_CALLBACK_OnServer
_CALLBACK_PCloseWndCallBack
_CALLBACK_PConsoleMsgCallBack
_CALLBACK_PLoadEndCallBack
_CALLBACK_PRbuttonDownCallBack
_CALLBACK_PSigleActiveWndCallBack
main
Behavioral task
behavioral1
Sample
29a213f9385d135a9f91a3f41121b1d1fc493feb355a93dee7f9b1a52b531fa2.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
29a213f9385d135a9f91a3f41121b1d1fc493feb355a93dee7f9b1a52b531fa2.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
29a213f9385d135a9f91a3f41121b1d1fc493feb355a93dee7f9b1a52b531fa2
-
Size
1.6MB
-
MD5
9237adb6a01584455181a075c23dc31d
-
SHA1
0db505d0c58324bbaf4368bd35b8a1b9c37ded1a
-
SHA256
29a213f9385d135a9f91a3f41121b1d1fc493feb355a93dee7f9b1a52b531fa2
-
SHA512
6029f7bd38730a70b1d468eee833349587330923ae89c3f49ee8794e71b7dcae38cd7228274c4d06cec393f6ce2038e0315e3ea2fdaac77f47048fed30d4fc55
-
SSDEEP
24576:7Gr8knXZQC1c3e4kQLcIh9V6XIXJufh2Sx2X6OzXcFWCm5yi4dtL3xaA32wqfWbw:7CgTXcFJ59OoHn
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 29a213f9385d135a9f91a3f41121b1d1fc493feb355a93dee7f9b1a52b531fa2
Files
-
29a213f9385d135a9f91a3f41121b1d1fc493feb355a93dee7f9b1a52b531fa2.dll windows:4 windows x86 arch:x86
6b2aa08cf3b62bb6fb60b1a1b2ce6cc0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetStdHandle
GetUserDefaultLCID
GetFileSize
GetStartupInfoA
CreateDirectoryA
SetFileAttributesA
LCMapStringA
MoveFileA
CopyFileA
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
WritePrivateProfileStringA
GetModuleFileNameA
GetTickCount
GetPrivateProfileStringA
Sleep
SetFilePointer
GetLocalTime
IsBadReadPtr
HeapReAlloc
ExitProcess
TryEnterCriticalSection
CreateMutexA
lstrcmpA
lstrlenA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LocalSize
GlobalSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReleaseMutex
OpenMutexA
WriteFile
CreatePipe
lstrcmpiW
lstrcmpW
lstrlenW
HeapCreate
HeapDestroy
InterlockedDecrement
InterlockedIncrement
VirtualFree
VirtualAlloc
InitializeCriticalSection
ReadDirectoryChangesW
ProcessIdToSessionId
GetSystemTimeAsFileTime
ReadProcessMemory
OpenThread
GetComputerNameExA
SetDllDirectoryA
GlobalMemoryStatusEx
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
RtlZeroMemory
OpenEventA
lstrcatA
GetNativeSystemInfo
GetModuleHandleA
GetLastError
CreateProcessA
ResetEvent
WaitForSingleObject
RtlMoveMemory
IsBadCodePtr
SetStdHandle
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetACP
HeapSize
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
FlushFileBuffers
GetCurrentProcess
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
GlobalFlags
MulDiv
GetVersion
lstrcpyA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalFree
LocalAlloc
GlobalDeleteAtom
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
TerminateProcess
lstrcpynA
OpenProcess
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
HeapFree
HeapAlloc
GetProcessHeap
ReadFile
GetFileSizeEx
CreateFileA
CloseHandle
CreateThread
WideCharToMultiByte
MultiByteToWideChar
shlwapi
PathRemoveFileSpecA
PathFindFileNameA
PathRemoveBackslashA
PathFindExtensionA
PathRemoveExtensionA
PathIsDirectoryA
StrToIntExW
StrToIntW
PathFileExistsA
advapi32
CryptDestroyKey
RegCreateKeyExA
CryptEncrypt
CryptReleaseContext
CryptImportKey
CryptAcquireContextA
ChangeServiceConfigA
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
CryptSetKeyParam
CryptGetKeyParam
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptCreateHash
RegOpenKeyExA
RegSetValueExA
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDeriveKey
CryptDecrypt
RegCloseKey
RegQueryValueExA
RegOpenKeyA
iphlpapi
GetAdaptersInfo
user32
GetIconInfo
wvsprintfA
GetLastInputInfo
EnumChildWindows
SendMessageTimeoutA
GetWindowThreadProcessId
GetShellWindow
ExitWindowsEx
SystemParametersInfoA
DrawIconEx
GetClientRect
UpdateLayeredWindow
MonitorFromPoint
MessageBoxA
wsprintfA
GetSystemMetrics
GetCursorPos
EndDialog
CreateDialogIndirectParamA
DestroyMenu
PostThreadMessageA
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
UpdateWindow
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
GetDesktopWindow
ReleaseDC
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
PeekMessageA
GetDC
DispatchMessageA
TranslateMessage
GetPropA
GetWindowRect
GetMessageA
SetPropA
ole32
CoCreateInstance
CLSIDFromString
CoInitialize
CreateStreamOnHGlobal
StringFromGUID2
GetHGlobalFromStream
OleRun
CLSIDFromProgID
CoInitializeSecurity
OleIsCurrentClipboard
OleFlushClipboard
CoUninitialize
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitializeEx
shell32
SHGetFolderPathA
ShellExecuteA
SHGetSpecialFolderPathA
SHGetFileInfoA
ord727
gdiplus
GdipDrawBezier
GdipDrawArcI
GdipDrawArc
GdipDrawLinesI
GdipDrawLines
GdipDrawLineI
GdipDrawLine
GdipGetNearestColor
GdipTransformPointsI
GdipIsEqualRegion
GdipGetDpiY
GdipGetDpiX
GdipGetPageScale
GdipSetPageScale
GdipGetRegionScansCount
GdipSetPageUnit
GdipRotateWorldTransform
GdipDrawImageI
GdipDrawDriverString
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipTransformPoints
GdipGetRegionScans
GdipGetRegionScansI
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipIsInfiniteRegion
GdipIsEmptyRegion
GdipGetRegionHRgn
GdipGetRegionData
GdipGetRegionDataSize
GdipMeasureCharacterRanges
GdipCreateRegion
GdipMeasureString
GdipDrawString
GdipFillRegion
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillClosedCurve2
GdipFillClosedCurve
GdipFillPath
GdipFillPieI
GdipFillPie
GdipFillEllipseI
GdipFillEllipse
GdipFillPolygonI
GdipFillPolygon
GdipFillRectanglesI
GdipFillRectangles
GdipFillRectangleI
GdipGraphicsClear
GdipDrawClosedCurve2I
GdipDrawClosedCurve2
GdipDrawClosedCurveI
GdipDrawClosedCurve
GdipDrawCurve3I
GdipDrawCurve3
GdipDrawCurve2I
GdipDrawBeziers
GdipDrawCurve2
GdipGetRegionBoundsI
GdipDrawCurve
GdipDrawPath
GdipDrawPolygonI
GdipDrawPolygon
GdipDrawPieI
GdipDrawPie
GdipDrawEllipseI
GdipDrawEllipse
GdipDrawRectanglesI
GdipDrawRectangles
GdipDrawRectangleI
GdipDrawRectangle
GdipDrawBeziersI
GdipIsVisibleRegionRectI
GdipGetPageUnit
GdipIsVisibleRegionRect
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipMultiplyWorldTransform
GdipGetWorldTransform
GdipGetPixelOffsetMode
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGetInterpolationMode
GdipGetTextContrast
GdipSetTextContrast
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipGetCompositingQuality
GdipSetCompositingMode
GdipGetCompositingMode
GdipSetRenderingOrigin
GdipGetRenderingOrigin
GdipReleaseDC
GdipGetDC
GdipCreateFromHDC2
GdipCreateFromHDC
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipFlush
GdipDeleteMatrix
GdipResetWorldTransform
GdipDrawImage
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipCreateMatrix
GdipSetInterpolationMode
GdipDeleteBrush
GdipFillRectangle
GdipDeleteGraphics
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipBitmapSetResolution
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipCloneBitmapAreaI
GdipCloneBitmapArea
GdipCreateHICONFromBitmap
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromResource
GdipCreateBitmapFromHICON
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetPropertyIdList
GdipGetPropertyCount
GdipRemovePropertyItem
GdipSetPropertyItem
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageGetFrameCount
GdipGetImageThumbnail
GdipSetImagePalette
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageFlags
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageBounds
GdipGetImageDimension
GdipGetImageType
GdipSaveAddImage
GdipSaveAdd
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipLoadImageFromFileICM
GdipFree
GdipAlloc
GdipGetRegionBounds
GdipTransformRegion
GdipTranslateRegionI
GdipTranslateRegion
GdipCombineRegionPath
GdipCombineRegionRegion
GdipCombineRegionRectI
GdipCombineRegionRect
GdipSetEmpty
GdipSetInfinite
GdipCloneRegion
GdipCreateRegionRgnData
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRectI
GdipCreateRegionRect
GdipDeleteRegion
GdipGetStringFormatMeasurableCharacterRangeCount
GdipSetStringFormatMeasurableCharacterRanges
GdipGetStringFormatDigitSubstitution
GdipSetStringFormatDigitSubstitution
GdipGetStringFormatTabStops
GdipGetStringFormatTabStopCount
GdipSetStringFormatTabStops
GdipGetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatTrimming
GdipSetStringFormatTrimming
GdipGetStringFormatLineAlign
GdipSetStringFormatLineAlign
GdipGetStringFormatAlign
GdipDrawBezierI
GdipGetStringFormatFlags
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipStringFormatGetGenericDefault
GdipCreateStringFormat
GdipDeleteStringFormat
GdipGetFontHeightGivenDPI
GdipGetFontHeight
GdipGetFontUnit
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily
GdipGetLogFontW
GdipGetLogFontA
GdipCloneFont
GdipCreateFontFromLogfontW
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFont
GdipDeleteFont
GdipGetLineSpacing
GdipGetCellDescent
GdipGetCellAscent
GdipGetEmHeight
GdipIsStyleAvailable
GdipGetFamilyName
GdipCloneFontFamily
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySerif
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetSolidFillColor
GdipSetSolidFillColor
GdipGetBrushType
GdipCloneBrush
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipSetPenCompoundArray
GdipSetPenDashArray
GdipGetPenDashArray
GdipGetPenDashCount
GdipSetPenDashOffset
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipSetPenDashStyle
GdipGetPenFillType
GdipGetPenBrushFill
GdipSetPenBrushFill
GdipSetPenColor
GdipGetPenColor
GdipScalePenTransform
GdipTranslatePenTransform
GdipRotatePenTransform
GdipMultiplyPenTransform
GdipResetPenTransform
GdipGetPenTransform
GdipSetPenTransform
GdipGetPenMode
GdipSetPenMode
GdipGetPenMiterLimit
GdipSetPenMiterLimit
GdipGetPenCustomEndCap
GdipSetPenCustomEndCap
GdipGetPenCustomStartCap
GdipSetPenCustomStartCap
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineCap197819
GdipSetPenUnit
GdipGetPenUnit
GdipSetPenWidth
GdipGetPenWidth
GdipClonePen
GdipCreatePen2
GdipCreatePen1
GdipDeletePen
GdipComment
GdipEndContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBeginContainer
GdipRestoreGraphics
GdipSaveGraphics
GdipIsVisibleRectI
GdipIsVisibleRect
GdipIsVisiblePointI
GdipIsVisiblePoint
GdipIsVisibleClipEmpty
GdipIsClipEmpty
GdipGetVisibleClipBoundsI
GdipGetVisibleClipBounds
GdipGetClipBoundsI
GdipGetClipBounds
GdipGetClip
GdipTranslateClipI
GdipTranslateClip
GdipResetClip
GdipSetClipHrgn
GdipSetClipRegion
GdipSetClipRectI
GdipSetClipRect
GdipSetClipPath
GdipSetClipGraphics
GdipEnumerateMetafileSrcRectDestRectI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileDestRect
GdipSaveImageToFile
GdipSaveImageToStream
GdipDisposeImage
GdipLoadImageFromFile
GdipCreateBitmapFromStream
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoint
GdipDrawImagePointsRectI
GdipDrawImagePointsRect
GdipDrawImagePointRectI
GdipDrawImagePointRect
GdipDrawImagePointsI
GdipDrawImagePoints
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDrawImageRect
GdipDrawImageRectRect
GdipDrawCurveI
GdipDrawCachedBitmap
GdipSetStringFormatAlign
ws2_32
ioctlsocket
select
accept
send
recv
getpeername
ntohs
WSAIoctl
getsockname
listen
closesocket
setsockopt
socket
gethostname
WSAGetLastError
inet_ntoa
WSACleanup
gethostbyname
WSAStartup
bind
htons
inet_addr
wininet
InternetSetOptionA
HttpSendRequestExA
InternetWriteFile
InternetCloseHandle
HttpQueryInfoA
InternetSetCookieA
InternetQueryOptionA
InternetTimeToSystemTime
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetReadFile
HttpEndRequestA
psapi
GetProcessMemoryInfo
EnumProcesses
comctl32
ord17
ImageList_GetIcon
gdi32
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetStockObject
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
GetObjectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
BitBlt
GetDeviceCaps
SelectObject
CreateDIBSection
DeleteObject
DeleteDC
GetDIBits
CreateCompatibleDC
GetObjectW
msimg32
AlphaBlend
winspool.drv
ClosePrinter
OpenPrinterA
DocumentPropertiesA
oledlg
ord8
oleaut32
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
Exports
Exports
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 68KB - Virtual size: 140KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 744B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 56KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ