blackmoon | 21e63c77da961213ac1eac686d5fa5f697c3a9fc48dceac7f5eab6385a5f6f1a[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

21e63c77da961213ac1eac686d5fa5f697c3a9fc48dceac7f5eab6385a5f6f1a.exe
Size

518KB
MD5

c1eab7851c1c7366255815ac53251a7c
SHA1

6e2771ea7d6ef2af3f5e58bad41adba9a0e42130
SHA256

21e63c77da961213ac1eac686d5fa5f697c3a9fc48dceac7f5eab6385a5f6f1a
SHA512

3c9015c5024ebcc0df082d3fc5cc43e6487389712cd0e44e0f77f4b6ccf0fc947d8beabc729ad3c09ffa8d34b3bb4ccfcfbe13516eb7de766927e80449b695a8
SSDEEP

6144:0wGdR+Yk/N8duBmG6t+UnRsRCQ/OJBr7VCnv:0woR+Y4NSG6oUnRsdOJBr7VMv

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21e63c77da961213ac1eac686d5fa5f697c3a9fc48dceac7f5eab6385a5f6f1a.exe

Files

21e63c77da961213ac1eac686d5fa5f697c3a9fc48dceac7f5eab6385a5f6f1a.exe
.exe windows:4 windows x86 arch:x86

da4a387004bf1285d93edaa4d5233098

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegCloseKey

atl

AtlAxWinInit
AtlUnadvise
AtlAdvise
AtlAxGetControl
AtlAxGetControl

gdi32

SetTextColor
DeleteObject
CreateSolidBrush
SelectObject
DeleteDC
Rectangle
StretchBlt
GetPixel
GetObjectA
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
CreatePatternBrush
FillRgn
FrameRgn
SetBkColor
CreateFontA
GetStockObject

kernel32

LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GetTickCount
WritePrivateProfileStringA
WriteFile
GetPrivateProfileStringA
GetUserDefaultLCID
DeleteFileA
CreateFileA
GetFileSize
ReadFile
IsBadReadPtr
HeapReAlloc
ExitProcess
HeapAlloc
HeapFree
GetProcessHeap
lstrlenW
GetWindowsDirectoryA
SetHandleCount
lstrcpyn
GlobalSize
lstrcpyn
GetCurrentProcessId
TerminateProcess
OpenProcess
MulDiv
GlobalUnlock
RtlMoveMemory
GlobalLock
GlobalAlloc
WideCharToMultiByte
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerA
GetModuleFileNameA
GetTempPathA
GetModuleHandleA
GlobalFree
CloseHandle
TerminateThread
MultiByteToWideChar
GetModuleHandleA
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess

msimg32

AlphaBlend
TransparentBlt
AlphaBlend

msvcrt

strncmp
sprintf
tolower
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
strrchr
strncpy
atoi
_ftol
floor
strtod
_CIfmod
toupper
srand
rand
memmove
modf
free
malloc
__CxxFrameHandler
_strnicmp
atoi

oleaut32

VariantChangeType
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromI2
LoadTypeLib
LHashValOfNameSys
RegisterTypeLib
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
OleLoadPicture
OleLoadPicture

shell32

DragAcceptFiles
DragQueryFile
DragFinish
Shell_NotifyIcon
ShellExecuteA
DragFinish

shlwapi

PathFileExistsA
PathFileExistsA

user32

ValidateRect
ScreenToClient
GetWindowRect
GetFocus
SetFocus
GetDlgItem
CreateWindowExA
DestroyIcon
PostQuitMessage
UpdateWindow
TrackMouseEvent
SetCursor
LoadCursorA
MsgWaitForMultipleObjects
GetIconInfo
DefMDIChildProcA
SendMessageA
DefWindowProcA
DestroyIcon
MoveWindow
CreateMenu
CreatePopupMenu
SetWindowPos
LoadMenuA
PeekMessageA
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetWindowTextLengthA
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
PostMessageA
EnableWindow
SetParent
ShowWindow
IsWindowEnabled
GetSystemMenu
GetAsyncKeyState
EndPaint
BeginPaint
GetClassNameA
IsWindow
DispatchMessageA
TranslateMessage
IsDialogMessage
TranslateAccelerator
GetMessageA
KillTimer
SetTimer
CallWindowProcA
FillRect
GetClientRect
InvalidateRect
GetAncestor
GetParent
CopyIcon
CopyImage
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
GetWindowTextA
IsWindowVisible
GetWindowThreadProcessId
SetWindowTextA
MessageBoxA
SetPropA
GetPropA
RemovePropA
SetWindowRgn
SetRect
GetClassLongA
SetClassLongA
GetSysColor
IsIconic
IsZoomed
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
RegisterWindowMessageA
RegisterHotKey
UnregisterHotKey
SetActiveWindow
RegisterClassExA
DrawTextA
UpdateLayeredWindow
DrawIcon
GetMenuItemRect
DrawIconEx
GetWindow
GetDesktopWindow
DestroyMenu
LoadCursorA
RegisterClassExA

wininet

HttpQueryInfoA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetOpenA

gdiplus

GdipDisposeImage
GdipCreateBitmapFromStream
GdipSaveImageToStream
GdiplusShutdown
GdipCreateBitmapFromStreamICM
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImageRawFormat
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipGetFontHeight
GdipGetFontUnit
GdipGetFontSize
GdipGetFontStyle
GdipCreateFontFromDC
GdipCreateFont
GdipDeleteFont
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdipDrawString
GdipDrawImagePointRect
GdipFillRectangle
GdipGetImageDimension
GdipCreateBitmapFromScan0
GdipDeletePen
GdipDrawLine
GdipCreatePen1
GdipDeleteGraphics
GdipDrawImageRect
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDrawRectangleI
GdipDrawRectangle
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipSetWorldTransform
GdipDeleteBrush
GdiplusStartup
GdipDrawLine

ole32

CoInitialize
OleRun
OleRun

combase

CoUninitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
StringFromGUID2
CoCreateInstance
CLSIDFromProgID
CLSIDFromString

Sections

UPX0
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da4a387004bf1285d93edaa4d5233098

Headers

File Characteristics

Imports

advapi32

atl

gdi32

kernel32

msimg32

msvcrt

oleaut32

shell32

shlwapi

user32

wininet

gdiplus

ole32

combase

Sections

UPX0 Size: 412KB - Virtual size: 412KB

UPX1 Size: 88KB - Virtual size: 88KB

UPX2 Size: 14KB - Virtual size: 14KB

UPX0
Size: 412KB - Virtual size: 412KB

UPX1
Size: 88KB - Virtual size: 88KB

UPX2
Size: 14KB - Virtual size: 14KB