blackmoon | 75b6756e4934d2e469cf260c58859c89b3a3dec975e401ba42651cf8fa50d9ef

Sharing

Copy URL Twitter E-mail

General

Target

75b6756e4934d2e469cf260c58859c89b3a3dec975e401ba42651cf8fa50d9ef
Size

2.6MB
MD5

0edb7896f91d146e3024b1687ff2e850
SHA1

cc7c4c23f834a257fe15a1778d3baf2d37903735
SHA256

75b6756e4934d2e469cf260c58859c89b3a3dec975e401ba42651cf8fa50d9ef
SHA512

bcf8997a63408cf921c4e678f1c15474fe397fb0f35c80137b77b3c101033f8b2ff2f66fcff60508441150faa794b2f74dda698dfceac8a6c41fcdaa6707cb58
SSDEEP

49152:4jNzo10IWXuNX70PNH8nBv9GMHlIDCo8MTSDwvbta9cdZAmQ1:u2r0PNHYBVGKlIhBaOc

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75b6756e4934d2e469cf260c58859c89b3a3dec975e401ba42651cf8fa50d9ef

Files

75b6756e4934d2e469cf260c58859c89b3a3dec975e401ba42651cf8fa50d9ef
.exe windows:4 windows x86 arch:x86

5e6f20fa336c464a3e2658a9be45ece2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
LCMapStringA
DeleteFileA
WriteFile
GetEnvironmentVariableA
SetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLocalTime
IsBadReadPtr
HeapReAlloc
ExitProcess
DeviceIoControl
CreateFileA
LocalSize
CreateThread
GetProcAddress
GetModuleHandleA
IsDebuggerPresent
IsWow64Process
WideCharToMultiByte
RtlMoveMemory
OpenProcess
HeapSize
RaiseException
TerminateProcess
RtlUnwind
GetCommandLineA
lstrcpyn
HeapAlloc
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
GetCurrentProcess
GetProcessVersion
FindResourceA
SetHandleCount
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
SetLastError
InterlockedIncrement
GlobalFlags
MulDiv
GetVersion
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
InterlockedDecrement
GetCurrentThreadId
GetCurrentThread
GetTempPathA
GetStdHandle
GetSystemDirectoryA
SetProcessWorkingSetSize
CreateWaitableTimerA
SetWaitableTimer
GetExitCodeThread
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
CloseHandle
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TerminateThread
InitializeCriticalSection
LocalFree
LocalAlloc
lstrlenA
GetTickCount
GetModuleFileNameA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
ReadProcessMemory
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
LoadLibraryA
HeapFree
GetProcessHeap
LoadResource
Process32Next
Process32First
Module32Next
WriteProcessMemory
Module32First
CreateToolhelp32Snapshot
MultiByteToWideChar
SetStdHandle
TlsAlloc
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
TerminateProcess
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadReadPtr
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
LocalFree
InterlockedDecrement
InterlockedIncrement
SuspendThread
ReleaseMutex
CreateMutexA
TerminateThread
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
SetLastError
GetTimeZoneInformation
FileTimeToSystemTime
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
SetFileAttributesA
GetFileAttributesA
DeleteFileA
IsBadCodePtr
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
CloseHandle
WaitForSingleObject
CreateProcessA
GetTickCount
GetCommandLineA

ole32

OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitialize
OleFlushClipboard
CLSIDFromString
CoUninitialize
CLSIDFromProgID
OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun

user32

AppendMenuA
GetMenuItemCount
InsertMenuA
SetMenuInfo
GetSubMenu
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
RegisterClassExA
GetParent
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
IsWindow
GetClassNameA
BeginPaint
EndPaint
CallWindowProcA
GetAsyncKeyState
GetClientRect
DestroyWindow
DefWindowProcA
DefMDIChildProcA
LoadCursorA
SetCursor
TrackMouseEvent
DestroyIcon
SetWindowLongA
DestroyCursor
CreateWindowExA
GetWindowLongA
GetDlgItem
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
GetMenuItemID
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnhookWindowsHookEx
UnregisterClassA
PtInRect
GetDlgCtrlID
ClientToScreen
SetFocus
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
SendDlgItemMessageA
GetWindowPlacement
SystemParametersInfoA
GetForegroundWindow
GetMessagePos
GetMessageTime
RegisterClassA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
GetSysColorBrush
LoadStringA
PostThreadMessageA
CreateDialogIndirectParamA
EndDialog
GetFocus
GetWindowRect
SetActiveWindow
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
SetWindowPos
MoveWindow
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
CheckMenuRadioItem
SetForegroundWindow
TrackPopupMenu
GetMenuStringA
GetClassInfoA
MsgWaitForMultipleObjects
PostMessageA
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
GetMessageA
SendMessageA
GetWindow
PostQuitMessage
ModifyMenuA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
TabbedTextOutA
ScrollWindowEx
IsDialogMessageA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
CharUpperA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
DrawStateA
FrameRect
GetNextDlgTabItem
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
UnregisterClassA
SetMenu
CallWindowProcA
WaitForInputIdle
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA

atl

ord47
ord42
ord10
ord11

shell32

Shell_NotifyIconA
DragQueryFileA
DragFinish
DragAcceptFiles
Shell_NotifyIconA
ShellExecuteA

gdi32

ScaleWindowExtEx
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
DeleteObject
GetStockObject
GetObjectA
CreateCompatibleDC
CreateDIBSection
DeleteDC
SelectObject
BitBlt
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
StretchBlt
CreateSolidBrush
CreatePatternBrush
SetViewportOrgEx
GetClipBox
DeleteDC
StartDocA
EndPage
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
SelectObject
CreatePatternBrush
CreateBitmap
StartPage
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
BitBlt
GetPixel
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
EndDoc
GetTextMetricsA
Escape
ExtTextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
SetDIBitsToDevice
SetTextColor
SetBkMode
TextOutA
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx

advapi32

DeleteService
ControlService
StartServiceA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
OpenSCManagerA
CreateServiceA
OpenServiceA
CloseServiceHandle
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA
OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17
ImageList_Destroy
ord17
_TrackMouseEvent

oledlg

ord8

oleaut32

SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
VarR8FromCy
VarR8FromBool
SafeArrayCreate
VariantChangeType
VariantInit
SafeArrayDestroy
SafeArrayGetElemsize
VariantClear
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayUnaccessData
VariantChangeType
VariantClear
SafeArrayGetDim
SafeArrayGetLBound
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
VariantCopy

shlwapi

PathFileExistsA

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame
AVIStreamInfoA

rasapi32

RasGetConnectStatusA
RasHangUpA

winmm

midiOutUnprepareHeader
midiStreamRestart
midiOutReset
waveOutRestart
PlaySoundA
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiStreamClose
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamStop

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
GetFileTitleA

ws2_32

inet_ntoa
WSAStartup
WSACleanup
select
send
closesocket
WSAAsyncSelect
recvfrom
ioctlsocket
recv
getpeername
accept
ntohl

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenA
HttpOpenRequestA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
InternetSetOptionA
InternetReadFile
InternetConnectA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 948KB - Virtual size: 946KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 248KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e6f20fa336c464a3e2658a9be45ece2

Headers

File Characteristics

Imports

kernel32

ole32

user32

atl

shell32

gdi32

advapi32

winspool.drv

comctl32

oledlg

oleaut32

shlwapi

msvfw32

avifil32

rasapi32

winmm

comdlg32

ws2_32

wininet

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 948KB - Virtual size: 946KB

.data Size: 248KB - Virtual size: 571KB

.rsrc Size: 116KB - Virtual size: 114KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 948KB - Virtual size: 946KB

.data
Size: 248KB - Virtual size: 571KB

.rsrc
Size: 116KB - Virtual size: 114KB