindow
GetCursor
DrawTextA
SetPropA
CallWindowProcA
MoveWindow
GetPropA
FrameRect
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetWindowDC
EnumChildWindows
WindowFromDC
TabbedTextOutA
GrayStringA
DrawStateA
GetTabbedTextExtentA
UnregisterClassA
GetMenuState
GetMenuStringA
GetCursorPos
GetMenuItemID
gdi32
Escape
GetObjectA
GetTextExtentPointA
CreateCompatibleBitmap
GetPixel
CreateRectRgn
DeleteDC
CreateDIBSection
CreateCompatibleDC
DeleteObject
TextOutA
SetTextColor
SetBkMode
SelectObject
CreateFontIndirectA
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetStockObject
GetDeviceCaps
PtVisible
ExtTextOutA
RectVisible
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
CreateBrushIndirect
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
SetPixel
CreateRectRgnIndirect
SetBkColor
SetBkMode
SetTextColor
SetWindowOrgEx
SaveDC
RestoreDC
CreatePenIndirect
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetViewportExtEx
GetTextMetricsA
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
SetPixelV
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetWindowOrgEx
GetDeviceCaps
comdlg32
GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA
ChooseColorA
GetFileTitleA
wininet
HttpSendRequestA
HttpOpenRequestA
FtpGetFileSize
InternetConnectA
InternetOpenA
FtpOpenFileA
InternetTimeToSystemTime
InternetTimeFromSystemTime
InternetReadFile
InternetSetCookieA
HttpQueryInfoA
InternetCloseHandle
shell32
ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA
SHFileOperationA
SHChangeNotify
Shell_NotifyIconA
ShellExecuteA
shlwapi
PathMakeSystemFolderA
PathIsSystemFolderA
PathIsDirectoryEmptyA
PathUnmakeSystemFolderA
PathFindFileNameA
StrTrimA
PathIsDirectoryA
PathRenameExtensionA
PathFindExtensionA
PathFileExistsA
PathRemoveBlanksA
oleaut32
SafeArrayUnaccessData
SafeArrayGetDim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayGetUBound
SysAllocString
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SysAllocString
VariantInit
VariantCopyInd
VariantChangeType
VariantClear
dbghelp
MakeSureDirectoryPathExists
ole32
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoFreeUnusedLibraries
CLSIDFromProgID
OleInitialize
gdiplus
GdipDrawPath
GdipDeleteGraphics
GdipResetClip
GdipDeletePen
GdipDeletePath
GdipDrawRectangle
GdipCreatePen1
GdipSetSmoothingMode
GdipSetClipHrgn
GdipCreateFromHDC
GdiplusStartup
advapi32
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
CryptAcquireContextA
CryptCreateHash
RegFlushKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegSetValueExA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
CryptHashData
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegEnumValueA
psapi
GetModuleFileNameExA
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
winhttp
WinHttpTimeToSystemTime
WinHttpTimeFromSystemTime
oledlg
ord8
rasapi32
RasGetConnectStatusA
RasHangUpA
winspool.drv
DocumentPropertiesA
OpenPrinterA
ClosePrinter
ClosePrinter
DocumentPropertiesA
OpenPrinterA
comctl32
ord17
_TrackMouseEvent
ImageList_GetImageCount
ImageList_Draw
ImageList_AddMasked
ImageList_GetIcon
ImageList_SetBkColor
ord17
ImageList_Destroy
ImageList_Create
ImageList_Read
ImageList_DrawIndirect
ImageList_GetImageInfo
ImageList_Duplicate
wsock32
send
select
WSACleanup
recv
closesocket
WSAStartup
winmm
waveOutUnprepareHeader
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutRestart
midiStreamRestart
waveOutPrepareHeader
waveOutWrite
waveOutPause
msimg32
GradientFill
ws2_32
socket
setsockopt
htons
shutdown
getservbyname
ntohs
WSAGetLastError
ntohl
accept
getpeername
recv
connect
ioctlsocket
recvfrom
inet_addr
inet_ntoa
gethostbyname
WSAStartup
WSACleanup
send
closesocket
WSAAsyncSelect
Sections
.text Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 268KB - Virtual size: 266KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.2MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 32KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ