blackmoon | db678d64432cbfe186dce2066c5221860f1a00c6127610df47f192aa2a9f0596

Sharing

Copy URL

Twitter E-mail

General

Target

db678d64432cbfe186dce2066c5221860f1a00c6127610df47f192aa2a9f0596
Size

2.1MB
MD5

827a5e8663ecc6fa7ecda0c89bf1a9ff
SHA1

569a6d35110d4248425080578f96f40c4c2eb7e1
SHA256

db678d64432cbfe186dce2066c5221860f1a00c6127610df47f192aa2a9f0596
SHA512

a1171fb7cdc48afc6d435fc883d659949a09734a6c105a2e76b215f34e73ddb5d0e505e94a421a121ff4c03f47be456c56c88056d334219ebbc04e242683732f
SSDEEP

49152:eIwMCKAf6qOZ0D1TWTXEaoEjhEd4lnoq:r81f6305TCRvtiE

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db678d64432cbfe186dce2066c5221860f1a00c6127610df47f192aa2a9f0596

Files

db678d64432cbfe186dce2066c5221860f1a00c6127610df47f192aa2a9f0596
.exe windows:4 windows x86 arch:x86

f4ca9658e83ab3af1cfe5964ab7cb971

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Wow64RevertWow64FsRedirection
WideCharToMultiByte
lstrcpynA
IsWow64Process
lstrlenW
GetTempPathW
GetProcessHeap
HeapFree
LocalSize
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
IsBadReadPtr
GetModuleFileNameA
GetVersionExA
CloseHandle
CreateProcessA
GetStartupInfoA
GetTickCount
Wow64DisableWow64FsRedirection
FindFirstFileA
FindClose
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
CreateMutexA
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
SetWaitableTimer
CreateWaitableTimerA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetCurrentProcessId
VirtualFree
VirtualAlloc
Process32Next
Process32First
CreateFileA
GetDiskFreeSpaceExA
GlobalMemoryStatusEx
Module32Next
CreateToolhelp32Snapshot
GetFileAttributesA
VirtualProtect
TerminateProcess
WaitForSingleObject
CreateEventA
WritePrivateProfileStringA
GlobalFree
RtlMoveMemory
GlobalAlloc
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessW
CreatePipe
MultiByteToWideChar
Sleep
OpenEventA
FindNextFileA
CreateThread

user32

InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
ReleaseDC
GetDC
RegisterClassExA
SetActiveWindow
SetMenuInfo
GetMenuItemID
CheckMenuRadioItem
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
WaitForInputIdle
CallWindowProcA
GetMessageA
GetFocus
IsChild
GetParent
SendMessageA
UnregisterHotKey
RegisterHotKey
DrawMenuBar
GetMenuItemRect
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
SetParent
PostMessageA
SetWindowPos
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
GetWindowRect
SetFocus
GetDlgItem
GetWindowLongA
CreateWindowExA
DestroyCursor
SetWindowLongA
PostQuitMessage
DestroyIcon
TrackMouseEvent
SetCursor
LoadCursorA
DefMDIChildProcA
ReleaseCapture
SetCapture
DefWindowProcA
DestroyWindow
GetClientRect
GetAsyncKeyState
EndPaint
BeginPaint
PeekMessageA
MoveWindow
FindWindowA
GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
GetMenuStringA
GetMenuItemInfoA
TrackPopupMenu
SetMenu
SetForegroundWindow
IsWindowVisible
IsWindow
DispatchMessageA
TranslateMessage
IsDialogMessageA
TranslateAcceleratorA
GetSubMenu

advapi32

OpenSCManagerA
OpenServiceA
QueryServiceConfigA
CloseServiceHandle
ChangeServiceConfigA
ControlService
StartServiceA
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
ord680
DragAcceptFiles
Shell_NotifyIconA
DragFinish
DragQueryFileA
SHGetSpecialFolderPathW

ws2_32

WSAAsyncSelect
ntohs
getsockname
recv
send
select
connect
inet_addr
htons
socket
closesocket
WSAStartup
WSACleanup
gethostname
gethostbyname

comctl32

InitCommonControlsEx

gdi32

GetObjectA
GetStockObject
CreateCompatibleDC
CreateDIBSection
DeleteDC
SelectObject
BitBlt
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
StretchBlt
CreateSolidBrush
CreatePatternBrush
SetTextColor
SetBkMode
SetBkColor
DeleteObject

msvcrt

atoi
sprintf
strtod
strncpy
??3@YAXPAX@Z
strncmp
??2@YAPAXI@Z
__CxxFrameHandler
_atoi64
_CIfmod
floor
srand
rand
strrchr
strchr
free
realloc
malloc
strstr
_stricmp
_ftol

shlwapi

PathFileExistsA

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

Sections

.text
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.C'\
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4ca9658e83ab3af1cfe5964ab7cb971

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

comctl32

gdi32

msvcrt

shlwapi

oleaut32

Sections

.text Size: 346KB - Virtual size: 346KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 54KB - Virtual size: 139KB

.C'\ Size: 1.7MB - Virtual size: 1.7MB

.text
Size: 346KB - Virtual size: 346KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 54KB - Virtual size: 139KB

.C'\
Size: 1.7MB - Virtual size: 1.7MB