blackmoon | 0c082014d003b257b490a56057bdb94b58be290da213befe8aae1d3aab6f10de[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0c082014d003b257b490a56057bdb94b58be290da213befe8aae1d3aab6f10de.exe
Size

458KB
MD5

5b1f4fefe31c2caa1966ca56d71c282e
SHA1

2c3606619bee88a144e075e9486fb812ecba1a79
SHA256

0c082014d003b257b490a56057bdb94b58be290da213befe8aae1d3aab6f10de
SHA512

930f70ad390e43c7256c9782848b5cff49694435aad689ca22fb83c615a119ae03ab83bb10f3543cd8ba9f1b5824d98483f5fedf2097a0ab9f29fb34c921190e
SSDEEP

6144:uvbuWQu/cuaS2l8iE0B55FrJJJekPd4/2OAgerHO:uvqWQub2lrE0B55FpekPd4/2rpO

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c082014d003b257b490a56057bdb94b58be290da213befe8aae1d3aab6f10de.exe

Files

0c082014d003b257b490a56057bdb94b58be290da213befe8aae1d3aab6f10de.exe
.exe windows:4 windows x86 arch:x86

391b34fdb03bbbe961a380d74dcff2da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegCloseKey

atl

AtlAxGetControl
AtlAdvise
AtlUnadvise
AtlAxWinInit
AtlAxWinInit

gdi32

CreateSolidBrush
SelectObject
DeleteObject
DeleteDC
SetTextColor
SetBkMode
GetStockObject
Rectangle
StretchBlt
GetPixel
GetObjectA
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
CreatePatternBrush
FillRgn
FrameRgn
SetBkColor

kernel32

LocalSize
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
GetCurrentProcessId
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
Module32First
GlobalAlloc
GlobalLock
RtlMoveMemory
MulDiv
lstrcpyn
GlobalSize
lstrcpyn
WideCharToMultiByte
GetTempPathA
GetWindowsDirectoryA
GetModuleFileNameA
lstrlenW
MultiByteToWideChar
CloseHandle
GlobalFree
TerminateThread
GetModuleHandleA
GlobalUnlock
GetProcessHeap
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GetTickCount
WritePrivateProfileStringA
GetUserDefaultLCID
WriteFile
GetPrivateProfileStringA
CreateFileA
GetFileSize
ReadFile
IsBadReadPtr
HeapReAlloc
ExitProcess
HeapAlloc
GetModuleHandleA
GetFileAttributesA
SetFileAttributesA
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess

msimg32

AlphaBlend
TransparentBlt
AlphaBlend

msvcrt

__CxxFrameHandler
malloc
free
memmove
modf
rand
srand
toupper
_CIfmod
strchr
floor
??2@YAPAXI@Z
strrchr
_ftol
atoi
??3@YAXPAX@Z
strncpy
tolower
sprintf
strncmp
strtod
_strnicmp
free

oleaut32

VarR8FromI2
LoadTypeLib
LHashValOfNameSys
RegisterTypeLib
SafeArrayCreate
VariantChangeType
VariantInit
SafeArrayDestroy
SysAllocString
VariantClear
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
OleLoadPicture
VarR8FromCy
VarR8FromCy

shell32

Shell_NotifyIcon
DragFinish
DragQueryFile
ShellExecuteA
DragAcceptFiles
DragFinish

shlwapi

PathFileExistsA
PathFileExistsA

user32

RegisterClassExA
SetActiveWindow
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
DrawTextA
IsZoomed
IsIconic
GetSysColor
MsgWaitForMultipleObjects
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
GetSystemMetrics
UpdateLayeredWindow
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
SetParent
PostMessageA
SetWindowPos
MoveWindow
UpdateWindow
ValidateRect
ScreenToClient
GetWindowRect
GetFocus
LoadMenuA
DrawIcon
CreateWindowExA
DestroyIcon
PostQuitMessage
DestroyIcon
TrackMouseEvent
SetCursor
LoadCursorA
DefMDIChildProcA
SendMessageA
GetAsyncKeyState
EndPaint
BeginPaint
GetClassNameA
IsWindow
DispatchMessageA
TranslateMessage
IsDialogMessage
TranslateAccelerator
GetMessageA
CallWindowProcA
FillRect
GetClientRect
InvalidateRect
GetAncestor
GetParent
CopyIcon
CopyImage
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
GetWindowTextA
IsWindowVisible
GetWindowThreadProcessId
GetWindow
GetDesktopWindow
DestroyMenu
DrawIconEx
GetIconInfo
CreateMenu
CreatePopupMenu
GetDlgItem
GetSystemMenu
AppendMenuA
GetMenuItemCount
InsertMenuA
SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
SetForegroundWindow
TrackPopupMenu
GetMenuStringA
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
SetFocus
LoadCursorA
RegisterClassExA

wininet

HttpQueryInfoA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetOpenA

gdiplus

GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipGetFontHeight
GdipGetFontUnit
GdipGetFontSize
GdipGetFontStyle
GdipCreateFontFromDC
GdipCreateFont
GdipDeleteFont
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdipDrawString
GdipDrawImagePointRect
GdipFillRectangle
GdipGetImageDimension
GdipCreateBitmapFromScan0
GdipDeletePen
GdipDrawLine
GdipCreatePen1
GdipDeleteGraphics
GdipDrawImageRect
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDrawRectangleI
GdipDrawRectangle
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipSetWorldTransform
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetImageRawFormat
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromStreamICM
GdiplusShutdown
GdipSaveImageToStream
GdipCreateBitmapFromStream
GdipDisposeImage
GdiplusStartup
GdipDrawLine

combase

CLSIDFromProgID
CoCreateInstance
StringFromGUID2
CoUninitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
CLSIDFromString

ole32

OleRun
CoInitialize
OleRun

Sections

UPX0
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

391b34fdb03bbbe961a380d74dcff2da

Headers

File Characteristics

Imports

advapi32

atl

gdi32

kernel32

msimg32

msvcrt

oleaut32

shell32

shlwapi

user32

wininet

gdiplus

combase

ole32

Sections

UPX0 Size: 360KB - Virtual size: 360KB

UPX1 Size: 80KB - Virtual size: 80KB

UPX2 Size: 14KB - Virtual size: 14KB

UPX0
Size: 360KB - Virtual size: 360KB

UPX1
Size: 80KB - Virtual size: 80KB

UPX2
Size: 14KB - Virtual size: 14KB