blackmoon | 9100e2a3087f332b08a6d7be6b2affe9cf67c508c749c427c3dc05c8c06ef9bc

Sharing

Copy URL Twitter E-mail

General

Target

9100e2a3087f332b08a6d7be6b2affe9cf67c508c749c427c3dc05c8c06ef9bc
Size

2.0MB
MD5

6687f348232d2d08e7088e8ced4a247a
SHA1

0a224c632c9577c927ebcf7cd0349412ad96993e
SHA256

9100e2a3087f332b08a6d7be6b2affe9cf67c508c749c427c3dc05c8c06ef9bc
SHA512

a6dfc13b5f5a12136449408287d0b2c40a09f57d9be6c6e84a0945fea62197a873c18ace68c7fc43420b12ed9c7e09b5ab5bf38acb9899e723f4473dc3c50745
SSDEEP

24576:zzP0b614HQ1s/4lDSckNLYTPWUqXn1adcdgp0PAy/t1dn6y0Kjq+a+cis3omtxIJ:/5dXWUmCDpMtU+a8mtxERcBJrh0t

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9100e2a3087f332b08a6d7be6b2affe9cf67c508c749c427c3dc05c8c06ef9bc

Files

9100e2a3087f332b08a6d7be6b2affe9cf67c508c749c427c3dc05c8c06ef9bc
.exe windows:4 windows x86 arch:x86

a39329e1089267fc2b44320f54f0d375

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
LCMapStringA
FreeLibrary
GetCommandLineA
FormatMessageA
GetUserDefaultLCID
SetFileAttributesA
DeleteFileA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
WritePrivateProfileStringA
WriteFile
GetModuleFileNameA
GetPrivateProfileStringA
CreateFileA
GetFileSize
ReadFile
GetCommandLineW
IsBadReadPtr
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
LocalSize
GlobalSize
CreateWaitableTimerA
LocalFree
CreateThread
GetSystemTime
lstrlenA
RtlMoveMemory
LocalAlloc
lstrlenW
GetLocalTime
GetCurrentProcessId
IsWow64Process
GetCurrentProcess
LoadLibraryA
GetSystemDirectoryA
CreateDirectoryW
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle
SetWaitableTimer
CreateWaitableTimerW
HeapFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
VirtualFree
VirtualAlloc
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
MultiByteToWideChar
GetNativeSystemInfo
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
lstrcpynA
FlushFileBuffers
MulDiv
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
lstrcmpA
GetProcAddress
GetModuleHandleW
GetProcessHeap
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
GetACP
RaiseException
GetTickCount
GetTempPathA
GetWindowsDirectoryA
GetVersionExA
GetLastError
SetFilePointer
TerminateProcess
OpenProcess
Sleep
lstrcpyA
SetLastError
lstrcatA
GetTimeZoneInformation
GetVersion
GetCurrentThreadId
GetCurrentThread
lstrcmpiA

user32

UpdateLayeredWindow
ReleaseCapture
PostMessageW
DispatchMessageW
EnableWindow
IsWindowEnabled
GetForegroundWindow
GetActiveWindow
TranslateMessage
GetClassNameA
GetWindowThreadProcessId
FindWindowA
GetDC
UpdateWindow
GetDlgItem
SetWindowLongA
GetWindowTextA
GetWindowLongA
IsWindowVisible
GetWindow
SetWindowTextA
PostQuitMessage
PostMessageA
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgCtrlID
GetMenuItemCount
GetMessageW
SendDlgItemMessageA
InvalidateRect
IsDialogMessageA
GetWindowPlacement
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
IsWindow
GetClassNameW
SendMessageW
CreateWindowExW
MsgWaitForMultipleObjects
CopyImage
MoveWindow
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
SetForegroundWindow
RemovePropA
GetSystemMetrics
SetWindowRgn
GetParent
GetWindowTextW
GetClassLongW
SetPropA
SetWindowPos
SetWindowLongW
SetFocus
GetFocus
IntersectRect
GetAsyncKeyState
KillTimer
SetCapture
EndPaint
BeginPaint
ShowWindow
SystemParametersInfoA
DefWindowProcW
RegisterClassExW
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
LoadCursorW
SendMessageA
SetCursor
SetActiveWindow
TrackMouseEvent
CallWindowProcW
GetWindowRect
GetCursorPos
SetCaretPos
ReleaseDC
PtInRect
SetTimer
LoadCursorFromFileW
IsZoomed
IsIconic
GetPropA

shell32

SHGetSpecialFolderPathA
ShellExecuteA
Shell_NotifyIconW
CommandLineToArgvW

ole32

CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize
CreateStreamOnHGlobal
CLSIDFromString
StringFromGUID2
CoInitialize
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromProgID
OleInitialize

shlwapi

PathIsDirectoryW
PathFileExistsA

gdi32

GetDeviceCaps
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
GetStockObject
GetObjectA
GetDIBits
CreateRectRgn
CreateRoundRectRgn
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
BitBlt
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

wininet

InternetCrackUrlA
InternetCanonicalizeUrlA
HttpQueryInfoA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
InternetReadFile

gdiplus

GdipGetCompositingQuality
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipCreateImageAttributes
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipGetFamilyName
GdipGetFontSize
GdipGetFontStyle
GdipResetClip
GdipGraphicsClear
GdipSetClipRegion
GdipCreateFromHDC
GdipGetSmoothingMode
GdipCreatePathGradientFromPath
GdipDrawImageRectRect
GdipGetImagePixelFormat
GdipCloneBitmapArea
GdipClosePathFigure
GdipAddPathArc
GdipCreatePath
GdipDeletePath
GdipDrawPath
GdipCreateRegionHrgn
GdipDeleteRegion
GdipGetRegionBounds
GdipMeasureCharacterRanges
GdipCreateRegion
GdipSetStringFormatMeasurableCharacterRanges
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipFillPath
GdipCreateLineBrush
GdipCreatePen2
GdipDeleteGraphics
GdipFillPolygon
GdipSetSmoothingMode
GdipSetClipRect
GdipDrawRectangle
GdipDeletePen
GdipSetPenDashStyle
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipDrawPolygon
GdipLoadImageFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetStringFormatFlags
GdipGetStringFormatTrimming
GdipGetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageRect
GdipCreateStringFormat
GdipSetStringFormatHotkeyPrefix
GdipDeleteStringFormat
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipDeleteBrush
GdipMeasureString
GdipGetFontHeight
GdipCreateSolidFill
GdipDrawString
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetStringFormatAlign

oleaut32

LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
VariantChangeType
SysAllocString
VariantClear
SafeArrayDestroy
SystemTimeToVariantTime
OleLoadPicture
VarR8FromBool
VarR8FromCy
SafeArrayCreate

imm32

ImmAssociateContext
ImmGetContext

oledlg

ord8

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

ws2_32

WSACleanup
WSAStartup
closesocket
select
send
recv

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

rasapi32

RasHangUpA
RasGetConnectStatusA

Sections

.text
Size: 720KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a39329e1089267fc2b44320f54f0d375

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

shlwapi

gdi32

wininet

gdiplus

oleaut32

imm32

oledlg

advapi32

ws2_32

winspool.drv

comctl32

rasapi32

Sections

.text Size: 720KB - Virtual size: 717KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 1.2MB - Virtual size: 1.4MB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 720KB - Virtual size: 717KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 1.2MB - Virtual size: 1.4MB

.rsrc
Size: 20KB - Virtual size: 17KB