blackmoon | 3fcec16b1a44da2d39f343e90c4b2319

Sharing

Copy URL Twitter E-mail

General

Target

3fcec16b1a44da2d39f343e90c4b2319
Size

184KB
MD5

3fcec16b1a44da2d39f343e90c4b2319
SHA1

2f9eb319925673300412a3543a3556a65b323a8b
SHA256

d483872d5af1b78451466fbd37cdc45f876b36d5b1b281cf626abbf828271329
SHA512

fafcd94434f9c67bd2f6bb1bf5ae0397f113d6f5ddc546d687981f975c9f9ccb50d578a2b29a0942aeb0493f6557ad865238d336f205775fa6fa0a48364a57d9
SSDEEP

3072:3UtqmhRzpA0NWQV55iEc4JoXaZ9neONt:3bgPWQV55iE1JoXI

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fcec16b1a44da2d39f343e90c4b2319

Files

3fcec16b1a44da2d39f343e90c4b2319
.exe windows:4 windows x86 arch:x86

755b77e66265c76a3a563ca1d7170135

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

KillTimer
SetTimer
ReleaseDC
GetDC
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
GetDesktopWindow
GetWindow
CreateMenu
GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
CallWindowProcA
DefFrameProcA
SendMessageA
ClientToScreen
GetParent
GetAsyncKeyState
AppendMenuA
SetWindowLongA
CreatePopupMenu
IsWindowVisible
DestroyMenu
BeginPaint
GetClientRect
FillRect
EndPaint
EndDialog
DestroyWindow
DestroyIcon
UnregisterClassA
DialogBoxParamA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
CreateDialogParamA
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
GetMenuItemCount
InsertMenuA
SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
SetForegroundWindow
TrackPopupMenu
GetMenuStringA
GetMenuItemInfoA
GetMenuItemRect
GetMenuCheckMarkDimensions
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
DestroyAcceleratorTable
IsZoomed
IsIconic
RegisterClassExA
LoadCursorA
GetSysColor
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
SetParent
PostMessageA
SetWindowPos
MoveWindow
ScreenToClient
GetWindowRect
UpdateWindow
ValidateRect
InvalidateRect
GetFocus
SetFocus
IsWindow
GetDlgItem
DefWindowProcA
GetWindowLongA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
UnhookWindowsHookEx
SetCursor
PostQuitMessage
LoadIconA

kernel32

GetStringTypeW
GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
VirtualAlloc
RaiseException
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcAddress
WriteFile
RtlUnwind
VirtualFree
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetVersion
GetStartupInfoA
GetTickCount
SetStdHandle
FlushFileBuffers
HeapCreate
QueryPerformanceFrequency
LCMapStringA
GetModuleFileNameA
GetCommandLineA
Sleep
WideCharToMultiByte
MultiByteToWideChar
IsBadReadPtr
HeapFree
HeapReAlloc
QueryPerformanceCounter
TerminateThread
CreateThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
MulDiv
GetCurrentThreadId
RtlZeroMemory
LocalSize
lstrcpynA
GetCurrentProcess
RtlMoveMemory
GetModuleHandleA
TerminateProcess
GetCurrentProcessId
DeviceIoControl
lstrcpyn
CreateFileA
HeapAlloc
GetProcessHeap
OpenEventA
CreateEventA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
Module32First
Module32Next
OpenProcess
ReadProcessMemory

ws2_32

WSAStartup
inet_addr
htons
socket
WSACreateEvent
WSAEventSelect
WSAConnect
send
recv
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSACleanup
closesocket

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize

gdi32

SetTextColor
GetStockObject
SetBkColor
DeleteObject
CreateSolidBrush
CreatePatternBrush
GetDeviceCaps
CreateFontA
GetObjectA
SetBkMode

oleaut32

LoadTypeLi
VariantChangeType
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

Sharing

General

Malware Config

Signatures

Files

755b77e66265c76a3a563ca1d7170135

Headers

File Characteristics

Imports

user32

kernel32

ws2_32

shell32

ole32

gdi32

oleaut32

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 20KB - Virtual size: 84KB

.rsrc Size: 8KB - Virtual size: 4KB

.vmp0 Size: 4KB - Virtual size: 3KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 20KB - Virtual size: 84KB

.rsrc
Size: 8KB - Virtual size: 4KB

.vmp0
Size: 4KB - Virtual size: 3KB