Behavioral task
behavioral1
Sample
09ff7736abf857d078a57b7f47deefa92d7ab9fc1d0b3d17fbad154371964ada.exe
Resource
win7-20231215-en
windows7-x64
General
-
Target
09ff7736abf857d078a57b7f47deefa92d7ab9fc1d0b3d17fbad154371964ada
-
Size
3.4MB
-
MD5
7c3a4bdaec0a21a5e1f43c528b660dd0
-
SHA1
0d57aab7c7168b9bd74b34e91b81ffdd436050e6
-
SHA256
09ff7736abf857d078a57b7f47deefa92d7ab9fc1d0b3d17fbad154371964ada
-
SHA512
6043e0aa16a491d3895cdacb379751f3345153be9abec88485dc073b15ad71a26f645edac0c4d00bc4007e5a6e3eef7ad0e4ce5dac232f8485a82cfda3a997b2
-
SSDEEP
49152:+a+onC9mzJG+NuuQ8gpaMp3rV2AY0iNMxlQ:tJC9mluzpaMp3riuQ
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 09ff7736abf857d078a57b7f47deefa92d7ab9fc1d0b3d17fbad154371964ada
Files
-
09ff7736abf857d078a57b7f47deefa92d7ab9fc1d0b3d17fbad154371964ada.exe windows:4 windows x86 arch:x86
9f487270060587a35004f1ffab4e2757
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LocalAlloc
TerminateProcess
VirtualAlloc
LocalFree
LeaveCriticalSection
LoadLibraryW
SetThreadContext
GetThreadContext
SuspendThread
CreateEventA
Sleep
FormatMessageA
IsDBCSLeadByteEx
OpenMutexA
FileTimeToSystemTime
GetLocalTime
GetProcessTimes
CopyFileA
GetVersionExA
GetWindowsDirectoryA
GetCurrentThread
VirtualProtectEx
DeviceIoControl
DebugActiveProcess
GlobalFree
IsBadReadPtr
GetThreadTimes
CreatePipe
CreateProcessA
PeekNamedPipe
ReadFile
GetExitCodeProcess
WriteFile
GetModuleFileNameW
CreateMutexA
GetModuleFileNameA
InitializeCriticalSection
TerminateThread
RtlFillMemory
OpenEventA
InterlockedDecrement
OpenFileMappingA
CreateFileMappingA
LoadLibraryA
GetProcAddress
GetCommandLineA
GetFileAttributesA
RemoveDirectoryA
SetLocalTime
WritePrivateProfileStringA
GetStartupInfoA
SetFileAttributesA
CreateDirectoryA
FindClose
FindFirstFileA
FindNextFileA
CreateFileA
MapViewOfFile
SetHandleCount
GetSystemDirectoryA
ReleaseMutex
Thread32Next
Thread32First
DeleteFileA
GetLongPathNameA
Module32Next
Module32First
SetEndOfFile
SetFilePointer
GetLastError
GetModuleHandleW
VirtualQueryEx
MoveFileA
SetWaitableTimer
CreateWaitableTimerA
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStdHandle
GetFileType
SetStdHandle
HeapSize
GetACP
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GetCurrentDirectoryA
GetFileSize
GetUserDefaultLCID
HeapReAlloc
GetTickCount
PostQueuedCompletionStatus
GetQueuedCompletionStatus
HeapDestroy
GetSystemInfo
CreateIoCompletionPort
HeapCreate
GetComputerNameA
VirtualFree
lstrcpynA
GetShortPathNameA
InterlockedIncrement
GetVersion
IsBadWritePtr
SetProcessWorkingSetSize
GetVolumeInformationA
ExitProcess
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
MulDiv
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
DeleteCriticalSection
FreeLibrary
LoadLibraryExA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenThread
IsDebuggerPresent
GetModuleHandleA
HeapFree
UnmapViewOfFile
GetTimeFormatA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject
ResumeThread
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
FlushFileBuffers
lstrcpyA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
SetLastError
GetTimeZoneInformation
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
LCMapStringA
GetTempPathA
EnterCriticalSection
CreateThread
lstrcpyn
VirtualFreeEx
RtlMoveMemory
GetExitCodeThread
CreateRemoteThread
VirtualAllocEx
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
ReadProcessMemory
OpenProcess
GetCurrentProcess
HeapAlloc
GetProcessHeap
WriteProcessMemory
lstrlenA
GlobalLock
GlobalAlloc
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
ReadFile
LockResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
WriteFile
InterlockedExchange
LoadResource
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
Process32Next
Process32First
CreateToolhelp32Snapshot
SetFilePointer
GetFileSize
GetCurrentProcess
TerminateProcess
OpenProcess
GetSystemDirectoryA
SetLastError
GetTimeZoneInformation
GetVersion
TerminateThread
FileTimeToSystemTime
CreateMutexA
ReleaseMutex
SuspendThread
InterlockedIncrement
InterlockedDecrement
GetSystemInfo
IsProcessorFeaturePresent
lstrcmpiA
LocalFree
FileTimeToLocalFileTime
lstrcpynA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
user32
RemovePropA
GetPropA
IsIconic
ShowWindowAsync
ClipCursor
EnableWindow
SwapMouseButton
GetKeyboardState
CharUpperA
PostThreadMessageA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
ReleaseCapture
CreateWindowStationA
GetKeyState
SendInput
PostQuitMessage
SetCursor
IsWindowEnabled
GetLastActivePopup
ValidateRect
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnregisterClassA
PtInRect
DestroyWindow
SetCursorPos
TabbedTextOutA
DrawTextA
GrayStringA
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
GetMessagePos
GetMessageTime
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
SetClassLongA
LoadCursorFromFileA
InvalidateRect
CallWindowProcW
ShowWindow
keybd_event
SetPropA
CreateWindowExA
IsZoomed
UpdateLayeredWindow
DefWindowProcA
FlashWindowEx
SetWindowTextA
EnumThreadWindows
GetCaretPos
SetActiveWindow
GetWindowLongA
SetLayeredWindowAttributes
SetForegroundWindow
GetDlgCtrlID
FlashWindow
UnloadKeyboardLayout
SystemParametersInfoA
GetKeyboardLayout
ActivateKeyboardLayout
GetKeyboardLayoutNameA
LoadKeyboardLayoutA
MessageBoxA
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
MapVirtualKeyA
EnumChildWindows
CharLowerA
RegisterWindowMessageA
ChangeDisplaySettingsA
EnumDisplaySettingsA
SetWindowLongA
GetCursorPos
SetFocus
OpenIcon
UpdateWindow
MoveWindow
GetParent
SetParent
GetGUIThreadInfo
SetWindowLongW
IsWindowVisible
GetWindow
MsgWaitForMultipleObjects
GetDoubleClickTime
ReleaseDC
PrintWindow
GetDC
IsWindow
ClientToScreen
KillTimer
GetWindowRect
SetCapture
CallWindowProcA
PostMessageA
SendMessageA
GetAsyncKeyState
GetDesktopWindow
ExitWindowsEx
FindWindowA
WindowFromPoint
ShowCursor
mouse_event
GetForegroundWindow
GetAncestor
GetWindowTextA
GetClientRect
SetTimer
wvsprintfA
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowInfo
EnumWindows
GetWindowTextLengthA
GetClassNameA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
SendMessageTimeoutA
FindWindowExA
GetDlgItem
GetMenuItemCount
SetWindowPos
GetKeyboardLayoutList
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
DefWindowProcA
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
TranslateMessage
LoadIconA
GetSystemMenu
DeleteMenu
GetMenu
CreateMenu
SetMenu
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
GetDesktopWindow
GetClassNameA
GetWindowThreadProcessId
FindWindowA
GetDlgItem
GetWindowTextA
GetNextDlgTabItem
FrameRect
DrawStateA
EnableWindow
GetForegroundWindow
SetWindowTextA
PeekMessageA
CreateWindowExA
RegisterHotKey
UnregisterHotKey
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
RedrawWindow
GetWindowLongA
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
SetWindowLongA
GetSysColor
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScrollWindowEx
IsDialogMessageA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA
GetSysColorBrush
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
CallWindowProcA
SetRect
SetActiveWindow
SetCursorPos
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
UnregisterClassA
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
DrawFrameControl
gdi32
OffsetViewportOrgEx
SetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
SetMapMode
ExtTextOutA
Escape
SetViewportExtEx
SetWindowExtEx
GetStockObject
GetObjectA
CreateRectRgn
CreateDIBSection
TextOutA
SetTextColor
SetBkMode
CreateFontIndirectA
GetTextExtentPointA
DeleteDC
DeleteObject
GetPixel
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmap
SaveDC
RestoreDC
SetBkColor
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
CreateBitmap
CreatePatternBrush
SelectObject
GetObjectA
CreatePen
PatBlt
CombineRgn
DPtoLP
FillRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
Ellipse
Rectangle
BeginPath
LPtoDP
CreateRectRgn
GetTextMetricsA
Escape
ExtTextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
TranslateCharsetInfo
CreateFontA
SetDIBitsToDevice
SetTextColor
SetBkMode
TextOutA
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
comdlg32
GetFileTitleA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
wsock32
WSACleanup
getsockname
sendto
ord1140
ord1141
ord1142
closesocket
ntohs
inet_addr
accept
recvfrom
connect
getpeername
bind
recv
setsockopt
ioctlsocket
socket
htons
WSAStartup
select
send
listen
wininet
InternetGetConnectedState
InternetTimeFromSystemTime
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetTimeToSystemTime
FtpOpenFileA
InternetReadFile
HttpQueryInfoA
FtpGetFileSize
InternetSetCookieA
InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetConnectA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
shell32
SHGetSpecialFolderLocation
SHGetFileInfoA
SHChangeNotify
ShellExecuteA
SHFileOperationA
SHBrowseForFolderA
SHGetSpecialFolderPathA
SHGetPathFromIDListA
Shell_NotifyIconA
ShellExecuteA
DragAcceptFiles
DragFinish
DragQueryFileA
ole32
CLSIDFromString
OleUninitialize
OleInitialize
CoUninitialize
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoCreateInstance
OleRun
OleUninitialize
CoInitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
dbghelp
MakeSureDirectoryPathExists
winhttp
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
shlwapi
PathMakeSystemFolderA
PathFindFileNameA
PathIsDirectoryA
PathIsSystemFolderA
PathRenameExtensionA
PathFindExtensionA
PathFileExistsA
PathRemoveBlanksA
StrTrimA
PathUnmakeSystemFolderA
PathIsDirectoryEmptyA
oleaut32
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
SafeArrayCreate
RegisterTypeLi
SafeArrayAllocDescriptor
LoadTypeLi
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
VariantChangeType
VariantClear
SafeArrayAllocData
LHashValOfNameSys
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
advapi32
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
LookupAccountSidA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
RegCreateKeyA
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
GetUserNameA
RegSetValueExA
RegDeleteValueA
CryptCreateHash
RegEnumValueA
RegFlushKey
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegOpenKeyA
gdiplus
GdipDrawRectangle
GdiplusStartup
GdipDrawPath
GdipDeletePath
GdipSetSmoothingMode
GdipDeletePen
GdipResetClip
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetClipHrgn
GdipCreatePen1
psapi
GetModuleFileNameExA
ws2_32
WSAEnumNetworkEvents
WSACloseEvent
WSAWaitForMultipleEvents
WSACreateEvent
WSASend
WSARecv
WSASocketA
WSAEventSelect
ntohl
accept
getpeername
recv
inet_ntoa
ioctlsocket
recvfrom
WSAStartup
WSACleanup
select
send
closesocket
WSAAsyncSelect
oledlg
ord8
rasapi32
RasGetConnectStatusA
RasHangUpA
RasGetConnectStatusA
RasHangUpA
winspool.drv
OpenPrinterA
ClosePrinter
DocumentPropertiesA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
comctl32
ord17
ImageList_Read
ord17
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_Add
ImageList_GetIcon
_TrackMouseEvent
ImageList_Duplicate
winmm
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
PlaySoundA
waveOutRestart
waveOutClose
msvfw32
DrawDibDraw
avifil32
AVIStreamInfoA
AVIStreamGetFrame
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 596KB - Virtual size: 592KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 620KB - Virtual size: 1003KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 48KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ