blackmoon | 825e73301caaf007966da65679b70a96_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

825e73301caaf007966da65679b70a96_JaffaCakes118
Size

2.8MB
MD5

825e73301caaf007966da65679b70a96
SHA1

eae62ad97c8d71882ed61730e9196eeadd6e322c
SHA256

aa2564b11f2c002ff20d1dc8f54108e8af43cd4cdc021c0cd121bd4ceb75f7ac
SHA512

72d8929e50b2b324ce2c02344be20d03f02532741c912cad785aff24528b180d4974c045323b9fa8d59beae21ec80d6df029554c420b1a94204da651d8256ecd
SSDEEP

49152:RZh2ock0BvyD0adBPz6M5hl/gSLKHGut1P9yntMVRvwBHZ2jeHvH0em6t1KXvhso:RkJlad1pIS+RD4IcHYqvUn6afhst7o+K

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/Clouds.dll	family_blackmoon

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Clouds.dll
unpack001/风雷多开器.exe

Files

825e73301caaf007966da65679b70a96_JaffaCakes118
.zip
Clouds.dll
.dll windows:4 windows x86 arch:x86

08d9a6cfe75ee04f396f5ed6fb2938f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
DestroyWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
GetMessageTime
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
PostMessageA
PostQuitMessage
UnregisterHotKey
SetWindowLongA
SetCapture
SendMessageA
ScreenToClient
ReleaseCapture
RegisterHotKey
LoadBitmapA
GetSysColor
GetDC
GetCursorPos
CreateWindowExA
CallWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
DefWindowProcA
RemovePropA
GetPropA
SetPropA
UnhookWindowsHookEx
GetClassLongA
EndDialog
CreateDialogIndirectParamA
DestroyMenu
PostThreadMessageA
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
UpdateWindow
SetActiveWindow
IsWindow
AdjustWindowRectEx
GetClientRect
CopyRect
GetWindow
MapWindowPoints
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetSystemMetrics
MessageBoxTimeoutA

kernel32

LCMapStringA
LoadLibraryA
GetProcAddress
CloseHandle
TerminateProcess
Sleep
WaitForSingleObjectEx
GetExitCodeThread
CreateFileA
lstrcpyn
DeviceIoControl
GetVolumeInformationA
CreateMutexA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetLocalTime
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetEnvironmentVariableA
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetCommandLineA
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
SetLastError
InterlockedIncrement
GlobalFlags
GetVersion
lstrcpynA
SetErrorMode
InterlockedDecrement
TlsGetValue
LocalReAlloc
FreeLibrary
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalFree
LocalAlloc
lstrlenA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
lstrcpyA
lstrcatA
MulDiv
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread

gdi32

DeleteDC
CreateBitmap
TranslateCharsetInfo
GetDeviceCaps
DeleteObject
CreateFontA
SaveDC
RestoreDC
SelectObject
SetBkColor
SetTextColor
GetObjectA
GetStockObject
Escape
ExtTextOutA
TextOutA
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
RectVisible
PtVisible

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

oledlg

ord8

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
VariantChangeType

shell32

DragQueryFileA
DragFinish
DragAcceptFiles

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17

Exports

Exports

ApiCall
Areg
Checktime
Discount
GetInfo
ISreg
Initialization
Inquiry
JData
QTime
Reg
Tie
Timingbox
Tips
Trial

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c0
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot
使用说明.txt
风雷多开器.exe
.exe windows:4 windows x86 arch:x86

37210c15b576075e2573adfe76cba4c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
ContinueDebugEvent
CreateEventA
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
DebugActiveProcessStop
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetSystemInfo
GetThreadContext
GetThreadLocale
GetTickCount
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MulDiv
MultiByteToWideChar
OpenThread
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadContext
SetThreadLocale
SizeofResource
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForDebugEvent
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write
ord17

gdi32

BitBlt
CombineRgn
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
ExcludeClipRect
ExtTextOutA
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StretchBlt
UnrealizeObject

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharUpperBuffA
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumClipboardFormats
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessagePos
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
OemToCharA
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WinHelpA
WindowFromPoint
keybd_event
wsprintfA
GetSysColor

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VarBoolFromStr
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarCyFromStr
VarDateFromStr
VarI4FromStr
VarNeg
VarNot
VarR8FromStr
VariantChangeTypeEx
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@@Unit1@Finalize
@@Unit1@Initialize
__GetExceptDLLinfo
___CPPdebugHook
_dkform

Sections

.text
Size: 557KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 245KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08d9a6cfe75ee04f396f5ed6fb2938f0

Headers

File Characteristics

Imports

user32

kernel32

gdi32

winspool.drv

advapi32

oledlg

ole32

oleaut32

shell32

comctl32

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 161KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 28KB - Virtual size: 93KB

.c0 Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 12KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 692B

37210c15b576075e2573adfe76cba4c7

Headers

File Characteristics

Imports

advapi32

kernel32

version

comctl32

gdi32

user32

oleaut32

Exports

Exports

Sections

.text Size: 557KB - Virtual size: 560KB

.data Size: 23KB - Virtual size: 44KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 10KB - Virtual size: 12KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 245KB - Virtual size: 248KB

.vmp0 Size: 39KB - Virtual size: 40KB

.vmp1 Size: 305KB - Virtual size: 305KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 164KB - Virtual size: 161KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 28KB - Virtual size: 93KB

.c0
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 692B

.text
Size: 557KB - Virtual size: 560KB

.data
Size: 23KB - Virtual size: 44KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 12KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 245KB - Virtual size: 248KB

.vmp0
Size: 39KB - Virtual size: 40KB

.vmp1
Size: 305KB - Virtual size: 305KB

.reloc
Size: 39KB - Virtual size: 39KB