Behavioral task
behavioral1
Sample
c496186252e38c7b0f7fdd41320cce0d803ee47eb7e8274a022fa9c1ba7de80c.exe
Resource
win7-20240221-en
windows7-x64
General
-
Target
c496186252e38c7b0f7fdd41320cce0d803ee47eb7e8274a022fa9c1ba7de80c
-
Size
3.9MB
-
MD5
1817d996822228793991fd6fde6bf311
-
SHA1
c1a98f81dbaa9765593c9d3edaf8c424504febce
-
SHA256
c496186252e38c7b0f7fdd41320cce0d803ee47eb7e8274a022fa9c1ba7de80c
-
SHA512
320e834a570469bb9a0ab1af515fb70a1622c060c0a6cb8f5e08cb1f21a6c1835c55494c91bf5837e604a776537921748fbe4948f3ba8d5e0c330b6628709a7b
-
SSDEEP
49152:iJ0lF4I5gB+v9LrsQ2T4e920ZR8CenVkMhj6QCfYTq:hl+I5C+vNYZR8Cen9vCX
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c496186252e38c7b0f7fdd41320cce0d803ee47eb7e8274a022fa9c1ba7de80c
Files
-
c496186252e38c7b0f7fdd41320cce0d803ee47eb7e8274a022fa9c1ba7de80c.exe windows:4 windows x86 arch:x86
a070463e2cf6b85e094e0f38aa9420dc
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessA
CreatePipe
GetComputerNameA
GetVersionExA
DebugActiveProcess
DeviceIoControl
CreateFileA
Sleep
GetVersion
VirtualProtectEx
CreateDirectoryA
GetCurrentProcessId
VirtualQueryEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
GetProcessTimes
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetModuleFileNameA
Module32Next
LocalFree
LocalAlloc
TerminateThread
TerminateProcess
FileTimeToSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
SetUnhandledExceptionFilter
CreateEventA
GetShortPathNameA
WriteFile
SetFilePointer
SetEndOfFile
CopyFileA
GetDateFormatA
GetTimeFormatA
DeleteFileA
MoveFileA
GetThreadContext
SetThreadContext
InterlockedIncrement
GetLastError
FormatMessageA
LoadLibraryExA
FreeLibrary
LCMapStringA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
GlobalFree
RtlFillMemory
IsDBCSLeadByteEx
lstrlenA
GetCurrentThreadId
GetCommandLineA
WritePrivateProfileStringA
SetFileAttributesA
GetFileAttributesA
GetCurrentDirectoryA
SetLocalTime
GetStringTypeW
GetStringTypeA
IsBadWritePtr
LCMapStringW
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
CreateMutexA
FreeEnvironmentStringsA
GetStdHandle
SetHandleCount
GetFileType
SetStdHandle
HeapSize
GetACP
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
GetLocalTime
GetThreadTimes
ResumeThread
SuspendThread
OpenThread
RtlMoveMemory
VirtualAllocEx
CreateThread
SetWaitableTimer
CreateWaitableTimerA
InterlockedDecrement
OpenEventA
Thread32Next
Thread32First
WaitForSingleObject
CreateRemoteThread
MulDiv
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
FindFirstFileA
RemoveDirectoryA
FindNextFileA
GetStartupInfoA
FindClose
ReleaseMutex
GetFileSize
GetTickCount
IsBadReadPtr
HeapReAlloc
ExitProcess
GlobalHandle
TlsAlloc
FlushFileBuffers
lstrcpyA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
SetLastError
GetTimeZoneInformation
lstrcpynA
IsDebuggerPresent
GetProcessHeap
HeapAlloc
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
Module32First
OpenProcess
WriteProcessMemory
GetModuleHandleA
GetProcAddress
GetExitCodeThread
VirtualFreeEx
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetCurrentProcess
ReadProcessMemory
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
lstrcpyn
GetLongPathNameA
VirtualFree
GetUserDefaultLCID
VirtualAlloc
OpenMutexA
FreeEnvironmentStringsW
HeapFree
SetProcessWorkingSetSize
GetVolumeInformationA
lstrcmpiA
GlobalDeleteAtom
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
LocalAlloc
GlobalHandle
LocalReAlloc
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
TerminateThread
Process32Next
Process32First
CreateToolhelp32Snapshot
SetFilePointer
GetFileSize
GetCurrentProcess
TerminateProcess
GetWindowsDirectoryA
GetSystemTime
GetLocalTime
RaiseException
GetFileType
SetEnvironmentVariableA
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableW
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
SetStdHandle
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
InterlockedExchange
GetFileAttributesA
SetFileAttributesA
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
GetDriveTypeA
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrlenW
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
DeviceIoControl
CreateFileA
WaitForMultipleObjects
WriteFile
SetEndOfFile
SetLastError
GetTimeZoneInformation
GetLocaleInfoA
GetVersion
CreateMutexA
ReleaseMutex
SuspendThread
SetNamedPipeHandleState
WaitNamedPipeA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
OpenEventA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
InterlockedIncrement
InterlockedDecrement
GetProfileStringA
user32
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnregisterClassA
PtInRect
GetMenuItemCount
TabbedTextOutA
DrawTextA
GrayStringA
IsDialogMessageA
GetWindowPlacement
GetMessagePos
GetMessageTime
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
MessageBoxA
CreateDialogIndirectParamA
EndDialog
SetActiveWindow
SetWindowPos
SetParent
UpdateWindow
GetWindowRect
EnableMenuItem
GetWindowLongA
SetWindowTextA
GetWindowTextLengthA
GetClassNameA
GetParent
SwapMouseButton
GetWindowTextA
LoadCursorFromFileA
CallNextHookEx
SetWindowsHookExA
GetKeyboardState
GetAsyncKeyState
ShowCursor
SetCapture
ReleaseCapture
ClipCursor
FindWindowExA
GetDoubleClickTime
mouse_event
SetCursorPos
ClientToScreen
SendInput
EnumChildWindows
GetWindow
GetDesktopWindow
SetTimer
ChangeDisplaySettingsA
EnumDisplaySettingsA
FindWindowA
MoveWindow
SetWindowLongA
MsgWaitForMultipleObjects
UnhookWindowsHookEx
EnableWindow
CallWindowProcA
keybd_event
LoadKeyboardLayoutA
MapVirtualKeyA
GetNextDlgTabItem
GetActiveWindow
GetKeyboardLayoutNameA
ActivateKeyboardLayout
GetKeyboardLayout
SystemParametersInfoA
ValidateRect
GetLastActivePopup
IsWindowEnabled
SetCursor
PostQuitMessage
SetForegroundWindow
IsIconic
InvalidateRect
PostMessageA
GetWindowThreadProcessId
GetClientRect
GetForegroundWindow
AttachThreadInput
GetFocus
SetFocus
wvsprintfA
GetKeyState
SetLayeredWindowAttributes
IsWindow
GetCaretPos
EnumThreadWindows
GetDlgCtrlID
EnumWindows
FlashWindow
GetWindowInfo
OpenIcon
GetDlgItem
GetDC
ReleaseDC
SendMessageTimeoutA
CharLowerA
IsWindowVisible
ShowWindow
GetCursorPos
WindowFromPoint
SendMessageA
FlashWindowEx
ShowWindowAsync
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
GetKeyboardLayoutList
UnloadKeyboardLayout
CharUpperA
CreateWindowStationA
KillTimer
PostThreadMessageA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
RegisterWindowMessageA
PrintWindow
ExitWindowsEx
CloseClipboard
GetAncestor
GetGUIThreadInfo
DefWindowProcA
UpdateLayeredWindow
IsZoomed
GetSystemMetrics
SetClassLongA
wsprintfA
CreateWindowExA
SetPropA
DestroyWindow
RemovePropA
DestroyMenu
GetPropA
SendDlgItemMessageA
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
GetCapture
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
LockWindowUpdate
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
LoadBitmapA
ReleaseCapture
SetTimer
KillTimer
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
PostQuitMessage
WaitForInputIdle
GrayStringA
DrawStateA
GetTabbedTextExtentA
GetMenuState
GetMenuStringA
GetMenuItemID
GetMenuItemCount
SetWindowTextA
GetWindowTextA
GetDesktopWindow
GetClassNameA
GetDlgItem
GetForegroundWindow
CopyAcceleratorTableA
GetKeyState
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
WinHelpA
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
GetWindowTextLengthA
CharUpperA
BeginPaint
EndPaint
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetClassLongA
CreateWindowExA
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadStringA
UnregisterClassA
GetSysColorBrush
SetMenu
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetCursor
DrawTextA
SetPropA
CallWindowProcA
MoveWindow
GetPropA
FrameRect
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetWindowDC
EnumChildWindows
WindowFromDC
wsprintfA
TabbedTextOutA
gdi32
CreateDIBSection
DeleteDC
CreateRectRgn
GetPixel
CreateCompatibleBitmap
GetTextExtentPointA
GetObjectA
TextOutA
SetTextColor
SetBkMode
SelectObject
CreateFontIndirectA
CreateBitmap
SaveDC
CreateCompatibleDC
SetBkColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetStockObject
GetDeviceCaps
PtVisible
RectVisible
ExtTextOutA
Escape
RestoreDC
DeleteObject
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
ExcludeClipRect
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
SetPixel
CreateRectRgnIndirect
SetBkColor
SetBkMode
SetTextColor
SetWindowOrgEx
SaveDC
RestoreDC
CreatePenIndirect
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
MoveToEx
LineTo
ExtSelectClipRgn
GetViewportExtEx
GetTextMetricsA
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
SetPixelV
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetWindowOrgEx
CreateBrushIndirect
GetDeviceCaps
comdlg32
GetFileTitleA
ChooseColorA
GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA
wininet
InternetTimeFromSystemTime
InternetOpenA
InternetTimeToSystemTime
InternetSetCookieA
InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
InternetConnectA
FtpOpenFileA
InternetCloseHandle
HttpSendRequestA
FtpGetFileSize
shell32
ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA
SHFileOperationA
SHChangeNotify
Shell_NotifyIconA
ShellExecuteA
shlwapi
PathRemoveBlanksA
PathMakeSystemFolderA
PathIsSystemFolderA
PathUnmakeSystemFolderA
PathFindFileNameA
StrTrimA
PathIsDirectoryA
PathRenameExtensionA
PathIsDirectoryEmptyA
PathFileExistsA
PathFindExtensionA
oleaut32
SysAllocString
SafeArrayGetDim
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
VariantCopy
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetLBound
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
VariantInit
VariantCopyInd
VariantChangeType
VariantClear
LoadTypeLi
LHashValOfNameSys
dbghelp
MakeSureDirectoryPathExists
ole32
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
CLSIDFromProgID
CoFreeUnusedLibraries
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
gdiplus
GdipSetClipHrgn
GdipResetClip
GdipDeletePen
GdipDrawPath
GdiplusStartup
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipCreatePen1
GdipDrawRectangle
GdipDeletePath
advapi32
RegOpenKeyA
RegCreateKeyA
CryptGetHashParam
RegFlushKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
CryptDestroyHash
RegDeleteKeyA
RegEnumValueA
RegSetValueExA
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegCloseKey
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
LookupAccountSidA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegEnumValueA
RegCreateKeyExA
RegCloseKey
psapi
GetModuleFileNameExA
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
winhttp
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
oledlg
ord8
rasapi32
RasGetConnectStatusA
RasHangUpA
winspool.drv
OpenPrinterA
ClosePrinter
DocumentPropertiesA
ClosePrinter
OpenPrinterA
DocumentPropertiesA
comctl32
ord17
ImageList_Draw
ImageList_GetImageInfo
_TrackMouseEvent
ImageList_GetImageCount
ImageList_AddMasked
ImageList_GetIcon
ImageList_SetBkColor
ord17
ImageList_Destroy
ImageList_Create
ImageList_Read
ImageList_DrawIndirect
ImageList_Duplicate
wsock32
closesocket
select
WSACleanup
WSAStartup
recv
send
winmm
waveOutReset
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
waveOutRestart
midiOutUnprepareHeader
ws2_32
inet_addr
inet_ntoa
gethostbyname
WSAStartup
WSACleanup
send
closesocket
shutdown
getservbyname
ntohs
WSAGetLastError
ntohl
accept
WSAAsyncSelect
htons
socket
setsockopt
recvfrom
ioctlsocket
connect
recv
getpeername
msimg32
GradientFill
Sections
.text Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 276KB - Virtual size: 272KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.2MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 32KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ