blackmoon | 1c9166b04a7f3e6f5e767c1994f418281e11c31f26ab3744c3a7fe59bf549d8a

Sharing

Copy URL Twitter E-mail

General

Target

1c9166b04a7f3e6f5e767c1994f418281e11c31f26ab3744c3a7fe59bf549d8a
Size

9.0MB
MD5

a20714146530832ffb46ea3f5bd50318
SHA1

3d0cd1d6ecca6149560bfb261740db173ac718f3
SHA256

1c9166b04a7f3e6f5e767c1994f418281e11c31f26ab3744c3a7fe59bf549d8a
SHA512

5f84daa714019b328a7596ec55e919a13d93b764540220e41336a51f2b793efeca06fedc7360dc2f396c7fbd09915edc644202eade9b526bd15f9baa201cbac1
SSDEEP

196608:npJcDKlFBqx6BlgzHwPwDxURK8vyqByLdlf3hRQIgLKN:pODKlFBqxMlgjwsayOclfhRQIG2

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c9166b04a7f3e6f5e767c1994f418281e11c31f26ab3744c3a7fe59bf549d8a

Files

1c9166b04a7f3e6f5e767c1994f418281e11c31f26ab3744c3a7fe59bf549d8a
.exe windows:4 windows x86 arch:x86

66bdfc8ae8b7df8a3cb506e875e75df2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToSystemTime
SystemTimeToFileTime
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
MapViewOfFile
SetFilePointer
CreateFileMappingA
GetModuleFileNameA
GetModuleHandleA
VirtualAlloc
SetErrorMode
GetLastError
MultiByteToWideChar
RtlMoveMemory
LockResource
LoadResource
lstrcpyA
lstrcatA
PostQueuedCompletionStatus
GetExitCodeThread
CreateIoCompletionPort
GetQueuedCompletionStatus
lstrlenA
GetFileTime
FileTimeToLocalFileTime
LCMapStringA
GetCommandLineA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
ReadFile
MoveFileA
CopyFileA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
SetFileAttributesA
Sleep
DeleteFileA
GetFileAttributesA
GetTickCount
WinExec
IsBadReadPtr
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
LocalSize
HeapReAlloc
HeapFree
HeapAlloc
InitializeCriticalSection
GlobalFree
GlobalUnlock
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
RaiseException
GlobalLock
GlobalAlloc
VirtualFree
WideCharToMultiByte
GetModuleHandleW
GetDriveTypeA
GetLogicalDriveStringsA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateDirectoryA
GetTimeFormatA
GetDateFormatA
GetLocalTime
TerminateProcess
CreateProcessW
GetCurrentProcessId
UnmapViewOfFile
GetTempPathA
WriteFile
WaitForSingleObject
InterlockedExchangeAdd
InterlockedIncrement
SizeofResource
FindResourceA
CreateFileA
CloseHandle
CreateThread
InterlockedDecrement
GetACP
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
LocalFileTimeToFileTime
SetFileTime
GetCurrentThread
lstrcmpA
GlobalDeleteAtom
LocalFree
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
FlushFileBuffers
GetProcessVersion
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
GlobalFlags
MulDiv
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
FileTimeToDosDateTime

user32

GetAsyncKeyState
EndPaint
BeginPaint
SetTimer
UpdateLayeredWindow
MessageBoxA
SetWindowLongA
SendMessageW
PostMessageW
KillTimer
GetPropW
DefWindowProcW
RegisterClassExW
LoadIconW
LoadCursorW
SystemParametersInfoA
DestroyCursor
CreateWindowExA
GetWindowLongA
GetDlgItem
IsWindow
GetClassNameA
SetFocus
GetFocus
GetWindowRect
GetParent
ScreenToClient
InvalidateRect
ValidateRect
UpdateWindow
MoveWindow
SetWindowPos
PostMessageA
DefWindowProcA
DestroyWindow
ShowWindow
IsWindowEnabled
EnableWindow
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
SetPropA
GetPropA
RemovePropA
SetWindowRgn
SetRect
GetClassLongA
SetClassLongA
FillRect
GetSysColor
IsIconic
IsZoomed
GetMenu
SetMenu
DrawMenuBar
RegisterWindowMessageA
RegisterHotKey
UnregisterHotKey
RegisterClassExA
GetClassInfoExA
DialogBoxParamA
CreateDialogParamA
GetDlgItemInt
SetDlgItemInt
GetDlgItemTextA
SetDlgItemTextA
SendDlgItemMessageA
GetClientRect
SetParent
EndDialog
GetDialogBaseUnits
ReleaseCapture
CallWindowProcW
ReleaseDC
SendMessageA
DefMDIChildProcA
SetCursor
TrackMouseEvent
DestroyIcon
PostQuitMessage
IsWindowVisible
CopyRect
CallWindowProcA
LoadIconA
GetSystemMetrics
LoadBitmapA
LoadCursorA
SetLayeredWindowAttributes
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
WindowFromPoint
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
GetLastActivePopup
CallNextHookEx
GetKeyState
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
PtInRect
GetDlgCtrlID
GetWindow
ClientToScreen
TabbedTextOutA
GrayStringA
IsDialogMessageA
GetWindowPlacement
GetForegroundWindow
GetMessagePos
GetMessageTime
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
GetWindowLongW
AdjustWindowRectEx
SetActiveWindow
MapWindowPoints
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
CreateDialogIndirectParamA
DispatchMessageW
TranslateMessage
GetMessageW
SetForegroundWindow
GetCursorPos
DrawTextA
UnhookWindowsHookEx
SetWindowsHookExA
GetActiveWindow
GetIconInfo
RedrawWindow
IsRectEmpty
GetWindowTextW
CreateWindowExW
GetDC
SetPropW
SetCapture
RemovePropW
SetWindowLongW

gdi32

TextOutA
GetTextExtentPoint32W
FrameRgn
FillRgn
CreateCompatibleBitmap
SetBkColor
SetBkMode
SetTextColor
GetDIBits
GetObjectW
CreatePatternBrush
CreateSolidBrush
StretchBlt
CreateRoundRectRgn
CombineRgn
ExtCreateRegion
SelectObject
DeleteDC
CreateDIBSection
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject
BitBlt
CreateBitmap
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
SetWindowExtEx
ExtTextOutA
Escape

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

comctl32

InitCommonControlsEx
ord17

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance

shell32

ShellExecuteW
DragQueryFileA
DragFinish
Shell_NotifyIconA
DragAcceptFiles
ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

recv
ioctlsocket
send
__WSAFDIsSet
inet_addr
htons
connect
WSASocketA
WSACleanup
WSAStartup
setsockopt
WSAIoctl
select
WSAGetLastError
closesocket

oleaut32

VarR8FromBool
VarR8FromCy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
SystemTimeToVariantTime

shlwapi

StrStrIA
PathFileExistsA

gdiplus

GdipCloneBitmapArea
GdipGraphicsClear
GdipCreatePath
GdipAddPathArc
GdipClosePathFigure
GdipSetClipPath
GdipFillPath
GdipDeleteBrush
GdipResetClip
GdipDisposeImageAttributes
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipCreateSolidFill
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipDrawRectangle
GdipDrawLine
GdipDeletePen
GdipSetPenDashStyle
GdipCreatePen1
GdipDrawPath
GdipCreateImageAttributes
GdipCreateRegion
GdipMeasureCharacterRanges
GdipGetRegionBounds
GdipDeletePath
GdipBitmapGetPixel
GdipDrawString
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipCreateRegionHrgn
GdipImageGetFrameCount
GdipDrawPolygon
GdipFillPolygon
GdipGetStringFormatFlags
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatTrimming
GdipCreateStringFormat
GdipSetStringFormatAlign
GdipGetStringFormatAlign
GdipGetPropertyItemSize
GdipSetStringFormatTrimming
GdipGetFontHeight
GdipMeasureString
GdipImageSelectActiveFrame
GdipGetVisibleClipBounds
GdipSetClipRect
GdipGetFontStyle
GdipGetFontSize
GdipDeleteRegion
GdipDeleteStringFormat
GdipDrawImage
GdipCreateBitmapFromHICON
GdipSetClipRegion
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipDrawImageRect
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipLoadImageFromStream
GdipGetFamilyName
GdipGetFamily
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdiplusStartup
GdipSetStringFormatMeasurableCharacterRanges
GdipGetPropertyItem
GdipSetStringFormatFlags

oledlg

ord8

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

Sections

.text
Size: 668KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

66bdfc8ae8b7df8a3cb506e875e75df2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

ole32

shell32

ws2_32

oleaut32

shlwapi

gdiplus

oledlg

winspool.drv

Sections

.text Size: 668KB - Virtual size: 666KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 2.6MB - Virtual size: 2.6MB

.vmp0 Size: 276KB - Virtual size: 273KB

.rsrc Size: 5.4MB - Virtual size: 5.4MB

.text
Size: 668KB - Virtual size: 666KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 2.6MB - Virtual size: 2.6MB

.vmp0
Size: 276KB - Virtual size: 273KB

.rsrc
Size: 5.4MB - Virtual size: 5.4MB