blackmoon | 7ef69f2c5a953b52d64d9a921281f994

Sharing

Copy URL Twitter E-mail

General

Target

7ef69f2c5a953b52d64d9a921281f994
Size

388KB
MD5

7ef69f2c5a953b52d64d9a921281f994
SHA1

462d7635d5a91d51b10e2161040f03e759c8d952
SHA256

e629a7f2d174249c0059158d9e8deeefacbfc2b8de22d0f3d9411f9f0575a6f9
SHA512

931cac7f9a58e7fe66e604f88d5e30526509c7be4dedcb81af43876cc5a7d9a0471e690c1b813c56231466b2f4d6719c70e48a4bef2c686e4ce46a610bd92a11
SSDEEP

6144:3GuSCktC1ODImXSt04r+OGUIXQVxo1cZUwQ+6:3GuSCcHDhXSzr+O3oQiLwQ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ef69f2c5a953b52d64d9a921281f994

Files

7ef69f2c5a953b52d64d9a921281f994
.exe windows:4 windows x86 arch:x86

c7c1e9fb94ff2a04e4d4b7bd9bcf8f8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

sprintf
modf
strncmp
strncpy
atoi
_ftol
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z

kernel32

GetCommandLineA
CreateFileA
WriteFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CloseHandle
SetFileAttributesA
SetLocalTime
CopyFileA
GetModuleFileNameA
IsBadReadPtr
VerLanguageNameA
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
MulDiv
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
lstrcpynA
GetFullPathNameA
GetFileTime
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
GetCurrentDirectoryA
GlobalFindAtomA
HeapFree
GlobalGetAtomNameA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetSystemTime
GetLocalTime
HeapSize
GetACP
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadCodePtr
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentThreadId
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
WinExec
lstrcatA
WriteProfileStringA
SetLastError
GetProfileStringA
CreateDirectoryA
GetSystemDirectoryA
EnumResourceNamesA
Sleep
GetWindowsDirectoryA
GetTempPathA
GlobalMemoryStatus
Module32First
Module32Next
OpenProcess
InterlockedExchange
TerminateProcess
GetDriveTypeA
GetVolumeInformationA
GetLastError
GetFileSize
FindFirstFileA
GetFileAttributesA
RemoveDirectoryA
FindNextFileA
FindClose
DeleteFileA
MultiByteToWideChar
GlobalAlloc
LoadLibraryExA
FindResourceA
LoadResource
LockResource
SizeofResource
lstrcpyA
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
CreateToolhelp32Snapshot
Process32First
Process32Next
ReadFile
SetFilePointer
GetLocaleInfoA
GetSystemDefaultLangID
GetTimeZoneInformation
DeviceIoControl
lstrlenA
GetVersion
GetVersionExA
LoadLibraryA
GetProcAddress
HeapReAlloc
FreeLibrary
QueryPerformanceCounter
QueryPerformanceFrequency
TlsFree
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
GlobalAddAtomA
GetCurrentProcess

user32

GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
PostMessageA
PostQuitMessage
WindowFromPoint
GetParent
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
EnumWindows
GetWindowTextA
FindWindowExA
IsRectEmpty
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
ChangeDisplaySettingsA
EnumDisplaySettingsA
SendMessageTimeoutA
FindWindowA
GetWindowThreadProcessId
SetCursorPos
mouse_event
keybd_event
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClassNameA
IsWindow
SendMessageA
GetDesktopWindow
GetWindowRect
ReleaseCapture
ClientToScreen
GetSystemMetrics
LoadImageA
VkKeyScanExA
GetDC
ReleaseDC
GetKeyboardLayout
SendDlgItemMessageA
GetMenuItemCount
SetWindowTextA
GetDlgCtrlID
LoadStringA
UnregisterClassA
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
LoadBitmapA
DestroyWindow
GetKeyboardState
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
IsIconic
GetWindowPlacement
SetFocus
SetWindowPos
IsDialogMessageA
MessageBoxA
wsprintfA
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
CharUpperA
DestroyMenu
GetSysColorBrush
LoadCursorA
LoadIconA
MapWindowPoints
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetSysColor
AdjustWindowRectEx
GetClientRect
SetCapture
CopyRect

advapi32

GetUserNameA
RegOpenKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
AddAce
InitializeAcl
FreeSid
AllocateAndInitializeSid
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegGetKeySecurity
RegQueryValueExA
RegCreateKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

iphlpapi

GetAdaptersInfo
SendARP

shlwapi

PathFileExistsA
SHDeleteValueA
PathAppendA
SHDeleteKeyA

mpr

WNetCancelConnection2A
WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA
WNetAddConnection2A

winmm

waveOutGetNumDevs
waveOutGetDevCapsA
mciSendStringA

ws2_32

WSACleanup
WSAStartup
connect
htons
socket
sendto
gethostbyaddr
inet_ntoa
gethostname
gethostbyname
inet_addr
closesocket

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

gdi32

DeleteObject
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
SetBkColor
RestoreDC
OffsetViewportOrgEx
GetDeviceCaps
GetPixel
CreateCompatibleBitmap
SetViewportOrgEx
SetMapMode
SetTextColor
RemoveFontResourceA
AddFontResourceA
CreateDCA
GetDIBits
RealizePalette
SelectPalette
CreateBitmap
SaveDC
EnumFontFamiliesExA
GetObjectA
GetStockObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
Escape

comdlg32

PrintDlgA
GetFileTitleA

winspool.drv

ClosePrinter
SetPrinterA
GetPrinterA
EnumPrintersA
OpenPrinterA
DocumentPropertiesA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHEmptyRecycleBinA
SHChangeNotify

comctl32

ord17

ole32

CoCreateInstance
CoCreateGuid

wininet

InternetCloseHandle
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
InternetOpenUrlA
DeleteUrlCacheEntry
InternetGetConnectedState
InternetOpenA

Sections

.text
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c7c1e9fb94ff2a04e4d4b7bd9bcf8f8a

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

iphlpapi

shlwapi

mpr

winmm

ws2_32

version

gdi32

comdlg32

winspool.drv

shell32

comctl32

ole32

wininet

Sections

.text Size: 208KB - Virtual size: 206KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 132KB - Virtual size: 155KB

.text
Size: 208KB - Virtual size: 206KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 132KB - Virtual size: 155KB