blackmoon | a2444026d0c59be412742e2f43ef80de82bb8173e691ce1e4006693ae95e5499

Sharing

Copy URL

Twitter E-mail

General

Target

a2444026d0c59be412742e2f43ef80de82bb8173e691ce1e4006693ae95e5499
Size

372KB
MD5

fcdd6a2e2fc506ad4a7c40caca4111da
SHA1

b7cc437f20de3c30cdff7e207241b265e012c709
SHA256

a2444026d0c59be412742e2f43ef80de82bb8173e691ce1e4006693ae95e5499
SHA512

c89ee7ced2235aa291d7b577319697df456e681ebe78775927999c48577a2983e7dcdf6f2014a3e2af0ad8e9d6dd3da89112a2c43286a85cab2f6f15074f8688
SSDEEP

6144:AklIg+y+pmdMsX8NaCNyal78m8+vRMEe4a4OEtTBh:XlIvy+AdMU8Ryal78t+R5OE

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2444026d0c59be412742e2f43ef80de82bb8173e691ce1e4006693ae95e5499

Files

a2444026d0c59be412742e2f43ef80de82bb8173e691ce1e4006693ae95e5499
.dll windows:4 windows x86 arch:x86

db896e41972db0d54a1db507bcc5c6f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
lstrcpyA
lstrcpynA
lstrlenA
GetVersion
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetFilePointer
FlushFileBuffers
SetErrorMode
GetOEMCP
RtlUnwind
TerminateProcess
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedDecrement
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
OpenProcess
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
LCMapStringA
FreeLibrary
GetCommandLineA
CreateFileA
WriteFile
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
VirtualProtect
GetModuleHandleA
lstrcpyn
WriteProcessMemory
ReadProcessMemory
VirtualProtectEx
VirtualQueryEx
SetWaitableTimer
CreateWaitableTimerA
LocalFree
LocalAlloc
GetCurrentProcess
CloseHandle
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
GetProcAddress
LoadLibraryA
VirtualFreeEx
VirtualAllocEx
GetCPInfo

shlwapi

PathFileExistsA

user32

ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
SetWindowPos
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
SetWindowLongA
MsgWaitForMultipleObjects
MessageBoxA
wsprintfA
DispatchMessageA
PeekMessageA
GetMessageA
TranslateMessage
GetFocus

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
GetClipBox
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
ScaleWindowExtEx
GetObjectA
GetStockObject
Escape
ExtTextOutA
GetDeviceCaps
PtVisible
RectVisible
TextOutA
CreateBitmap

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

comctl32

ord17

Exports

Exports

_��ӳ��
bs
bx

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 220KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db896e41972db0d54a1db507bcc5c6f4

Headers

File Characteristics

Imports

kernel32

shlwapi

user32

gdi32

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 108KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 220KB - Virtual size: 292KB

.rsrc Size: 4KB - Virtual size: 664B

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 112KB - Virtual size: 108KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 220KB - Virtual size: 292KB

.rsrc
Size: 4KB - Virtual size: 664B

.reloc
Size: 16KB - Virtual size: 12KB