blackmoon | 74ac1b8331b504dcbfd46641e15e273b9be7c8adbdccca8ef4cd6122e3e0b638

Sharing

Copy URL Twitter E-mail

General

Target

74ac1b8331b504dcbfd46641e15e273b9be7c8adbdccca8ef4cd6122e3e0b638
Size

6.9MB
MD5

465cec573f960afe9159c1359cb0e2c4
SHA1

9d3bf440aa0838a2b27d395474af82194787c89a
SHA256

74ac1b8331b504dcbfd46641e15e273b9be7c8adbdccca8ef4cd6122e3e0b638
SHA512

30564739b404023337d91dfbe991f0c5a4d39f849913ac92afdcf03e11931fa75365aa52d47f5d04b3f7edce5caeee23839f20fe0fa13bdc1e9cf9f1096c3ccc
SSDEEP

98304:xJ9f0ZxzJijE4XlwBfR94QBqhZcZ1S6VieaHOK8mgkJGowt0OmNqoH/A2/lJxE60:rwJcDKlFBqzcPzRRK8mgIM0AofxWtUz

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74ac1b8331b504dcbfd46641e15e273b9be7c8adbdccca8ef4cd6122e3e0b638

Files

74ac1b8331b504dcbfd46641e15e273b9be7c8adbdccca8ef4cd6122e3e0b638
.exe windows:4 windows x86 arch:x86

090d42de45cbda7c7c44ca15d2439fed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
GetCommandLineA
GetFileSize
ReadFile
WritePrivateProfileStringA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
Sleep
SetFileAttributesA
MoveFileA
CopyFileA
DeleteFileA
GetFileAttributesA
GetTickCount
IsBadReadPtr
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
LocalSize
HeapReAlloc
HeapFree
HeapAlloc
InitializeCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
VirtualFree
WideCharToMultiByte
VirtualAlloc
GetModuleHandleW
GetDriveTypeA
GetLogicalDriveStringsA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateDirectoryA
WinExec
GetTimeFormatA
GetDateFormatA
InterlockedExchange
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetACP
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetLocalTime
TerminateProcess
CreateProcessW
GetSystemDirectoryA
GetCurrentProcessId
UnmapViewOfFile
GetTempPathA
WriteFile
WaitForSingleObject
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
lstrcmpiA
MultiByteToWideChar
GetProcessHeap
CloseHandle
CreateThread
MapViewOfFile
SetFilePointer
CreateFileMappingA
CreateFileA
GetModuleFileNameA
GetModuleHandleA
LockResource
LoadResource
SizeofResource
FindResourceA
RtlMoveMemory
SetErrorMode
GetLastError
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcpynA
FlushFileBuffers
MulDiv
LocalFree
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
FileTimeToSystemTime
GetVersion
SetLastError
GetWindowsDirectoryA
GetVersionExA
lstrcpyA
lstrcatA
PostQueuedCompletionStatus
GetExitCodeThread
CreateIoCompletionPort
GetQueuedCompletionStatus
lstrlenA
GetFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime

user32

EndDialog
DestroyWindow
SendMessageA
DefMDIChildProcA
SetCursor
TrackMouseEvent
DestroyIcon
PostQuitMessage
UpdateLayeredWindow
SendMessageW
PostMessageW
KillTimer
GetPropW
DefWindowProcW
GetClientRect
LoadIconW
LoadCursorW
SystemParametersInfoA
SetLayeredWindowAttributes
LoadCursorA
LoadBitmapA
LoadIconA
DefWindowProcA
GetAsyncKeyState
DestroyCursor
CreateWindowExA
GetWindowLongA
GetDlgItem
CallWindowProcA
SetWindowLongA
MessageBoxA
EndPaint
BeginPaint
RegisterClassExW
SetTimer
GetSystemMetrics
IsWindow
GetClassNameA
SetFocus
GetFocus
GetWindowRect
GetParent
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
WindowFromPoint
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
DispatchMessageW
TranslateMessage
GetMessageW
SetForegroundWindow
GetCursorPos
DrawTextA
UnhookWindowsHookEx
PtInRect
GetWindow
GetForegroundWindow
SetActiveWindow
GetLastActivePopup
CallNextHookEx
GetKeyState
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
GrayStringA
CreateDialogIndirectParamA
GetDlgCtrlID
IsDialogMessageA
GetWindowPlacement
GetMessagePos
GetMessageTime
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
SetWindowsHookExA
GetActiveWindow
GetIconInfo
RedrawWindow
IsRectEmpty
GetWindowTextW
CreateWindowExW
GetDC
SetPropW
SetCapture
RemovePropW
SetWindowLongW
GetWindowLongW
ReleaseDC
CallWindowProcW
ReleaseCapture
GetDialogBaseUnits
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CreateDialogParamA
DialogBoxParamA
GetClassInfoExA
RegisterClassExA
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageA
SetWindowPos
MoveWindow
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient

gdi32

CreateBitmap
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
BitBlt
DeleteObject
GetStockObject
GetObjectA
CreateCompatibleDC
CreateDIBSection
DeleteDC
SelectObject
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
StretchBlt
CreateSolidBrush
CreatePatternBrush
GetObjectW
GetDIBits
SetTextColor
SetBkMode
SetBkColor
CreateCompatibleBitmap
FillRgn
FrameRgn
GetTextExtentPoint32W
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

comctl32

InitCommonControlsEx
ord17

ole32

CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

shell32

ShellExecuteA
DragAcceptFiles
ShellExecuteW
Shell_NotifyIconA
DragFinish
DragQueryFileA
SHGetSpecialFolderPathA

ws2_32

__WSAFDIsSet
recv
ioctlsocket
send
closesocket
inet_addr
htons
connect
WSASocketA
WSACleanup
WSAStartup
setsockopt
WSAIoctl
WSAGetLastError
select

shlwapi

StrStrIA

oleaut32

SystemTimeToVariantTime
VarR8FromCy
VarR8FromBool
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

gdiplus

GdipGetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatFlags
GdipFillPolygon
GdipDrawPolygon
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipGetStringFormatTrimming
GdiplusStartup
GdipGetFontHeight
GdipMeasureString
GdipImageSelectActiveFrame
GdipDrawImage
GdipGetFamily
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipCreateStringFormat
GdipSetStringFormatAlign
GdipGetStringFormatAlign
GdipGetFamilyName
GdipSetStringFormatFlags
GdipCreateFontFamilyFromName
GdipAddPathArc
GdipClosePathFigure
GdipSetClipPath
GdipFillPath
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateHBITMAPFromBitmap
GdipFillRectangle
GdipDrawRectangle
GdipCreatePath
GdipGraphicsClear
GdipCloneBitmapArea
GdipDeletePath
GdipGetFontStyle
GdipGetFontSize
GdipDeleteStringFormat
GdipResetClip
GdipDisposeImageAttributes
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipGetVisibleClipBounds
GdipSetClipRect
GdipSetClipRegion
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipDrawImageRect
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipLoadImageFromStream
GdipSetStringFormatTrimming
GdipDrawLine
GdipDeletePen
GdipSetPenDashStyle
GdipCreatePen1
GdipDrawPath
GdipSetStringFormatMeasurableCharacterRanges
GdipCreateRegion
GdipMeasureCharacterRanges
GdipGetRegionBounds
GdipDeleteRegion
GdipBitmapGetPixel
GdipDrawString
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateBitmapFromHICON
GdipImageGetFrameCount
GdipCreateRegionHrgn
GdipCreateLineBrushFromRect

oledlg

ord8

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

Sections

.text
Size: 664KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.6MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

090d42de45cbda7c7c44ca15d2439fed

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

ole32

shell32

ws2_32

shlwapi

oleaut32

gdiplus

oledlg

winspool.drv

Sections

.text Size: 664KB - Virtual size: 661KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 2.6MB - Virtual size: 2.7MB

.vmp0 Size: 68KB - Virtual size: 66KB

.rsrc Size: 3.6MB - Virtual size: 3.6MB

.text
Size: 664KB - Virtual size: 661KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 2.6MB - Virtual size: 2.7MB

.vmp0
Size: 68KB - Virtual size: 66KB

.rsrc
Size: 3.6MB - Virtual size: 3.6MB