blackmoon | 7cfb7138be4950b3cbe5df14e77c5f2dfc41ddc856c3354ad5d121ea2441afc7

Sharing

Copy URL

Twitter E-mail

General

Target

7cfb7138be4950b3cbe5df14e77c5f2dfc41ddc856c3354ad5d121ea2441afc7
Size

9.5MB
MD5

84d7cbb723c1ba711b069377f4b54b8b
SHA1

0bfa62d923644a537649b34b832b6a3ceeb9333c
SHA256

7cfb7138be4950b3cbe5df14e77c5f2dfc41ddc856c3354ad5d121ea2441afc7
SHA512

7950226be8800beddda43e43613711fb5f37233af41a0ff3fbaa592c1905052c51f719d293e844246fed4918151d7b6886c1868d03513bcedefebde230330d4b
SSDEEP

196608:ZILJcDKlFBqkwDxURK8vyqByLdlf3hRQIgLKNc:ZgODKlFBqHayOclfhRQIG2c

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
7cfb7138be4950b3cbe5df14e77c5f2dfc41ddc856c3354ad5d121ea2441afc7

Files

7cfb7138be4950b3cbe5df14e77c5f2dfc41ddc856c3354ad5d121ea2441afc7
.exe windows:4 windows x86 arch:x86

b3479fcf1475cc035ac59d1334f7f98c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
SetFileAttributesA
WriteFile
CopyFileA
SetCurrentDirectoryA
GetModuleFileNameA
FindFirstFileA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GetTickCount
GetStartupInfoA
GetFileSize
ReadFile
SetFilePointer
CreateFileA
Sleep
GetEnvironmentVariableA
IsBadReadPtr
HeapReAlloc
ExitProcess
GetModuleHandleA
lstrcpyA
DeleteTimerQueueTimer
CreateTimerQueueTimer
TerminateProcess
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
GetCurrentThreadId
GetProcessHeap
InterlockedDecrement
InterlockedIncrement
CreateTimerQueue
CreateIoCompletionPort
lstrcpyn
Module32First
CreateToolhelp32Snapshot
CreateEventA
HeapValidate
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateThread
GetSystemInfo
HeapDestroy
CloseHandle
HeapFree
HeapAlloc
HeapCreate
LocalSize
RtlMoveMemory
WaitForSingleObject
CreateProcessA
GetCurrentProcessId
InterlockedExchange
SetStdHandle
IsBadCodePtr
LoadResource
SizeofResource
FindResourceA
MoveFileA
CreateDirectoryA
DeleteCriticalSection
TerminateThread
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetCurrentProcess
Process32Next
Process32First
OpenProcess
SetLastError
lstrcatA
LockResource
GetVersion
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
MulDiv
LocalFree
FlushFileBuffers
lstrcpynA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetLastError

user32

GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgCtrlID
SetWindowTextA
GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetWindowLongA
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
LoadBitmapA
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
GetWindowTextA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
GetDC
ReleaseDC
GetWindowThreadProcessId
GetClassNameA
GetWindowRect
GetSystemMetrics
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
SetCursor
PostMessageA
PostQuitMessage
GetWindow
GetCursorPos
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetClientRect
GetPropA
SetPropA
CreateIconFromResource
SendMessageA
IsWindow
FindWindowExA
FindWindowA
RegisterWindowMessageA
TrackPopupMenu
SetForegroundWindow
PtInRect
IsWindowVisible
SetActiveWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
CallWindowProcA
AppendMenuA
AppendMenuW
SetWindowLongA
DrawMenuBar
SetMenu
CreatePopupMenu
GetSubMenu

advapi32

CreateProcessAsUserA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteEx
SHGetSpecialFolderPathA

ole32

CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
OleUninitialize
OleInitialize
OleFlushClipboard
OleIsCurrentClipboard
CoUninitialize
CoInitialize

iphlpapi

GetExtendedTcpTable

shlwapi

PathFileExistsA

ws2_32

closesocket
setsockopt
WSARecv
inet_ntoa
WSASocketA
WSAGetLastError
WSAIoctl
WSAStartup
WSASocketW
ioctlsocket
shutdown
socket
htons
inet_addr
recvfrom
sendto
accept
htonl
__WSAFDIsSet
connect
gethostbyname
ntohs
getsockname
recv
bind
getpeername
WSACleanup
WSASetLastError
send
select
listen
WSAConnect

gdi32

SetWindowExtEx
SetViewportOrgEx
ScaleWindowExtEx
GetClipBox
GetStockObject
GetObjectA
DeleteObject
DeleteDC
SelectObject
GetDeviceCaps
CreateBitmap
SaveDC
RestoreDC
SetBkColor
ScaleViewportExtEx
SetViewportExtEx
Escape
ExtTextOutA
TextOutA
SetTextColor
SetMapMode
RectVisible
PtVisible
OffsetViewportOrgEx

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType

winmm

timeKillEvent
timeSetEvent

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

Sections

.text
Size: 392KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b3479fcf1475cc035ac59d1334f7f98c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

iphlpapi

shlwapi

ws2_32

gdi32

oledlg

oleaut32

winmm

winspool.drv

comctl32

Sections

.text Size: 392KB - Virtual size: 390KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 48KB - Virtual size: 195KB

.rsrc Size: 9.0MB - Virtual size: 9.0MB

.text
Size: 392KB - Virtual size: 390KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 48KB - Virtual size: 195KB

.rsrc
Size: 9.0MB - Virtual size: 9.0MB