blackmoon | aaceaff9a05101520b078be68e61fa25

Sharing

Copy URL Twitter E-mail

General

Target

aaceaff9a05101520b078be68e61fa25
Size

388KB
MD5

aaceaff9a05101520b078be68e61fa25
SHA1

093478c6c0022c321a47c28732325683a18bffa4
SHA256

6276cafabbc677fc515c51db593f6e5d72be1a97cb1de5680ce3068e5d7a1ace
SHA512

5d99fd25fdad4342a01c876ea9543b3397889d83ad02e6dabfe0ab28a31accf90c29558e9edb474419d1a9cd6b0aa20453e6ab3ee07c5b0a30e53e8cc0b97981
SSDEEP

6144:v3S9PXPPscSm9ampIExfUGqkaqlJItmq91BbmGOpszM7sGYK7/:PSpMzBmpxaqstmqzBZOpsYolc/

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaceaff9a05101520b078be68e61fa25

Files

aaceaff9a05101520b078be68e61fa25
.dll windows:4 windows x86 arch:x86

95345c3aa6c235c0d638afcaa2a55c31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringA
GetModuleFileNameA
GetCommandLineA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
CreateFileA
GetFileSize
ReadFile
GetPrivateProfileStringA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
IsBadCodePtr
VirtualProtectEx
VirtualQueryEx
FreeLibrary
LoadLibraryA
WriteProcessMemory
Sleep
RtlZeroMemory
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
VirtualProtect
CreateWaitableTimerA
VirtualAllocEx
AddVectoredExceptionHandler
Thread32Next
Thread32First
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
OpenThread
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
QueryDosDeviceA
GetLogicalDriveStringsA
RtlMoveMemory
lstrcpyn
OpenProcess
Process32Next
CloseHandle
Process32First
SetStdHandle
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
CreateToolhelp32Snapshot
OpenEventA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
TerminateProcess
RtlUnwind
GetOEMCP
GetCPInfo
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
GetTickCount
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
LocalAlloc
LocalFree
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetVersion
MulDiv
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
WriteFile
SetFilePointer
FlushFileBuffers

user32

GetParent
FindWindowA
MsgWaitForMultipleObjects
wvsprintfA
CharUpperA
SetWindowLongA
EnableWindow
IsWindowEnabled
GetForegroundWindow
IsWindow
GetActiveWindow
SetActiveWindow
SetForegroundWindow
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
GetWindowLongA
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnhookWindowsHookEx
UnregisterClassA
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
CallWindowProcA
MessageBoxA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA

ole32

CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoCreateInstance
OleRun
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoInitialize

psapi

GetMappedFileNameA
GetProcessImageFileNameA

gdi32

GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetObjectA
GetStockObject
CreateBitmap
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

oledlg

ord8

oleaut32

VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

Exports

Exports

HidD_FlushQueue
HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetConfiguration
HidD_GetFeature
HidD_GetHidGuid
HidD_GetIndexedString
HidD_GetInputReport
HidD_GetManufacturerString
HidD_GetMsGenreDescriptor
HidD_GetNumInputBuffers
HidD_GetPhysicalDescriptor
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidD_Hello
HidD_SetConfiguration
HidD_SetFeature
HidD_SetNumInputBuffers
HidD_SetOutputReport
HidP_GetButtonCaps
HidP_GetCaps
HidP_GetData
HidP_GetExtendedAttributes
HidP_GetLinkCollectionNodes
HidP_GetScaledUsageValue
HidP_GetSpecificButtonCaps
HidP_GetSpecificValueCaps
HidP_GetUsageValue
HidP_GetUsageValueArray
HidP_GetUsages
HidP_GetUsagesEx
HidP_GetValueCaps
HidP_InitializeReportForID
HidP_MaxDataListLength
HidP_MaxUsageListLength
HidP_SetData
HidP_SetScaledUsageValue
HidP_SetUsageValue
HidP_SetUsageValueArray
HidP_SetUsages
HidP_TranslateUsagesToI8042ScanCodes
HidP_UnsetUsages
HidP_UsageListDifference

Sections

.text
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95345c3aa6c235c0d638afcaa2a55c31

Headers

File Characteristics

Imports

kernel32

user32

ole32

psapi

gdi32

winspool.drv

comctl32

oledlg

oleaut32

advapi32

shell32

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 181KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 28KB - Virtual size: 125KB

.vmp0 Size: 136KB - Virtual size: 132KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 184KB - Virtual size: 181KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 28KB - Virtual size: 125KB

.vmp0
Size: 136KB - Virtual size: 132KB

.reloc
Size: 12KB - Virtual size: 9KB