blackmoon | 9c94c0becd0c32862a8127d36fe76e8986de525e242d39cff5c668ed93000c9d

Sharing

Copy URL Twitter E-mail

General

Target

9c94c0becd0c32862a8127d36fe76e8986de525e242d39cff5c668ed93000c9d
Size

168KB
MD5

ff5adb5996280d38fd6af64c4634ac4e
SHA1

2ca3636aaff8dc91da6df99f44e40b3def4cd345
SHA256

9c94c0becd0c32862a8127d36fe76e8986de525e242d39cff5c668ed93000c9d
SHA512

665b41d5cacbef6816b1803efa4f1652796b7ce1d2bdc680d8eded70a69754ecc9a7b2846211a11514b8d5b96e72af013b4967d4469a60958945b4f70a79d3a3
SSDEEP

3072:ISFkt9MIRslpLUMoaeujvhRrIIhgbDVtZrS:LFkt9BWlxUM9WrS

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c94c0becd0c32862a8127d36fe76e8986de525e242d39cff5c668ed93000c9d

Files

9c94c0becd0c32862a8127d36fe76e8986de525e242d39cff5c668ed93000c9d
.exe windows:4 windows x86 arch:x86

4360ed8c9bd7f514faf7b14a3cc62d8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
LocalFree
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
lstrlenA
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcatA
lstrcpyA
InterlockedIncrement
MultiByteToWideChar
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
SetErrorMode
GlobalLock
WriteFile
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
LCMapStringA
FreeLibrary
GetModuleFileNameA
GetCommandLineA
Sleep
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
VirtualQueryEx
LoadLibraryA
SetConsoleTextAttribute
SetConsoleTitleA
GetConsoleTitleA
GetConsoleWindow
ReadConsoleA
WriteConsoleA
AllocConsole
GetStdHandle
WideCharToMultiByte
lstrlenW
GetTickCount
WriteProcessMemory
VirtualProtectEx
TerminateProcess
OpenProcess
GetCurrentProcess
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
GetProcAddress

user32

SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
UnhookWindowsHookEx
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetDlgItem
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowTextW
GetWindowTextLengthW
GetClassNameA
GetParent
GetWindowThreadProcessId
IsWindowVisible
FindWindowExA
GetAsyncKeyState
mouse_event
GetWindowInfo
IsWindow
GetKeyNameTextA
MapVirtualKeyA
UnregisterClassA

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
GetStockObject
DeleteObject
GetDeviceCaps
CreateBitmap

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA

comctl32

ord17

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4360ed8c9bd7f514faf7b14a3cc62d8f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 20KB - Virtual size: 80KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 20KB - Virtual size: 80KB

.rsrc
Size: 4KB - Virtual size: 664B