blackmoon | abacadf3565f2759ae31a480ec64cbf9[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

abacadf3565f2759ae31a480ec64cbf9.exe
Size

236KB
MD5

abacadf3565f2759ae31a480ec64cbf9
SHA1

f5fe3baa9167bb03d441dc296d7e58c9452a9e4f
SHA256

793771c84fd182d1080dd54290fa5d3c308cb1765c998cce0eac7e4f53154435
SHA512

b2cd74d54a0ab8c32623f7c1d2e8a2a8b21b591f9f6b6dea877aea783bf9e9c8dd112dc0ee0ae43e91bcf0d7d915f0f84cc8a9a832769429773c6c858ac07638
SSDEEP

3072:I/Deizp+IwAo9LaTG0cEEC7rI3v4ySr5HfTyAjFoxWO+tnWx:I/D9s3Ao98EC7rI3AySrJ2ynO

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abacadf3565f2759ae31a480ec64cbf9.exe

Files

abacadf3565f2759ae31a480ec64cbf9.exe
.exe windows:4 windows x86 arch:x86

8d480f5fdcc5c4d1d66ca4ecca26fd75

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalSize
GlobalFree
MultiByteToWideChar
lstrcpynA
CreatePipe
GetStartupInfoA
CreateProcessA
GetSystemDirectoryA
ReadFile
WriteFile
DeleteCriticalSection
GlobalMemoryStatus
GetLogicalDriveStringsA
SuspendThread
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualAlloc
CreateDirectoryA
MoveFileExA
RemoveDirectoryA
DeleteFileA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
CopyFileA
SetFileAttributesA
WaitForSingleObject
CreateFileA
GetTickCount
GetFileSize
SetFilePointer
FindNextFileA
FindFirstFileA
FindClose
WideCharToMultiByte
GetUserDefaultLCID
GetLocalTime
GetDiskFreeSpaceExA
GetCurrentDirectoryA
GetCommandLineA
LCMapStringA
lstrcpyn
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
RaiseException
GetProcAddress
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
ResumeThread
Sleep
InitializeCriticalSection
LocalSize
VirtualFree
GetLastError
GetQueuedCompletionStatus
CreateThread
CreateIoCompletionPort
GetTempPathA
TerminateProcess
OpenProcess
Module32First
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
RtlMoveMemory
GetDiskFreeSpaceA
GetDriveTypeA
GetVersionExA
GetSystemInfo
GetCurrentProcessId

user32

PrintWindow
GetWindowRect
IsWindow
SendMessageA
mouse_event
SetCursorPos
GetDC
ReleaseDC
GetForegroundWindow
keybd_event
LoadCursorA
GetWindowTextA
GetAsyncKeyState
KillTimer
FindWindowExA
GetWindowTextLengthA
MessageBoxA
wsprintfA
PeekMessageA
GetSystemMetrics
CloseClipboard
GetClipboardData
OpenClipboard
GetKeyState
EnumDisplaySettingsA
DefWindowProcA
SetWindowLongA
CreateWindowExA
RegisterClassExA
BringWindowToTop
LoadIconA
SetTimer
ShowWindowAsync
DispatchMessageA
TranslateMessage
GetMessageA
GetMessageTime

winmm

waveInPrepareHeader
waveInStart
waveInGetNumDevs
waveOutGetNumDevs
waveInUnprepareHeader
waveInStop
waveInOpen
waveInAddBuffer
waveInClose

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ws2_32

gethostbyname
connect
inet_addr
WSASocketA
WSASend
WSARecv
closesocket
WSAStartup
inet_ntoa
gethostname
htons
WSACleanup

gdi32

CreateDIBSection
SelectObject
BitBlt
DeleteObject
DeleteDC
CreateCompatibleBitmap
GetObjectA
GetDIBits
CreateCompatibleDC

gdiplus

GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream

ole32

CoInitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CoCreateInstance
CLSIDFromProgID
OleRun

advapi32

OpenSCManagerA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
ControlService
CloseServiceHandle
StartServiceA
EnumServicesStatusExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenServiceA
QueryServiceStatus

shell32

ShellExecuteA

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

ntdll

NtShutdownSystem
RtlAdjustPrivilege

shlwapi

PathFileExistsA

oleaut32

SafeArrayAccessData
VariantChangeType
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
SafeArrayUnaccessData
SafeArrayGetElement
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

Sections

.text
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8d480f5fdcc5c4d1d66ca4ecca26fd75

Headers

File Characteristics

Imports

kernel32

user32

winmm

version

ws2_32

gdi32

gdiplus

ole32

advapi32

shell32

avicap32

ntdll

shlwapi

oleaut32

Sections

.text Size: 184KB - Virtual size: 181KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 28KB - Virtual size: 82KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 184KB - Virtual size: 181KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 28KB - Virtual size: 82KB

.rsrc
Size: 8KB - Virtual size: 5KB