E:\rxjh\登陆器\登录器源码\大秦\Logon\Release\rxjh.pdb
Behavioral task
behavioral1
Sample
3c1798e4e3ec41d9b2ca476effcc292ef1408428c28002ea1b2f2dc3cd272ed8.exe
Resource
win7-20240220-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
3c1798e4e3ec41d9b2ca476effcc292ef1408428c28002ea1b2f2dc3cd272ed8.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
3c1798e4e3ec41d9b2ca476effcc292ef1408428c28002ea1b2f2dc3cd272ed8
-
Size
7.1MB
-
MD5
30903a98100613b58020965222872e0b
-
SHA1
5b6c541a4ef36cc3acc9a1302554dd074c3b732c
-
SHA256
3c1798e4e3ec41d9b2ca476effcc292ef1408428c28002ea1b2f2dc3cd272ed8
-
SHA512
e7f2d5d3b4784995920506c6d0cc9237bf0f89e12375182780a96bdf81251da96359f215b55bbc283ab685e39dbe66f987c6347d4fa291412bbe4ab593f3cf4a
-
SSDEEP
196608:URkhrGgZHOg3bjEFh8VilRVSN7Knqa4AG:vlH087Knqa4AG
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3c1798e4e3ec41d9b2ca476effcc292ef1408428c28002ea1b2f2dc3cd272ed8
Files
-
3c1798e4e3ec41d9b2ca476effcc292ef1408428c28002ea1b2f2dc3cd272ed8.exe windows:6 windows x86 arch:x86
344014bd561a3e3d2882766c86ad407b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
FileTimeToSystemTime
UnmapViewOfFile
GetLocalTime
GetFileInformationByHandle
SystemTimeToFileTime
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
GetFileAttributesA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
OpenFileMappingA
MultiByteToWideChar
MoveFileExA
CopyFileA
GetTempPathA
FindResourceA
CreateFileMappingA
lstrlenA
FreeResource
MapViewOfFile
GetTickCount
GetSystemInfo
GlobalMemoryStatusEx
CreateProcessA
CreateThread
GetCurrentProcessId
Sleep
Beep
WriteFile
SetFileAttributesA
ReadFile
GetFileSize
CreateFileA
CreateDirectoryA
SetCurrentDirectoryA
CreateMutexA
GetCommandLineW
WinExec
RemoveDirectoryA
DeleteFileA
Module32Next
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcpyA
lstrcmpA
LocalFree
WriteProcessMemory
VirtualAllocEx
OpenProcess
CreateRemoteThread
TerminateProcess
GetCurrentProcess
WaitForSingleObject
CloseHandle
GetModuleFileNameA
GetLogicalDrives
FindFirstFileA
FindClose
GetCurrentDirectoryA
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
FindResourceW
WriteConsoleW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
FindNextFileW
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetDriveTypeW
GetTimeZoneInformation
GetFileAttributesExW
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetStdHandle
QueryPerformanceFrequency
GetFileType
SetStdHandle
HeapQueryInformation
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
GetFullPathNameW
VirtualQuery
VirtualAlloc
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStringTypeW
LCMapStringW
FormatMessageW
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalUnlock
LocalLock
SearchPathA
GetProfileIntA
SetErrorMode
FindResourceExW
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
GetUserDefaultLCID
ReplaceFileA
GetTempFileNameA
GetDiskFreeSpaceA
GetStringTypeExA
GetVolumeInformationA
MoveFileA
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameA
SizeofResource
LockResource
LoadResource
GetLastError
SetLastError
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
FormatMessageA
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
LoadLibraryA
LoadLibraryW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
LocalAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FindNextFileA
SetEvent
CreateEventA
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
GetVersionExA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetAtomNameA
GetThreadLocale
GetACP
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetOEMCP
GetCPInfo
GetFileAttributesExA
GetFileSizeEx
GetFileTime
FlushFileBuffers
user32
DestroyCursor
DestroyIcon
GetMenuStringA
GetMenuState
GetMenuItemID
GetMenuItemCount
InsertMenuA
RemoveMenu
SendDlgItemMessageA
SetRectEmpty
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
RegisterWindowMessageA
DispatchMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoExA
CreateWindowExA
IsMenu
IsChild
DestroyWindow
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
SetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
TrackPopupMenu
SetActiveWindow
GetForegroundWindow
BeginPaint
EndPaint
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
ScreenToClient
MapWindowPoints
EqualRect
PtInRect
GetClassLongA
GetTopWindow
GetLastActivePopup
GetWindow
SetWindowsHookExA
UnhookWindowsHookEx
SetScrollInfo
GetScrollInfo
WinHelpA
MonitorFromWindow
GetMonitorInfoA
ShowWindow
MoveWindow
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
IsWindowEnabled
ScrollWindowEx
IsDialogMessageA
CreateDialogIndirectParamA
EndDialog
IntersectRect
LoadBitmapA
BringWindowToTop
ReleaseCapture
LoadAcceleratorsA
TranslateAcceleratorA
InsertMenuItemA
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
IsZoomed
GetMessageA
TranslateMessage
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
GetMenuItemInfoA
SystemParametersInfoA
SetCapture
SetTimer
KillTimer
WindowFromPoint
WaitMessage
GetParent
MapVirtualKeyA
GetSysColorBrush
LoadCursorA
TrackMouseEvent
LoadImageW
RealChildWindowFromPoint
CopyImage
GetAsyncKeyState
GetDialogBaseUnits
CharUpperA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetRect
UnionRect
GetSystemMenu
DeleteMenu
SetParent
GetNextDlgGroupItem
MessageBeep
DrawIconEx
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
GetMenuDefaultItem
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongA
OpenClipboard
CloseClipboard
SetClipboardData
LoadImageA
DrawEdge
DrawFrameControl
LoadMenuW
SetCursorPos
CopyIcon
LoadAcceleratorsW
RegisterClipboardFormatA
GetDCEx
LockWindowUpdate
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageA
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuA
CharUpperBuffA
IsClipboardFormatAvailable
GetUpdateRect
EnumChildWindows
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
SendNotifyMessageA
InSendMessage
CreateMenu
WindowFromDC
GetWindowRgn
GetTabbedTextExtentA
GetTabbedTextExtentW
CreateIconIndirect
GetIconInfo
IsWindow
RedrawWindow
SetWindowLongA
GetFocus
MessageBoxA
AdjustWindowRectEx
PeekMessageA
PostQuitMessage
GetClassInfoA
ClientToScreen
SetCursor
GetDC
DrawStateA
TrackPopupMenuEx
GetSubMenu
DestroyMenu
ReleaseDC
SetWindowRgn
InvalidateRect
GetClientRect
SendMessageA
OpenIcon
SetForegroundWindow
FindWindowA
wsprintfA
IsWindowVisible
IsIconic
GetSystemMetrics
CreatePopupMenu
AppendMenuA
DrawIcon
UpdateWindow
SwitchToThisWindow
SetWindowTextA
GetWindowLongA
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
GetKeyNameTextA
GetSysColor
GetWindowTextA
GetCursorPos
EnumWindows
SetWindowPos
EnableWindow
PostMessageA
GetWindowDC
GetWindowRect
LoadMenuA
GetActiveWindow
GetNextDlgTabItem
IsRectEmpty
EmptyClipboard
GetDesktopWindow
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
UnregisterClassA
CreateIconFromResource
LoadIconW
LoadIconA
LoadCursorW
CallNextHookEx
GetWindowThreadProcessId
GetClassNameA
gdi32
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetBkMode
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocA
ArcTo
PolyDraw
ExtSelectClipRgn
SetArcDirection
SetTextJustification
SelectPalette
ExtCreatePen
MoveToEx
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
SelectClipRgn
SaveDC
RestoreDC
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetCurrentPositionEx
GetClipRgn
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
ExcludeClipRect
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
DeleteDC
GetDeviceCaps
CreateDCA
CopyMetaFileA
SetPixel
SetTextColor
CreateSolidBrush
SelectClipPath
GetTextFaceA
GetTextExtentPoint32W
GetTextExtentPointA
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DeleteMetaFile
CreateMetaFileA
CloseMetaFile
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
GetCurrentObject
OffsetRgn
Rectangle
EnumFontFamiliesExA
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
SetDIBColorTable
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
StretchDIBits
GetCharWidthA
CreateFontA
GetRgnBox
GetTextColor
LPtoDP
CreateDIBSection
Ellipse
CreateEllipticRgn
GetTextMetricsA
GetTextExtentPoint32A
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgn
DeleteObject
GetBkColor
GetDIBits
SelectObject
StretchBlt
GetObjectA
CreateBitmap
SetBkColor
GetPixel
GetStockObject
Escape
advapi32
RegQueryValueA
RegSetValueA
IsTextUnicode
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegOpenKeyExW
SetFileSecurityA
GetFileSecurityA
RegEnumValueA
RegEnumKeyExA
SystemFunction036
RegCreateKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
SetEntriesInAclA
SetSecurityInfo
BuildExplicitAccessWithNameA
RegCloseKey
shell32
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA
DragQueryFileA
DragFinish
SHGetFileInfoA
SHAddToRecentDocs
ExtractIconA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
SHBrowseForFolderA
SHAppBarMessage
CommandLineToArgvW
ole32
RegisterDragDrop
RevokeDragDrop
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoLockObjectExternal
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleRun
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
PropVariantCopy
CoDisconnectObject
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
OleDraw
CreateStreamOnHGlobal
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoUninitialize
CoCreateInstance
CoInitialize
OleTranslateAccelerator
msimg32
AlphaBlend
TransparentBlt
comctl32
_TrackMouseEvent
shlwapi
PathFindFileNameA
PathFindExtensionA
PathRemoveExtensionA
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
PathRemoveFileSpecW
UrlUnescapeA
uxtheme
CloseThemeData
GetThemeSysColor
GetWindowTheme
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
GetThemePartSize
IsAppThemed
GetThemeColor
GetCurrentThemeName
oledlg
ord8
urlmon
URLDownloadToFileA
gdiplus
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipCreateBitmapFromStreamICM
winmm
PlaySoundA
wininet
FtpGetFileA
InternetGetLastResponseInfoA
FtpFindFirstFileA
FtpDeleteFileA
FtpRenameFileA
FtpOpenFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
InternetSetStatusCallback
FtpGetCurrentDirectoryA
FtpCommandA
GopherCreateLocatorA
GopherFindFirstFileA
GopherOpenFileA
GopherGetAttributeA
HttpAddRequestHeadersA
HttpSendRequestExA
HttpEndRequestA
InternetSetCookieA
InternetGetCookieA
InternetErrorDlg
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
DeleteUrlCacheEntry
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable
InternetFindNextFileA
InternetQueryOptionA
InternetSetOptionExA
FtpPutFileA
ws2_32
WSAGetLastError
WSASetLastError
gethostbyname
sendto
select
recvfrom
closesocket
connect
htons
inet_addr
send
WSAAsyncSelect
socket
recv
ntohs
inet_ntoa
htonl
getsockname
getpeername
bind
accept
WSACleanup
WSAStartup
oleacc
LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject
imm32
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
winspool.drv
DocumentPropertiesA
OpenPrinterA
ClosePrinter
GetJobA
oleaut32
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
VarDecFromStr
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
SysStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
OleCreateFontIndirect
SafeArrayCreateVector
SafeArrayRedim
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 602KB - Virtual size: 601KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 36KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ