blackmoon | 1702a2de4aba5c7f2f3114ea8887ab30

Sharing

Copy URL

Twitter E-mail

General

Target

1702a2de4aba5c7f2f3114ea8887ab30
Size

512KB
MD5

1702a2de4aba5c7f2f3114ea8887ab30
SHA1

ed0d4c428439d82a520d86740df9d15c0706f140
SHA256

75f4c619149fd940b695e3b5ac77cb064e29ced644366a56011d79132d3a1c35
SHA512

ad5fb87203f09494b9a09c57582e5b2f6fa8e773f5f5cee435558d9eb1f24f58009ceb17fa2fac8f4fb5c0b16cc5efdd0bd6a2324654c2acbca429a483c0596f
SSDEEP

6144:d09pzOMK2pH0ONhIMbVHBcGcWpfZmdG4w7mhZDKZ7VEb2NS5XwQ+u8:d0wONWG3cpWpfcd5w7KZDKh6ASJwQ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1702a2de4aba5c7f2f3114ea8887ab30

Files

1702a2de4aba5c7f2f3114ea8887ab30
.exe windows:4 windows x86 arch:x86

6356d3efe54ea8b783f707e94ed57c7c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EmptyClipboard
OpenClipboard
keybd_event
mouse_event
SetCursorPos
FindWindowA
SendMessageTimeoutA
EnumDisplaySettingsA
ChangeDisplaySettingsA
SystemParametersInfoA
GetDlgItem
GetCursorPos
IsRectEmpty
FindWindowExA
EnumWindows
PtInRect
WindowFromPoint
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
LoadImageA
SetClipboardData
DrawTextA
GrayStringA
UnhookWindowsHookEx
CharUpperA
DestroyMenu
GetSysColorBrush
MapWindowPoints
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
SetForegroundWindow
RegisterWindowMessageA
IsIconic
GetWindowPlacement
SetFocus
IsDialogMessageA
VkKeyScanExA
GetKeyboardLayout
SendDlgItemMessageA
CloseClipboard
ReleaseCapture
SetCapture
TabbedTextOutA
GetSystemMetrics
GetMenuItemCount
GetDlgCtrlID
LoadStringA
UnregisterClassA
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
LoadBitmapA
GetKeyboardState
ClientToScreen
PeekMessageA
wsprintfA
MessageBoxA
SetWindowPos
SetWindowRgn
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
EqualRect
IntersectRect
PostQuitMessage
CreateWindowExA
SetWindowTextA
GetWindowTextLengthA
UpdateWindow
CallWindowProcA
FillRect
GetSysColor
DefWindowProcA
TrackMouseEvent
SendMessageA
GetParent
InvalidateRect
EndPaint
BeginPaint
LoadCursorA
LoadIconA
RegisterClassExA
GetClassInfoExA
ReleaseDC
EnableWindow
GetDC
KillTimer
PostMessageA
ShowWindow
IsWindowVisible
GetForegroundWindow
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
MoveWindow
GetWindowRect
IsWindow
SetTimer
GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
GetWindow
GetDesktopWindow

kernel32

CreateFileA
DeleteFileA
WriteFile
ReadFile
Sleep
GetCommandLineA
GetModuleFileNameA
GetFileSize
IsBadReadPtr
HeapFree
HeapReAlloc
ExitProcess
GetProcessHeap
lstrlenA
ReadProcessMemory
GetCurrentProcess
LocalFree
RtlFillMemory
LocalAlloc
RtlMoveMemory
lstrcpyn
LocalSize
GetModuleHandleA
GetSystemDirectoryA
Module32First
CloseHandle
Process32First
CreateToolhelp32Snapshot
UnhandledExceptionFilter
HeapAlloc
Process32Next
TlsFree
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetVersion
DeviceIoControl
GetTimeZoneInformation
GetSystemDefaultLangID
GetLocaleInfoA
SetFilePointer
GlobalFree
GlobalUnlock
GlobalSize
GlobalLock
lstrcpyA
SizeofResource
LockResource
LoadResource
FindResourceA
LoadLibraryExA
GlobalAlloc
MultiByteToWideChar
FindClose
FindNextFileA
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
FindFirstFileA
GetLastError
GetVolumeInformationA
GetDriveTypeA
TerminateProcess
InterlockedExchange
OpenProcess
Module32Next
GlobalMemoryStatus
GetTempPathA
GetWindowsDirectoryA
CopyFileA
EnumResourceNamesA
CreateDirectoryA
GetProfileStringA
SetLastError
WriteProfileStringA
lstrcatA
WinExec
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
GetCurrentThreadId
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
VerLanguageNameA
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
MulDiv
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
lstrcpynA
GetFullPathNameA
GetFileTime
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
GetACP
TlsGetValue
SetErrorMode
GlobalFlags
GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetSystemTime
GetLocalTime
HeapSize
LocalReAlloc

shlwapi

SHDeleteKeyA
PathAppendA
PathFileExistsA
SHDeleteValueA

gdi32

RemoveFontResourceA
AddFontResourceA
EnumFontFamiliesExA
Escape
GetDeviceCaps
CreateDCA
GetDIBits
RealizePalette
SelectPalette
CreateBitmap
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
GetStockObject
CreateFontA
RectVisible
CombineRgn
GetPixel
CreateRectRgn
CreateDIBitmap
SetTextColor
TextOutA
SetBkColor
CreatePatternBrush
CreateSolidBrush
BitBlt
GetObjectA
StretchBlt
DeleteDC
DeleteObject
ExtTextOutA
SetPixel
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

msimg32

TransparentBlt

iphlpapi

GetAdaptersInfo
SendARP

mpr

WNetAddConnection2A
WNetOpenEnumA
WNetEnumResourceA
WNetCancelConnection2A
WNetCloseEnum

winmm

mciSendStringA
waveOutGetDevCapsA
waveOutGetNumDevs

ws2_32

inet_addr
gethostbyname
gethostname
inet_ntoa
gethostbyaddr
WSACleanup
closesocket
connect
sendto
socket
WSAStartup
htons

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

comdlg32

GetFileTitleA
PrintDlgA

winspool.drv

EnumPrintersA
ClosePrinter
DocumentPropertiesA
OpenPrinterA
SetPrinterA
GetPrinterA

advapi32

RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
RegOpenKeyExA
CopySid
GetLengthSid
OpenProcessToken
GetSidSubAuthority
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegGetKeySecurity
AllocateAndInitializeSid
FreeSid
InitializeAcl
AddAce
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetTokenInformation

shell32

SHEmptyRecycleBinA
SHChangeNotify
ShellExecuteA
SHGetSpecialFolderPathA

comctl32

ord17

ole32

CoCreateInstance
CoCreateGuid

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

Sections

.text
Size: 308KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6356d3efe54ea8b783f707e94ed57c7c

Headers

File Characteristics

Imports

user32

kernel32

shlwapi

gdi32

msimg32

iphlpapi

mpr

winmm

ws2_32

version

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

wininet

Sections

.text Size: 308KB - Virtual size: 304KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 156KB - Virtual size: 170KB

.text
Size: 308KB - Virtual size: 304KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 156KB - Virtual size: 170KB