blackmoon | 28b4ac223bc3e8a152dff7523b406993f2e5a89474d7dfddc514ab1b78c82423

Sharing

Copy URL Twitter E-mail

General

Target

28b4ac223bc3e8a152dff7523b406993f2e5a89474d7dfddc514ab1b78c82423
Size

5.9MB
MD5

1514c39a57db6449b06f907ca2b7bb97
SHA1

6c8c1f0a6c4aea52c69e30bc924e1128d24dd4d4
SHA256

28b4ac223bc3e8a152dff7523b406993f2e5a89474d7dfddc514ab1b78c82423
SHA512

8fd3f2132727b2fcb724c048b0023f30fb121466c4f8dc53702d2463813965846222f4fb3f66c5d5a33ab3bdece4948e720451c84775b1ef318292c675d7a746
SSDEEP

98304:GL1GDXe3Q4NlY9prRjSAZE+ZKRtEEnNv/zJKU7ME7siwC42BeC0A7T+jIe1m:KqXwloxj9ZEIKoEx/9KU73siwXix0qTR

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28b4ac223bc3e8a152dff7523b406993f2e5a89474d7dfddc514ab1b78c82423

Files

28b4ac223bc3e8a152dff7523b406993f2e5a89474d7dfddc514ab1b78c82423
.exe windows:4 windows x86 arch:x86

b647fc8efb5435eccc024b36615e81b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
GetLocalTime
WriteFile
SetFileAttributesA
CopyFileA
SetCurrentDirectoryA
GetModuleFileNameA
FindFirstFileA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GetTickCount
GetStartupInfoA
GetFileSize
ReadFile
SetFilePointer
CreateFileA
Sleep
GetEnvironmentVariableA
IsBadReadPtr
HeapReAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
lstrcpyA
Module32First
CreateToolhelp32Snapshot
LocalFree
LocalAlloc
TerminateProcess
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
HeapValidate
lstrcpyn
GetLastError
GetQueuedCompletionStatus
GetSystemInfo
HeapDestroy
HeapFree
CloseHandle
CreateThread
HeapAlloc
HeapCreate
LocalSize
WaitForSingleObject
CreateProcessA
GetCurrentProcessId
RtlMoveMemory
LoadResource
SizeofResource
FindResourceA
MoveFileA
CreateDirectoryA
InterlockedExchange
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
VirtualAlloc
VirtualFree
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
DeleteCriticalSection
TerminateThread
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetCurrentProcess
Process32Next
Process32First
OpenProcess
SetLastError
lstrcatA
LockResource
GetVersion
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
MulDiv
FlushFileBuffers
lstrcpynA
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgCtrlID
SetWindowTextA
GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetLastActivePopup
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
SetCursor
PostMessageA
PostQuitMessage
GetWindow
PtInRect
IsWindowVisible
CreatePopupMenu
GetWindowLongA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
GetDC
ReleaseDC
DrawMenuBar
SetWindowLongA
AppendMenuW
AppendMenuA
SetMenu
EnableWindow
GetParent
GetWindowThreadProcessId
GetWindowRect
GetSystemMetrics
CallWindowProcA
SetForegroundWindow
TrackPopupMenu
EnumWindows
GetWindowTextA
GetClassNameA
RegisterWindowMessageA
FindWindowA
FindWindowExA
IsWindow
SendMessageA
CreateIconFromResource
SetPropA
GetPropA
GetClientRect
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetCursorPos
SetActiveWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
GetClassLongA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
CreateProcessAsUserA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA
ShellExecuteEx
Shell_NotifyIconA

ole32

OleFlushClipboard
CoRevokeClassObject
OleIsCurrentClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize

iphlpapi

GetExtendedTcpTable

shlwapi

PathFileExistsA

ws2_32

socket
WSASocketA
getpeername
ioctlsocket
accept
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSACloseEvent
listen
bind
inet_addr
htons
WSAEventSelect
WSACreateEvent
recv
send
inet_ntoa
ntohs
getsockname
WSARecv
shutdown
WSAIoctl
setsockopt
closesocket
WSAStartup
WSAGetLastError
WSAIsBlocking
WSACancelBlockingCall
gethostbyname
WSASetLastError
connect
select
__WSAFDIsSet
htonl
WSACleanup
sendto
recvfrom
WSASocketW

gdi32

GetStockObject
GetObjectA
DeleteDC
SelectObject
GetDeviceCaps
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx

wininet

InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetReadFile

oledlg

ord8

oleaut32

VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

winmm

timeSetEvent
timeKillEvent

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comctl32

ord17

Sections

.text
Size: 372KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b647fc8efb5435eccc024b36615e81b9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

iphlpapi

shlwapi

ws2_32

gdi32

wininet

oledlg

oleaut32

winmm

winspool.drv

comctl32

Sections

.text Size: 372KB - Virtual size: 369KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 48KB - Virtual size: 196KB

.rsrc Size: 5.4MB - Virtual size: 5.4MB

.text
Size: 372KB - Virtual size: 369KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 48KB - Virtual size: 196KB

.rsrc
Size: 5.4MB - Virtual size: 5.4MB