blackmoon | ba2518a8dca3969ce8e93183579d7550

Sharing

Copy URL

Twitter E-mail

General

Target

ba2518a8dca3969ce8e93183579d7550
Size

480KB
MD5

ba2518a8dca3969ce8e93183579d7550
SHA1

d5bb15263e39ca46eecfaaf1d809a572e447c0c7
SHA256

a6c7a7b70d71683fb63c03881a02e89868bd1ac6bd3b09ad1b766c6801c3bd2e
SHA512

0131d798e71d57a7307cb5b5dbc2675fbf9e49ca4efbf207ed4195edee439ba09643dfd3a6e8724fac2836b4d10e9be59050c8ceb11ae9c7a50c5e25a21a46f3
SSDEEP

12288:AC6uvL1EKICUuLpujZEj6Fxo80rP61vjt:ACDz1EDCUuSZEj6FxopD6j

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba2518a8dca3969ce8e93183579d7550

Files

ba2518a8dca3969ce8e93183579d7550
.dll windows:4 windows

027daac07ca228ee08d1a4f6619b7ea6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyname
recvfrom
closesocket
WSACleanup
htons
setsockopt
socket
ntohs
inet_ntoa
sendto
bind
WSAStartup
listen
accept
__WSAFDIsSet
select
recv
send
getpeername
connect
htonl
gethostname
getsockname
inet_addr

kernel32

SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetCurrentProcess
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
FreeLibrary
GetCommandLineA
ReadFile
GetFileSize
CreateFileA
WriteFile
CloseHandle
WritePrivateProfileStringA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
CreateDirectoryA
DeleteFileA
IsBadReadPtr
HeapFree
TlsFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GlobalFree
RtlMoveMemory
RtlZeroMemory
GlobalAlloc
LoadLibraryA
Sleep
CreateThread
lstrcpyn
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
SetWaitableTimer
CreateWaitableTimerA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetACP
HeapSize
RaiseException
IsBadCodePtr
SetStdHandle
FlushFileBuffers
TerminateProcess
RtlUnwind
GetOEMCP
GetCPInfo
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
SystemTimeToFileTime
GetFileAttributesA
GetCurrentDirectoryA
LocalFileTimeToFileTime
SetFileTime
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalLock
LocalAlloc
LocalFree
TlsAlloc
GlobalUnlock
GlobalHandle
GetProcessVersion
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA
GetVersion
GlobalFlags
InterlockedIncrement
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA

user32

GetClientRect
CopyRect
DestroyMenu
LoadStringA
GetSysColorBrush
AdjustWindowRectEx
LoadCursorA
LoadIconA
MapWindowPoints
GetSysColor
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
GetWindowTextA
PeekMessageA
GetMessageA
wsprintfA
MessageBoxA
CharUpperA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
UnhookWindowsHookEx
UnregisterClassA
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
RemovePropA
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA

shlwapi

PathFileExistsA
PathRemoveBlanksA

shell32

SHGetSpecialFolderPathA

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA

comdlg32

GetFileTitleA

iphlpapi

GetIpAddrTable
SendARP

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap
GetStockObject
GetObjectA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

comctl32

ord17

icmp

IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle

Exports

Exports

_��ӳ��

Sections

.text
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

027daac07ca228ee08d1a4f6619b7ea6

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

shlwapi

shell32

wininet

comdlg32

iphlpapi

gdi32

winspool.drv

advapi32

comctl32

icmp

Exports

Exports

Sections

.text Size: 260KB - Virtual size: 257KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 168KB - Virtual size: 228KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 260KB - Virtual size: 257KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 168KB - Virtual size: 228KB

.reloc
Size: 20KB - Virtual size: 18KB