blackmoon | bc2eea5ac684355f091c248492c3d119[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

bc2eea5ac684355f091c248492c3d119.bin
Size

122KB
MD5

b9cd1a83c683204d3b1ec870377e7203
SHA1

4171221fd17917477289f11ab46ee08e8aa23640
SHA256

294a01c79178f6e8fb5560d41491638150945b5d33e540aeff256113db52ec4b
SHA512

e0bc3be72ce38a78129387d10c4d6bf2c4f4c4074c1d46e7ca83777a727bd10b51e04ab97efbb008c807125bb7373dff101b3ed36ff69035c06ab97d29294c1d
SSDEEP

3072:w7vUjvMFYfzmHiycyAMuFq6UqEyAqS6f508yEpRuRIu9:O1GmHiygMMq6UEAaKv89u9

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/768ef14ef73e93012d852ecbef0b107ac82dae975cc6c22c1a8d805aaaa6e49e.exe	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/768ef14ef73e93012d852ecbef0b107ac82dae975cc6c22c1a8d805aaaa6e49e.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/768ef14ef73e93012d852ecbef0b107ac82dae975cc6c22c1a8d805aaaa6e49e.exe

Files

bc2eea5ac684355f091c248492c3d119.bin
.zip

Password: infected
768ef14ef73e93012d852ecbef0b107ac82dae975cc6c22c1a8d805aaaa6e49e.exe
.exe windows:4 windows x86 arch:x86

Password: infected

391b34fdb03bbbe961a380d74dcff2da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegCloseKey

atl

AtlAxGetControl
AtlAdvise
AtlUnadvise
AtlAxWinInit
AtlAxWinInit

gdi32

CreateSolidBrush
SelectObject
DeleteObject
DeleteDC
SetTextColor
SetBkMode
GetStockObject
Rectangle
StretchBlt
GetPixel
GetObjectA
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
CreatePatternBrush
FillRgn
FrameRgn
SetBkColor

kernel32

LocalSize
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
GetCurrentProcessId
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
Module32First
GlobalAlloc
GlobalLock
RtlMoveMemory
MulDiv
lstrcpyn
GlobalSize
lstrcpyn
WideCharToMultiByte
GetTempPathA
GetWindowsDirectoryA
GetModuleFileNameA
lstrlenW
MultiByteToWideChar
CloseHandle
GlobalFree
TerminateThread
GetModuleHandleA
GlobalUnlock
GetProcessHeap
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GetTickCount
WritePrivateProfileStringA
GetUserDefaultLCID
WriteFile
GetPrivateProfileStringA
CreateFileA
GetFileSize
ReadFile
IsBadReadPtr
HeapReAlloc
ExitProcess
HeapAlloc
GetModuleHandleA
GetFileAttributesA
SetFileAttributesA
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess

msimg32

AlphaBlend
TransparentBlt
AlphaBlend

msvcrt

__CxxFrameHandler
malloc
free
memmove
modf
rand
srand
toupper
_CIfmod
strchr
floor
??2@YAPAXI@Z
strrchr
_ftol
atoi
??3@YAXPAX@Z
strncpy
tolower
sprintf
strncmp
strtod
_strnicmp
free

oleaut32

VarR8FromI2
LoadTypeLib
LHashValOfNameSys
RegisterTypeLib
SafeArrayCreate
VariantChangeType
VariantInit
SafeArrayDestroy
SysAllocString
VariantClear
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
OleLoadPicture
VarR8FromCy
VarR8FromCy

shell32

Shell_NotifyIcon
DragFinish
DragQueryFile
ShellExecuteA
DragAcceptFiles
DragFinish

shlwapi

PathFileExistsA
PathFileExistsA

user32

RegisterClassExA
SetActiveWindow
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
DrawTextA
IsZoomed
IsIconic
GetSysColor
MsgWaitForMultipleObjects
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
GetSystemMetrics
UpdateLayeredWindow
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
SetParent
PostMessageA
SetWindowPos
MoveWindow
UpdateWindow
ValidateRect
ScreenToClient
GetWindowRect
GetFocus
LoadMenuA
DrawIcon
CreateWindowExA
DestroyIcon
PostQuitMessage
DestroyIcon
TrackMouseEvent
SetCursor
LoadCursorA
DefMDIChildProcA
SendMessageA
GetAsyncKeyState
EndPaint
BeginPaint
GetClassNameA
IsWindow
DispatchMessageA
TranslateMessage
IsDialogMessage
TranslateAccelerator
GetMessageA
CallWindowProcA
FillRect
GetClientRect
InvalidateRect
GetAncestor
GetParent
CopyIcon
CopyImage
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
GetWindowTextA
IsWindowVisible
GetWindowThreadProcessId
GetWindow
GetDesktopWindow
DestroyMenu
DrawIconEx
GetIconInfo
CreateMenu
CreatePopupMenu
GetDlgItem
GetSystemMenu
AppendMenuA
GetMenuItemCount
InsertMenuA
SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
SetForegroundWindow
TrackPopupMenu
GetMenuStringA
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
SetFocus
LoadCursorA
RegisterClassExA

wininet

HttpQueryInfoA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetOpenA

gdiplus

GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipGetFontHeight
GdipGetFontUnit
GdipGetFontSize
GdipGetFontStyle
GdipCreateFontFromDC
GdipCreateFont
GdipDeleteFont
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdipDrawString
GdipDrawImagePointRect
GdipFillRectangle
GdipGetImageDimension
GdipCreateBitmapFromScan0
GdipDeletePen
GdipDrawLine
GdipCreatePen1
GdipDeleteGraphics
GdipDrawImageRect
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDrawRectangleI
GdipDrawRectangle
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipSetWorldTransform
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetImageRawFormat
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromStreamICM
GdiplusShutdown
GdipSaveImageToStream
GdipCreateBitmapFromStream
GdipDisposeImage
GdiplusStartup
GdipDrawLine

combase

CLSIDFromProgID
CoCreateInstance
StringFromGUID2
CoUninitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
CLSIDFromString

ole32

OleRun
CoInitialize
OleRun

Sections

UPX0
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

391b34fdb03bbbe961a380d74dcff2da

Headers

File Characteristics

Imports

advapi32

atl

gdi32

kernel32

msimg32

msvcrt

oleaut32

shell32

shlwapi

user32

wininet

gdiplus

combase

ole32

Sections

UPX0 Size: 360KB - Virtual size: 360KB

UPX1 Size: 80KB - Virtual size: 80KB

UPX2 Size: 14KB - Virtual size: 14KB

UPX0
Size: 360KB - Virtual size: 360KB

UPX1
Size: 80KB - Virtual size: 80KB

UPX2
Size: 14KB - Virtual size: 14KB