blackmoon | f7ea0cf85e6d0e69b980722c65d092070723ee6c3b568cb0171f0157fc1ee21f

Sharing

Copy URL Twitter E-mail

General

Target

f7ea0cf85e6d0e69b980722c65d092070723ee6c3b568cb0171f0157fc1ee21f
Size

7.7MB
MD5

87f9053f7d876063036c1fee996be8b5
SHA1

2c939dcfc8591883a6cdd70c34ab62d4afc2a05d
SHA256

f7ea0cf85e6d0e69b980722c65d092070723ee6c3b568cb0171f0157fc1ee21f
SHA512

2aae256a5363e3c1c9e7b97465c7843f127c07a4cf87ea54696dfca430ea9d501d2a5b84e3abab7e18ca3da6779d22ea2eccda6ca93eff0f4a5177c3a44eda62
SSDEEP

98304:zWoBCQ2qvEeFxUcjF5dJBAUZLll+BVzArOSqeDalc6dXu:zpBVSCDdJVzKc9BDalPu

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7ea0cf85e6d0e69b980722c65d092070723ee6c3b568cb0171f0157fc1ee21f

Files

f7ea0cf85e6d0e69b980722c65d092070723ee6c3b568cb0171f0157fc1ee21f
.exe windows:4 windows x86 arch:x86

447cab10a80286c60a58ae5aa8668369

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendStringA
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
timeKillEvent
timeSetEvent
waveOutRestart
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
waveOutOpen

kernel32

HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetTickCount
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
VirtualFree
VirtualAlloc
IsBadWritePtr
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
RtlMoveMemory
RtlFillMemory
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
CloseHandle
ReadFile
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
RaiseException
TerminateProcess
RtlUnwind
SetStdHandle
GetFileSize
CreateFileA
GetLocalTime
GetUserDefaultLCID
GlobalFree
GetOEMCP
FreeLibrary
GetCPInfo
GetProcAddress
LoadLibraryA
GlobalUnlock
FlushFileBuffers
GlobalLock
GlobalAlloc
LCMapStringA
GetCommandLineA
GetModuleFileNameA
FreeEnvironmentStringsA
WriteFile
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
lstrlenA
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
FreeEnvironmentStringsW
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetVersion
MulDiv
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
GetCurrentProcess
GetEnvironmentStringsW
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcmpiA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
LocalReAlloc
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetOEMCP
GetSystemTime
SuspendThread
CompareStringA
EnumCalendarInfoA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FormatMessageA
GetACP
GetCPInfo
GetDateFormatA
GetLocalTime
GetStringTypeExA
GlobalHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetFileType
GetStdHandle
RaiseException
RtlUnwind
SetEndOfFile
UnhandledExceptionFilter
GetStartupInfoA
lstrcpynA
VirtualQuery
InterlockedIncrement
LocalAlloc
GetThreadLocale
IsBadReadPtr
VirtualFree
VirtualAlloc
GetCurrentProcessId
GetEnvironmentVariableA
FileTimeToSystemTime
TerminateThread
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
ReleaseMutex
CreateMutexA
HeapSize
SetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
HeapDestroy
HeapCreate
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringW
IsBadCodePtr
GetVersion
GetLocaleInfoA
GetTimeZoneInformation
SetLastError
GetSystemDirectoryA
LoadLibraryExA
InterlockedExchange
GetWindowsDirectoryA
OpenProcess
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateToolhelp32Snapshot
Process32First
Process32Next
InterlockedDecrement
LocalFree
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
SizeofResource
ReadFile
lstrlenW
RemoveDirectoryA
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
CloseHandle
WaitForSingleObject
CreateProcessA
GetTickCount
GetCommandLineA
MulDiv
GetDiskFreeSpaceA
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
GetCurrentDirectoryA
CopyFileA
DeleteFileA
MoveFileA
GetFileAttributesA
FindClose
FindFirstFileA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
ExpandEnvironmentStringsA
Sleep
ResetEvent
CreateEventA
CreateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultLCID
HeapAlloc

user32

ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
UpdateWindow
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
GetClassLongA
SetWindowPos
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
CreateDialogIndirectParamA
SetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
wvsprintfA
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
DestroyMenu
PostThreadMessageA
LoadStringA
GetSysColorBrush
LoadCursorA
EndDialog
LoadIconA
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnhookWindowsHookEx
UnregisterClassA
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
CreateWindowExA
GetMenuItemCount
SetPropA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
CharUpperA
GetWindowTextLengthA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
WaitForInputIdle
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
UnregisterClassA
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetKeyboardLayout
VkKeyScanExA
GetDesktopWindow
GetClassNameA
keybd_event
mouse_event
GetWindowThreadProcessId
FindWindowA
GetDlgItem
GetWindowTextA
GetForegroundWindow
SetWindowTextA
CallWindowProcA
CreateWindowExA
RegisterHotKey
UnregisterHotKey
GetKeyboardType
LoadStringA
CharNextA
CharToOemA
GetSysColorBrush
ScrollWindowEx
IsDialogMessageA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions

wininet

HttpQueryInfoA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCloseHandle

ole32

OleFlushClipboard
OleIsCurrentClipboard
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
CLSIDFromProgID
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoUninitialize
CoInitialize

oleaut32

VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SysAllocString
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime
SafeArrayCreate
VariantCopy
GetErrorInfo
VarBstrFromCy
VariantClear
SafeArrayPtrOfIndex
SysAllocStringLen
SysReAllocStringLen
SysFreeString
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType

gdi32

GetDeviceCaps
PtVisible
Escape
ExtTextOutA
CreateBitmap
TextOutA
GetObjectA
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetStockObject
RectVisible
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32A
GetDeviceCaps
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
SelectObject
CreatePatternBrush
CreateFontIndirectA
CreateHatchBrush
CreateBrushIndirect
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
ScaleWindowExtEx
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
CreateFontA
TranslateCharsetInfo
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
RoundRect
GetCurrentObject
DPtoLP
LPtoDP
Rectangle
Ellipse
CreateCompatibleDC
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
GetObjectA
GetStockObject
GetBkColor
CreateBitmap

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter
ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyA

comctl32

ord17
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17

oledlg

ord8

iphlpapi

GetAdaptersInfo

ws2_32

socket
htonl
bind
htons
WSAAsyncSelect
closesocket
send
WSACleanup
WSAStartup
gethostbyname
inet_ntoa
inet_addr
gethostname
ntohl
sendto
recvfrom
connect
recv
listen
getpeername
accept
ntohs
__WSAFDIsSet
select
getsockname
ioctlsocket

rasapi32

RasHangUpA
RasGetConnectStatusA

shell32

Shell_NotifyIconA
DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderPathA
ShellExecuteA

comdlg32

GetSaveFileNameA
ChooseColorA
GetFileTitleA
GetOpenFileNameA

Exports

Exports

e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 496KB - Virtual size: 895KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

447cab10a80286c60a58ae5aa8668369

Headers

File Characteristics

Imports

winmm

kernel32

user32

wininet

ole32

oleaut32

gdi32

winspool.drv

advapi32

comctl32

oledlg

iphlpapi

ws2_32

rasapi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

CODE Size: 332KB - Virtual size: 330KB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 496KB - Virtual size: 895KB

DATA Size: 68KB - Virtual size: 67KB

BSS Size: 28KB - Virtual size: 25KB

.rsrc Size: 3.0MB - Virtual size: 3.0MB

.text
Size: 2.0MB - Virtual size: 2.0MB

CODE
Size: 332KB - Virtual size: 330KB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 496KB - Virtual size: 895KB

DATA
Size: 68KB - Virtual size: 67KB

BSS
Size: 28KB - Virtual size: 25KB

.rsrc
Size: 3.0MB - Virtual size: 3.0MB