D:\服务端\DQ\Logon\Release\rxjh.pdb
Behavioral task
behavioral1
Sample
dd27a6f09af03d57764d54ea99b5affb496165fbac6d68681a7d8dbfd9f16ec3.exe
Resource
win7-20240220-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
dd27a6f09af03d57764d54ea99b5affb496165fbac6d68681a7d8dbfd9f16ec3.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
dd27a6f09af03d57764d54ea99b5affb496165fbac6d68681a7d8dbfd9f16ec3
-
Size
5.4MB
-
MD5
aebfab7c6fb2a9632623eaef1ea8db4b
-
SHA1
4e1fa596f0d07532a50bce752423352597e5ee67
-
SHA256
dd27a6f09af03d57764d54ea99b5affb496165fbac6d68681a7d8dbfd9f16ec3
-
SHA512
5b45094ac293c8d6d4d6424ff9250ebf16065f0aa536b8832d8ecd985476f3996b6c7c4839452d9f933984b25271a5cd297c121dc3768e5f26f07dfa12b22c20
-
SSDEEP
98304:0PomPXGbSt8w5rw1OwQovBgaOnHoPGMsjxbqIGxdWMQN6OpS1r+ph8VPpSVMdAiW:dbSwoIjgTN6OpNh8VxSVMdLxqrL
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource dd27a6f09af03d57764d54ea99b5affb496165fbac6d68681a7d8dbfd9f16ec3
Files
-
dd27a6f09af03d57764d54ea99b5affb496165fbac6d68681a7d8dbfd9f16ec3.exe windows:6 windows x86 arch:x86
74b87fb73a1b7a965613f7938a07a80e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
FileTimeToSystemTime
GetLocalTime
GetFileInformationByHandle
SystemTimeToFileTime
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
GetFileAttributesA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
OpenFileMappingA
MultiByteToWideChar
MoveFileExA
CopyFileA
GetTempPathA
FindResourceA
CreateFileMappingA
lstrlenA
FreeResource
UnmapViewOfFile
MapViewOfFile
GetTickCount
GetSystemInfo
GlobalMemoryStatusEx
CreateProcessA
CreateThread
GetCurrentProcessId
Sleep
Beep
WriteFile
SetFileAttributesA
ReadFile
GetFileSize
CreateFileA
CreateDirectoryA
SetCurrentDirectoryA
CreateMutexA
GetCommandLineW
WinExec
RemoveDirectoryA
DeleteFileA
Module32Next
Module32First
Thread32Next
Thread32First
Process32Next
Process32First
CreateToolhelp32Snapshot
LoadLibraryA
lstrcpyA
lstrcmpA
LocalFree
FreeLibrary
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
OpenProcess
OpenThread
CreateRemoteThread
TerminateProcess
GetCurrentProcess
WaitForSingleObject
CloseHandle
GetModuleFileNameA
GetLogicalDrives
FindFirstFileA
FindClose
GetCurrentDirectoryA
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
FindResourceW
WriteConsoleW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
FindNextFileW
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetDriveTypeW
GetTimeZoneInformation
GetFileAttributesExW
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetStdHandle
QueryPerformanceFrequency
GetFileType
SetStdHandle
HeapQueryInformation
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
GetFullPathNameW
VirtualQuery
VirtualAlloc
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStringTypeW
LCMapStringW
FormatMessageW
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalUnlock
LocalLock
SearchPathA
GetProfileIntA
SetErrorMode
FindResourceExW
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
GetUserDefaultLCID
ReplaceFileA
GetTempFileNameA
GetDiskFreeSpaceA
GetStringTypeExA
GetVolumeInformationA
MoveFileA
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameA
FlushFileBuffers
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetCPInfo
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
SizeofResource
LockResource
LoadResource
GetLastError
SetLastError
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
FormatMessageA
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
LoadLibraryW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
LocalAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FindNextFileA
SetEvent
CreateEventA
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
GetVersionExA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetAtomNameA
GetThreadLocale
GetACP
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
user32
DestroyCursor
DestroyIcon
CreateIconIndirect
GetIconInfo
IsWindow
RedrawWindow
SetWindowLongA
GetFocus
MessageBoxA
AdjustWindowRectEx
GetMenuStringA
GetMenuState
InsertMenuA
RemoveMenu
SendDlgItemMessageA
SetRectEmpty
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
RegisterWindowMessageA
DispatchMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoExA
CreateWindowExA
IsMenu
IsChild
DestroyWindow
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
SetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
TrackPopupMenu
SetActiveWindow
GetForegroundWindow
BeginPaint
EndPaint
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
ScreenToClient
MapWindowPoints
EqualRect
PtInRect
GetClassLongA
GetTopWindow
GetLastActivePopup
GetWindow
SetScrollInfo
GetScrollInfo
WinHelpA
MonitorFromWindow
GetMonitorInfoA
ShowWindow
MoveWindow
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
IsWindowEnabled
ScrollWindowEx
IsDialogMessageA
CreateDialogIndirectParamA
IntersectRect
LoadBitmapA
BringWindowToTop
ReleaseCapture
LoadAcceleratorsA
TranslateAcceleratorA
InsertMenuItemA
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
IsZoomed
GetMessageA
TranslateMessage
ShowOwnedPopups
SetWindowContextHelpId
GetParent
GetMenuItemInfoA
SystemParametersInfoA
SetCapture
IsRectEmpty
WaitMessage
GetKeyNameTextA
MapVirtualKeyA
GetSysColorBrush
LoadCursorA
TrackMouseEvent
LoadImageW
RealChildWindowFromPoint
CopyImage
GetAsyncKeyState
GetDialogBaseUnits
CharUpperA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetRect
UnionRect
GetSystemMenu
DeleteMenu
SetParent
GetNextDlgGroupItem
MessageBeep
DrawIconEx
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
GetMenuDefaultItem
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongA
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawEdge
DrawFrameControl
LoadMenuW
SetCursorPos
CopyIcon
LoadAcceleratorsW
RegisterClipboardFormatA
GetDCEx
LockWindowUpdate
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageA
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuA
CharUpperBuffA
IsClipboardFormatAvailable
GetUpdateRect
EnumChildWindows
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
SendNotifyMessageA
InSendMessage
CreateMenu
WindowFromDC
GetWindowRgn
GetTabbedTextExtentA
GetTabbedTextExtentW
PeekMessageA
PostQuitMessage
GetWindowLongA
OffsetRect
SetWindowsHookExA
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
GetSysColor
WindowFromPoint
ClientToScreen
SetCursor
SendMessageA
UnhookWindowsHookEx
GetClassInfoA
OpenIcon
SetForegroundWindow
FindWindowA
wsprintfA
IsWindowVisible
IsIconic
EndDialog
SetTimer
KillTimer
GetSystemMetrics
CreatePopupMenu
GetDC
DrawStateA
CheckMenuItem
TrackPopupMenuEx
GetSubMenu
DestroyMenu
ReleaseDC
SetWindowRgn
InvalidateRect
GetMenuItemID
GetMenuItemCount
AppendMenuA
SetWindowPos
EnableWindow
PostMessageA
GetWindowDC
GetClientRect
GetWindowRect
LoadMenuA
GetActiveWindow
GetNextDlgTabItem
MapDialogRect
GetDesktopWindow
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
UnregisterClassA
CreateIconFromResource
LoadIconW
LoadIconA
LoadCursorW
CallNextHookEx
GetWindowThreadProcessId
GetClassNameA
EnumWindows
GetCursorPos
GetWindowTextA
SetWindowTextA
SwitchToThisWindow
UpdateWindow
DrawIcon
LoadImageA
gdi32
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetBkMode
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetROP2
SelectPalette
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocA
ArcTo
PolyDraw
SelectClipPath
ExtSelectClipRgn
ExtCreatePen
MoveToEx
PolyBezierTo
PolylineTo
SetViewportExtEx
SelectClipRgn
SaveDC
RestoreDC
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetCurrentPositionEx
GetClipRgn
ExtTextOutA
TextOutA
RectVisible
PtVisible
Escape
CreateSolidBrush
SetTextColor
SetPixel
SetBkColor
GetStockObject
GetPixel
DeleteDC
CreateBitmap
GetObjectA
StretchBlt
SelectObject
GetDIBits
GetBkColor
DeleteObject
GetClipBox
ExcludeClipRect
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
GetDeviceCaps
CreateDCA
CopyMetaFileA
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
SetArcDirection
GetTextFaceA
GetTextExtentPoint32W
GetTextExtentPointA
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DeleteMetaFile
CreateMetaFileA
CloseMetaFile
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
GetCurrentObject
OffsetRgn
Rectangle
EnumFontFamiliesExA
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
SetDIBColorTable
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
StretchDIBits
GetCharWidthA
CreateFontA
GetRgnBox
GetTextColor
LPtoDP
CreateDIBSection
Ellipse
CreateEllipticRgn
GetTextMetricsA
GetTextExtentPoint32A
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CreateFontIndirectA
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
BitBlt
CreateRectRgn
advapi32
SystemFunction036
RegSetValueA
IsTextUnicode
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegQueryValueA
RegOpenKeyExW
SetFileSecurityA
GetFileSecurityA
RegEnumValueA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
SetEntriesInAclA
SetSecurityInfo
BuildExplicitAccessWithNameA
RegCloseKey
shell32
ShellExecuteExA
CommandLineToArgvW
ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ExtractIconA
SHAppBarMessage
SHAddToRecentDocs
DragQueryFileA
DragFinish
SHGetFileInfoA
ole32
RegisterDragDrop
RevokeDragDrop
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoLockObjectExternal
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleRun
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
PropVariantCopy
CoDisconnectObject
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
OleDraw
CreateStreamOnHGlobal
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoUninitialize
CoCreateInstance
CoInitialize
OleTranslateAccelerator
msimg32
AlphaBlend
TransparentBlt
comctl32
_TrackMouseEvent
shlwapi
PathStripToRootA
PathIsUNCA
PathRemoveExtensionA
PathFindExtensionA
UrlUnescapeA
PathFindFileNameA
PathRemoveFileSpecW
StrFormatKBSizeA
uxtheme
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemePartSize
IsAppThemed
GetThemeColor
oledlg
ord8
urlmon
URLDownloadToFileA
gdiplus
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
winmm
PlaySoundA
wininet
FtpGetFileA
FtpFindFirstFileA
InternetGetLastResponseInfoA
InternetSetStatusCallback
FtpDeleteFileA
FtpRenameFileA
FtpOpenFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpCommandA
GopherCreateLocatorA
GopherFindFirstFileA
GopherOpenFileA
GopherGetAttributeA
HttpAddRequestHeadersA
HttpSendRequestExA
HttpEndRequestA
InternetSetCookieA
InternetGetCookieA
InternetErrorDlg
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
DeleteUrlCacheEntry
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable
InternetFindNextFileA
InternetQueryOptionA
InternetSetOptionExA
FtpPutFileA
ws2_32
WSAGetLastError
WSASetLastError
gethostbyname
sendto
select
recvfrom
closesocket
connect
htons
inet_addr
send
WSAAsyncSelect
socket
recv
ntohs
inet_ntoa
htonl
getsockname
getpeername
bind
accept
WSACleanup
WSAStartup
oleacc
LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject
imm32
ImmGetOpenStatus
ImmReleaseContext
ImmGetContext
winspool.drv
DocumentPropertiesA
OpenPrinterA
ClosePrinter
GetJobA
oleaut32
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
VarDecFromStr
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
SysStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
OleCreateFontIndirect
SafeArrayCreateVector
SafeArrayRedim
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 604KB - Virtual size: 603KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 37KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ