blackmoon | cb27942f7ea1ee5f770a362dc850b2f6260b662cfbb0af2076aada3997450d09

Sharing

Copy URL Twitter E-mail

General

Target

cb27942f7ea1ee5f770a362dc850b2f6260b662cfbb0af2076aada3997450d09
Size

660KB
MD5

be92cbe79e21f2ae8360b7ed83f22991
SHA1

43454f0fbf3b8579d2495e7d964b4d28c39fe4f6
SHA256

cb27942f7ea1ee5f770a362dc850b2f6260b662cfbb0af2076aada3997450d09
SHA512

ee0d568039563c1b41d928551eaff19ec23504bdadc91765e35bfc16b1ff5ab928ae7db40ec5429c2368b86aa3ba4daed1d4e98cd558101389858c1c7254a75c
SSDEEP

12288:wtlp0ywgatUAD9EREYvZIk1OZ26R3pkz+TruciMm:wtz0SatUAD9E+YvZIkAZ26xpkzgF

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb27942f7ea1ee5f770a362dc850b2f6260b662cfbb0af2076aada3997450d09

Files

cb27942f7ea1ee5f770a362dc850b2f6260b662cfbb0af2076aada3997450d09
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Ex_AllocBuffer
Ex_Atom
Ex_DUIBindWindow
Ex_DUIBindWindowEx
Ex_DUICreateFromHRes
Ex_DUICreateFromLayout
Ex_DUIFromWindow
Ex_DUIGetClientRect
Ex_DUIGetLong
Ex_DUIGetObjFromPoint
Ex_DUISetLong
Ex_DUIShowWindow
Ex_DUIShowWindowEx
Ex_DUITrayIconPopup
Ex_DUITrayIconSet
Ex_FreeBuffer
Ex_GetLastError
Ex_I18NGetString
Ex_I18NGetStringFromAtom
Ex_I18NRegisterCallback
Ex_I18NStringFormat
Ex_Init
Ex_IsDxRender
Ex_JSAddCode
Ex_JSBindObject
Ex_JSEval
Ex_JSGetLastError
Ex_JSGetParam
Ex_JSGetParamCount
Ex_JSGetParamDouble
Ex_JSGetParamFloat
Ex_JSGetParamFormatString
Ex_JSGetParamInt
Ex_JSGetParamNumber
Ex_JSGetParamString
Ex_JSGetParamToString
Ex_JSGetParamType
Ex_JSLoadConst
Ex_JSRegisterFunction
Ex_JSSetVariant
Ex_JSSetVariantPtr
Ex_LoadImageFromMemory
Ex_MessageBox
Ex_MessageBoxEx
Ex_ObjBeginPaint
Ex_ObjCallProc
Ex_ObjCheckDropFormat
Ex_ObjClientToScreen
Ex_ObjClientToWindow
Ex_ObjCreate
Ex_ObjCreateEx
Ex_ObjDefProc
Ex_ObjDestroy
Ex_ObjDestroyBackground
Ex_ObjDisableTranslateSpaceAndEnterToClick
Ex_ObjDispatchMessage
Ex_ObjDispatchNotify
Ex_ObjDrawBackgroundProc
Ex_ObjEnable
Ex_ObjEnableEventBubble
Ex_ObjEnableIME
Ex_ObjEnablePaintingMsg
Ex_ObjEndPaint
Ex_ObjEnumChild
Ex_ObjEnumProps
Ex_ObjFind
Ex_ObjGetBackgroundImage
Ex_ObjGetClassInfo
Ex_ObjGetClassInfoEx
Ex_ObjGetClientRect
Ex_ObjGetColor
Ex_ObjGetDropData
Ex_ObjGetDropString
Ex_ObjGetFocus
Ex_ObjGetFont
Ex_ObjGetFromID
Ex_ObjGetFromName
Ex_ObjGetFromNodeID
Ex_ObjGetLong
Ex_ObjGetObj
Ex_ObjGetParent
Ex_ObjGetParentEx
Ex_ObjGetProp
Ex_ObjGetRect
Ex_ObjGetRectEx
Ex_ObjGetText
Ex_ObjGetTextLength
Ex_ObjGetTextRect
Ex_ObjGetUIState
Ex_ObjHandleEvent
Ex_ObjInitPropList
Ex_ObjInvalidateRect
Ex_ObjIsEnable
Ex_ObjIsValidate
Ex_ObjIsVisible
Ex_ObjKillFocus
Ex_ObjKillTimer
Ex_ObjLayoutClear
Ex_ObjLayoutGet
Ex_ObjLayoutSet
Ex_ObjLayoutUpdate
Ex_ObjLoadFromLayout
Ex_ObjMove
Ex_ObjPointTransform
Ex_ObjPostMessage
Ex_ObjRegister
Ex_ObjRemoveProp
Ex_ObjScrollEnable
Ex_ObjScrollGetControl
Ex_ObjScrollGetInfo
Ex_ObjScrollGetPos
Ex_ObjScrollGetRange
Ex_ObjScrollGetTrackPos
Ex_ObjScrollSetInfo
Ex_ObjScrollSetPos
Ex_ObjScrollSetRange
Ex_ObjScrollShow
Ex_ObjSendMessage
Ex_ObjSetBackgroundImage
Ex_ObjSetBackgroundPlayState
Ex_ObjSetColor
Ex_ObjSetFocus
Ex_ObjSetFont
Ex_ObjSetFontFromFamily
Ex_ObjSetIMEState
Ex_ObjSetLong
Ex_ObjSetPadding
Ex_ObjSetParent
Ex_ObjSetPos
Ex_ObjSetProp
Ex_ObjSetRadius
Ex_ObjSetRedraw
Ex_ObjSetText
Ex_ObjSetTimer
Ex_ObjSetUIState
Ex_ObjShow
Ex_ObjTooltipsPop
Ex_ObjTooltipsPopEx
Ex_ObjTooltipsSetText
Ex_ObjUpdate
Ex_ResFree
Ex_ResGetFile
Ex_ResGetFileFromAtom
Ex_ResLoadFromFile
Ex_ResLoadFromMemory
Ex_Scale
Ex_SetLastError
Ex_Sleep
Ex_ThemeDrawControl
Ex_ThemeDrawControlEx
Ex_ThemeFree
Ex_ThemeGetColor
Ex_ThemeGetValuePtr
Ex_ThemeLoadFromFile
Ex_ThemeLoadFromMemory
Ex_TrackPopupMenu
Ex_UnInit
Ex_WndCenterFrom
Ex_WndCreate
Ex_WndMsgLoop
Ex_WndRegisterClass
Ex_XmlRegisterCallback
F2I
I2F
_brush_create
_brush_createfromcanvas
_brush_createfromcanvas2
_brush_createfromimg
_brush_createlinear
_brush_createlinear_ex
_brush_createradial_ex
_brush_destroy
_brush_setcolor
_brush_settransform
_canvas_begindraw
_canvas_blur
_canvas_calctextsize
_canvas_clear
_canvas_cliprect
_canvas_createfromexdui
_canvas_createfromobj
_canvas_destroy
_canvas_drawcanvas
_canvas_drawellipse
_canvas_drawimage
_canvas_drawimagefromgrid
_canvas_drawimagerect
_canvas_drawimagerectrect
_canvas_drawline
_canvas_drawpath
_canvas_drawrect
_canvas_drawroundedrect
_canvas_drawtext
_canvas_drawtext2
_canvas_drawtextex
_canvas_enddraw
_canvas_fillellipse
_canvas_fillpath
_canvas_fillrect
_canvas_fillregion
_canvas_fillroundedrect
_canvas_flush
_canvas_getcontext
_canvas_getdc
_canvas_getsize
_canvas_releasedc
_canvas_resetclip
_canvas_resize
_canvas_rotate_hue
_canvas_setantialias
_canvas_setimageantialias
_canvas_settextantialiasmode
_canvas_settransform
_easing_create
_easing_curve_free
_easing_curve_load
_easing_getstate
_easing_setstate
_fmt_bin
_fmt_color
_fmt_const
_fmt_getatom
_fmt_getvalue
_fmt_int
_fmt_intary
_fmt_rect
_fmt_string
_font_copy
_font_create
_font_createfromfamily
_font_createfromlogfont
_font_destroy
_font_getcontext
_font_getlogfont
_img_copy
_img_copyrect
_img_create
_img_createfromcanvas
_img_createfromfile
_img_createfromhbitmap
_img_createfromhicon
_img_createfrommemory
_img_createfromres
_img_createfromstream
_img_destroy
_img_getframecount
_img_getframedelay
_img_getpixel
_img_getsize
_img_getthumbnail
_img_height
_img_lock
_img_rotateflip
_img_savetofile
_img_savetomemory
_img_scale
_img_selectactiveframe
_img_setpixel
_img_unlock
_img_width
_imglist_add
_imglist_addimage
_imglist_count
_imglist_create
_imglist_del
_imglist_destroy
_imglist_draw
_imglist_get
_imglist_set
_imglist_setimage
_imglist_size
_layout_absolute_lock
_layout_absolute_setedge
_layout_addchild
_layout_addchildren
_layout_create
_layout_deletechild
_layout_deletechildren
_layout_destroy
_layout_enableupdate
_layout_getchildprop
_layout_getchildproplist
_layout_getprop
_layout_getproplist
_layout_gettype
_layout_notify
_layout_register
_layout_setchildprop
_layout_setprop
_layout_table_setinfo
_layout_unregister
_layout_update
_matrix_create
_matrix_create3d
_matrix_destroy
_matrix_reset
_matrix_reset3d
_matrix_rotate
_matrix_rotate3d
_matrix_scale
_matrix_scale3d
_matrix_translate
_matrix_translate3d
_path_addarc
_path_addarc2
_path_addbezier
_path_addline
_path_addrect
_path_addroundedrect
_path_beginfigure
_path_beginfigure2
_path_beginfigure3
_path_close
_path_create
_path_destroy
_path_endfigure
_path_getbounds
_path_hittest
_path_open
_path_reset
_res_pack
_rgn_combine
_rgn_createfrompath
_rgn_createfromrect
_rgn_createfromroundrect
_rgn_destroy
_rgn_hittest

Sections

.text
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 604KB - Virtual size: 603KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 16KB - Virtual size: 74KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 604KB - Virtual size: 603KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 16KB - Virtual size: 74KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB