blackmoon | d76d43d9fd18291784f1b119f502da9e7000b550664e0274beb7177a408425bc

Sharing

Copy URL Twitter E-mail

General

Target

d76d43d9fd18291784f1b119f502da9e7000b550664e0274beb7177a408425bc
Size

428KB
MD5

481d61e9adfa9facff948e8db9b94e20
SHA1

45278891c30b940e2a12c9ac7b484ee2549b4312
SHA256

d76d43d9fd18291784f1b119f502da9e7000b550664e0274beb7177a408425bc
SHA512

561971d3fcda1d40edec6f214a37af995309e469f0a3de1c217a08b5761a48796412e089482d2e3c87b9cf70f0c90bac554514925ab4469472c3bcdc7e3c9af1
SSDEEP

12288:VH4EYJ40zVeObqDTeUcoSDzKX3aiImz3e3a:VH4N40zV/+DyUco2zKXBImzuK

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d76d43d9fd18291784f1b119f502da9e7000b550664e0274beb7177a408425bc

Files

d76d43d9fd18291784f1b119f502da9e7000b550664e0274beb7177a408425bc
.exe windows:4 windows x86 arch:x86

26cddc5d31e638da4d361abdced99c21

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileAttributesA
GetStringTypeA
TerminateProcess
HeapSize
RaiseException
RtlUnwind
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
CreateToolhelp32Snapshot
Module32Next
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
CreateFileA
Process32First
Process32Next
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
FreeLibrary
LCMapStringA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
MultiByteToWideChar
SetLocalTime
GetStdHandle
WriteFile
FindClose
FindFirstFileA
FindNextFileA
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCommandLineA
GetModuleHandleA
WideCharToMultiByte
lstrlenW
GetTickCount
Sleep
CloseHandle
CreateEventA
OpenEventA
CreateMutexA
SetWaitableTimer
CreateWaitableTimerA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetACP
GetCurrentProcessId
FlushFileBuffers
SetFilePointer
VirtualProtect
ReadFile
GetCurrentProcess
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
lstrcmpA
GetProcessVersion
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetLastError
SetLastError
GetVersion
InterlockedDecrement
TlsGetValue
LocalReAlloc
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA
GetCurrentThreadId
LocalAlloc
LocalFree
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue

user32

GetMessageTime
IsWindowVisible
GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
CreateWindowStationA
GetAsyncKeyState
wvsprintfA
mouse_event
FindWindowExA
GrayStringA
DrawTextA
TabbedTextOutA
DestroyMenu
ClientToScreen
PeekMessageA
OpenClipboard
EmptyClipboard
CloseClipboard
CreateDialogIndirectParamA
UpdateWindow
GetMessageA
SendMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
ShowWindow
SetWindowLongA
GetWindowRect
ScreenToClient
SetWindowPos
GetWindowLongA
GetWindowTextLengthA
wsprintfA
MessageBoxA
GetWindowInfo
GetWindowTextW
GetWindowTextLengthW
GetParent
PtInRect
GetDC
ReleaseDC
SetWindowsHookExA
CallNextHookEx
GetKeyState
UnhookWindowsHookEx
LoadStringA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetSysColorBrush
LoadBitmapA
GetMenuCheckMarkDimensions
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetWindow
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
GetMessagePos
GetMenuState
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetDlgCtrlID
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
EnableWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
IsWindowEnabled
LoadCursorA

shell32

ShellExecuteA

ole32

CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CLSIDFromProgID
CoInitialize

ws2_32

WSACleanup
select
WSAAsyncSelect
ntohs
getsockname
recv
WSAStartup
closesocket
socket
htons
inet_addr
connect
gethostbyname
send

gdi32

ExtTextOutA
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetStockObject
GetObjectA
Escape

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comctl32

ord17

oleaut32

VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

Sections

.text
Size: 348KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26cddc5d31e638da4d361abdced99c21

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

ws2_32

gdi32

winspool.drv

comctl32

oleaut32

Sections

.text Size: 348KB - Virtual size: 345KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 48KB - Virtual size: 121KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 348KB - Virtual size: 345KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 48KB - Virtual size: 121KB

.rsrc
Size: 4KB - Virtual size: 664B