blackmoon | 7ce965abc6531c0bf6ba6942856a5aed4443cf794d1aa4aaab4f76bd576df20f

Sharing

Copy URL Twitter E-mail

General

Target

7ce965abc6531c0bf6ba6942856a5aed4443cf794d1aa4aaab4f76bd576df20f
Size

137KB
MD5

5eecde06faae38c68d723ac949984d43
SHA1

24fc1b77ea521ef856f0ecd8fa9dd644d58d85f6
SHA256

7ce965abc6531c0bf6ba6942856a5aed4443cf794d1aa4aaab4f76bd576df20f
SHA512

32090702ac4cf068d5b7b192089ae8e65318e1ec70fe5185a22c7079f712c463e6fd21ff632c56c910e7ea649239573092e6bab93736ae1e4a417ac7d15d329f
SSDEEP

3072:q2cBfrU8DbQqiZmLaAkYQlaYE/yoezYX5boJc9Gb:iBfrUmwmLaACJCrX5qqGb

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/d80456fb7c7a5e59f4ac96cb980e42cfae2fa85ceea57ddde075e09929d427b4.exe	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/d80456fb7c7a5e59f4ac96cb980e42cfae2fa85ceea57ddde075e09929d427b4.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d80456fb7c7a5e59f4ac96cb980e42cfae2fa85ceea57ddde075e09929d427b4.exe

Files

7ce965abc6531c0bf6ba6942856a5aed4443cf794d1aa4aaab4f76bd576df20f
.zip

Password: infected
d80456fb7c7a5e59f4ac96cb980e42cfae2fa85ceea57ddde075e09929d427b4.exe
.exe windows:4 windows x86 arch:x86

3bb3093a5eeb1047bbdd41c02a894dbe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegOpenKeyA

atl

AtlAxWinInit
AtlAxGetControl
AtlAdvise
AtlUnadvise
AtlUnadvise

gdi32

SelectObject
CreateSolidBrush
DeleteObject
DeleteDC
SetTextColor
SetBkMode
GetStockObject
Rectangle
StretchBlt
SetBkColor
FrameRgn
FillRgn
CreatePatternBrush
CreateRoundRectRgn
CombineRgn
ExtCreateRegion
GetObjectA
GetPixel

kernel32

MulDiv
GlobalUnlock
RtlMoveMemory
GlobalFree
GlobalLock
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
Module32First
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
CancelWaitableTimer
GetTempPathA
TerminateProcess
GetCurrentProcessId
lstrcpyn
GlobalSize
lstrcpyn
SetHandleCount
GetWindowsDirectoryA
LocalSize
SetWaitableTimer
TerminateThread
GetModuleHandleA
GetModuleFileNameA
CreateWaitableTimerA
OpenProcess
lstrlenW
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GetTickCount
WritePrivateProfileStringA
WriteFile
GetPrivateProfileStringA
GetUserDefaultLCID
DeleteFileA
CreateFileA
GetFileSize
ReadFile
IsBadReadPtr
HeapReAlloc
ExitProcess
HeapAlloc
HeapFree
GetModuleHandleA
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess

msimg32

AlphaBlend
TransparentBlt
AlphaBlend

msvcrt

__CxxFrameHandler
malloc
free
modf
memmove
rand
srand
toupper
_CIfmod
floor
_ftol
atoi
strncpy
strrchr
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
tolower
sprintf
strncmp
strtod
_strnicmp
free

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
RegisterTypeLib
VariantChangeType
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromI2
LHashValOfNameSys
LoadTypeLib
OleLoadPicture
OleLoadPicture

shell32

DragAcceptFiles
Shell_NotifyIcon
DragFinish
DragQueryFile
ShellExecuteA
DragFinish

shlwapi

PathFileExistsA
PathFileExistsA

user32

RegisterClassExA
SetActiveWindow
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
DrawTextA
IsIconic
GetSysColor
SetClassLongA
MsgWaitForMultipleObjects
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
IsZoomed
UpdateLayeredWindow
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
SetParent
PostMessageA
SetWindowPos
DrawIcon
DrawIconEx
GetIconInfo
CreateMenu
CreatePopupMenu
GetSystemMenu
LoadMenuA
DestroyMenu
AppendMenuA
GetMenuItemCount
InsertMenuA
SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
SetForegroundWindow
TrackPopupMenu
GetMenuStringA
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
MoveWindow
UpdateWindow
ValidateRect
ScreenToClient
GetWindowRect
GetFocus
SetFocus
GetDlgItem
CreateWindowExA
DestroyIcon
PostQuitMessage
DestroyIcon
TrackMouseEvent
SetCursor
LoadCursorA
DefMDIChildProcA
SendMessageA
GetAsyncKeyState
EndPaint
BeginPaint
GetClassNameA
IsWindow
DispatchMessageA
TranslateMessage
IsDialogMessage
TranslateAccelerator
GetMessageA
KillTimer
SetTimer
CallWindowProcA
FillRect
GetClientRect
InvalidateRect
GetAncestor
GetParent
CopyIcon
CopyImage
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
GetWindowTextA
IsWindowVisible
GetWindowThreadProcessId
GetWindow
GetDesktopWindow
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
LoadCursorA
RegisterClassExA

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA

gdiplus

GdipGetFontStyle
GdipGetFontSize
GdipGetFontUnit
GdipGetFontHeight
GdipCreateStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipGetImageDimension
GdipCreateBitmapFromScan0
GdipDeletePen
GdipDrawLine
GdipCreatePen1
GdipDeleteGraphics
GdipDrawImageRect
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFontFromDC
GdipDrawRectangleI
GdipDrawRectangle
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipSetWorldTransform
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetImageRawFormat
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromStreamICM
GdiplusShutdown
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromStream
GdiplusStartup
GdipCreateFont
GdipDeleteFont
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdipDrawString
GdipDrawImagePointRect
GdipCreateFromHDC
GdipFillRectangle
GdipDrawLine

combase

CoUninitialize
CLSIDFromString
GetHGlobalFromStream
StringFromGUID2
CoCreateInstance
CLSIDFromProgID
CreateStreamOnHGlobal

ole32

CoInitialize
OleRun
OleRun

Sections

UPX0
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

3bb3093a5eeb1047bbdd41c02a894dbe

Headers

File Characteristics

Imports

advapi32

atl

gdi32

kernel32

msimg32

msvcrt

oleaut32

shell32

shlwapi

user32

wininet

gdiplus

combase

ole32

Sections

UPX0 Size: 412KB - Virtual size: 412KB

UPX1 Size: 88KB - Virtual size: 88KB

UPX2 Size: 14KB - Virtual size: 14KB

UPX0
Size: 412KB - Virtual size: 412KB

UPX1
Size: 88KB - Virtual size: 88KB

UPX2
Size: 14KB - Virtual size: 14KB