blackmoon | 1537df87cb902fe8db544b43b6adec97c3347e80b584ae503f97fd3cda223ecd

Sharing

Copy URL

Twitter E-mail

General

Target

1537df87cb902fe8db544b43b6adec97c3347e80b584ae503f97fd3cda223ecd
Size

2.1MB
MD5

9fdb07a53eac87051ef9af866c8c89ad
SHA1

640a50fc2c5fc87129b2c0edb086af9c57323037
SHA256

1537df87cb902fe8db544b43b6adec97c3347e80b584ae503f97fd3cda223ecd
SHA512

ce7578a2cf9596c80304172487a0d3c53263388300018376ffadeab2235db11473d3a0609ccf7ff82e1ee2ec40d5362a80102d76e1dda5a3a13d7770f7219d14
SSDEEP

24576:8H0bn8L6SMO787qCLCn/5CRMhs7ZUGqX/sQk3wjcw99/4EhntxmOzAmSpETzqic+:8HDv/5CahspCjcQ/nUyqiu1lW

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1537df87cb902fe8db544b43b6adec97c3347e80b584ae503f97fd3cda223ecd

Files

1537df87cb902fe8db544b43b6adec97c3347e80b584ae503f97fd3cda223ecd
.exe windows:4 windows x86 arch:x86

0146d5990f5d45e64354f084798f40ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

ws2_32

WSACleanup
WSAStartup
gethostbyname
gethostname

kernel32

InterlockedExchange
VirtualProtect
VirtualQuery
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
FreeLibrary
GetCommandLineA
CreateDirectoryA
GetUserDefaultLCID
SetFilePointer
SetFileAttributesA
GetDiskFreeSpaceA
MulDiv
GetCurrentDirectoryA
GetDiskFreeSpaceExA
GetFileAttributesA
Sleep
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
DeleteFileA
GetFileSize
ReadFile
CreateFileA
WriteFile
GetModuleFileNameA
IsBadReadPtr
HeapReAlloc
ExitProcess
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
HeapFree
GetEnvironmentVariableA
WaitForSingleObject
SetStdHandle
SetThreadContext
VirtualProtectEx
GetThreadContext
LocalSize
Module32First
CreateToolhelp32Snapshot
ReadProcessMemory
ResumeThread
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
CreateProcessA
SetLastError
VirtualQueryEx
LocalFree
LocalAlloc
QueryDosDeviceA
GetLogicalDriveStringsA
CloseHandle
GlobalSize
GlobalUnlock
GlobalLock
GetCurrentProcess
GetTickCount
TlsGetValue
GlobalFree
GlobalAlloc
GetNativeSystemInfo
GetProcAddress
GetModuleHandleA
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
SetErrorMode
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
WritePrivateProfileStringA
GlobalFlags
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
RtlMoveMemory
IsWow64Process
GetSystemInfo
GetVersionExA
lstrcpyn
GetLastError
TerminateProcess
OpenProcess
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetCurrentProcessId
InterlockedCompareExchange
Process32Next
Process32First
GetDriveTypeA
GlobalMemoryStatus
lstrcpyA
lstrlenA
lstrcatA
LockResource
LoadResource
FindResourceA
GetVersion
CreateThread
DeleteCriticalSection
TerminateThread
SetSystemPowerState
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
SetEndOfFile
lstrcpynA
GetStringTypeExA

user32

IsWindow
SystemParametersInfoA
UpdateWindow
GetDlgItem
GetCursorPos
FindWindowExA
PtInRect
GetParent
EnableWindow
IsWindowEnabled
GetForegroundWindow
GetActiveWindow
SetActiveWindow
ExitWindowsEx
PostMessageA
SetCursor
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
CreateDialogIndirectParamA
EndDialog
GetDlgCtrlID
SetWindowTextA
GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
SetWindowPos
SetFocus
GetWindowPlacement
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
EnumDisplaySettingsA
IsIconic
IsWindowVisible
PrintWindow
GetClientRect
ClientToScreen
OpenClipboard
SetWindowLongA
GetClipboardData
SetForegroundWindow
GetWindowLongA
LoadImageA
SendMessageA
PostQuitMessage
DestroyWindow
GetSystemMetrics
GetLastInputInfo
EnumWindows
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetClassNameA
DestroyIcon
GetDC
FillRect
DrawIconEx
ReleaseDC
ShowWindow
SetTimer
GetWindowRect
GetWindow
CloseClipboard
EmptyClipboard
SetClipboardData
MessageBoxA
wsprintfA
DispatchMessageA
GetMessageA
EnumChildWindows
KillTimer
CallWindowProcA
PeekMessageW
TranslateMessage
DispatchMessageW
SendMessageW
GetWindowTextLengthW
GetWindowTextW
GetDesktopWindow
PeekMessageA
SetWindowTextW

gdi32

GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
GetStockObject
SetStretchBltMode
StretchBlt
SetDIBitsToDevice
GetDIBits
SetPixelV
GetPixel
GdiFlush
BitBlt
CreateDIBSection
GetObjectA
DeleteObject
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
CreateSolidBrush

advapi32

GetUserNameA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LookupAccountSidA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
SHFormatDrive
ShellExecuteA

ole32

CoInitialize
OleRun
GetHGlobalFromStream
CoCreateInstance
CLSIDFromString
CoUninitialize
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize
CreateStreamOnHGlobal

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetGetConnectedStateEx

gdiplus

GdiplusShutdown
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdiplusStartup
GdipSaveImageToStream

psapi

GetProcessImageFileNameA

iphlpapi

GetAdaptersInfo

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

Sections

.text
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0146d5990f5d45e64354f084798f40ad

Headers

File Characteristics

Imports

shlwapi

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

wininet

gdiplus

psapi

iphlpapi

oledlg

oleaut32

winspool.drv

comctl32

Sections

.text Size: 512KB - Virtual size: 511KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 1.5MB - Virtual size: 1.7MB

.rsrc Size: 56KB - Virtual size: 52KB

.text
Size: 512KB - Virtual size: 511KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 1.5MB - Virtual size: 1.7MB

.rsrc
Size: 56KB - Virtual size: 52KB