blackmoon | a7f5d94192ceb6cc2190a258dba0b59d877c3306d4678d8df7c907ec3cfe1555

Sharing

Copy URL Twitter E-mail

General

Target

a7f5d94192ceb6cc2190a258dba0b59d877c3306d4678d8df7c907ec3cfe1555
Size

590KB
MD5

185d062342dfdeb3541237de3ead8117
SHA1

3fd02f569b3cd6d5e7234d218e2b4e6e46e58361
SHA256

a7f5d94192ceb6cc2190a258dba0b59d877c3306d4678d8df7c907ec3cfe1555
SHA512

2e67e8aa79fcbf7703094e9b47b2d5a8e1a959223c18833bcc447166e97d8c46d7457e675fdb5466aadbd825d90f78c4b7bf7a0586f4697fe8a1c9338b9a2554
SSDEEP

12288:3OGwgGRlrPYnFW320hlTyJg4phasTSMlw5uTZ4RWfM6WM8PUgw8Xg:3OGwgGRlrPYU320hlT61phaC1AuTZ4R

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7f5d94192ceb6cc2190a258dba0b59d877c3306d4678d8df7c907ec3cfe1555

Files

a7f5d94192ceb6cc2190a258dba0b59d877c3306d4678d8df7c907ec3cfe1555
.exe windows:4 windows x86 arch:x86

40a8348a46646cba3fd5275e35865e7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

kernel32

GlobalUnlock
VirtualQueryEx
lstrcpynA
CreateThread
QueryPerformanceCounter
GetModuleHandleA
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
CreateFileA
ResetEvent
WriteFile
CancelIo
ReadFile
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
DeleteFileA
Sleep
GetUserDefaultLCID
GetFileSize
GetTickCount
GetPrivateProfileStringA
LCMapStringA
SetFileAttributesA
CreateProcessA
GetStartupInfoA
GetCommandLineA
FreeLibrary
RtlMoveMemory
SetFileTime
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
UnmapViewOfFile
GlobalLock
SetFilePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetWindowsDirectoryA
GetSystemDirectoryA
GlobalAlloc
lstrcpyn
WideCharToMultiByte
lstrlenW
GetCurrentDirectoryW
WaitForSingleObject
GetTempPathA
OpenEventA
CreateEventA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetCurrentProcessId
GetCurrentProcess
OpenProcess
TerminateProcess
LocalAlloc
LocalFree
MultiByteToWideChar

user32

UnhookWindowsHookEx
OpenClipboard
EmptyClipboard
GetDC
SetClipboardData
CloseClipboard
ReleaseDC
GetMessageA
GetForegroundWindow
GetCursorInfo
GetCursorPos
PeekMessageA
GetSystemMetrics
wsprintfA
MessageBoxA
DispatchMessageA
TranslateMessage
GetIconInfo
SetTimer
MessageBoxTimeoutA
CallNextHookEx
SetWindowsHookExA
SendInput
DrawIcon

advapi32

AllocateAndInitializeSid
GetTokenInformation
EqualSid
FreeSid
OpenProcessToken

shell32

SHGetSpecialFolderPathA
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleRun
CoInitialize

oleaut32

RegisterTypeLi
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SystemTimeToVariantTime
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
LHashValOfNameSys
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim

gdi32

BitBlt
CreateCompatibleBitmap
GetDIBits
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDIBColorTable
StretchBlt
GetBitmapBits
DeleteDC
GetDeviceCaps

winhttp

WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl
WinHttpCheckPlatform
WinHttpSetOption

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

msvcrt

__CxxFrameHandler
strncmp
memmove
realloc
strrchr
atof
modf
_CIpow
floor
strtod
rand
srand
_CIfmod
_stricmp
_except_handler3
calloc
_mbsstr
div
atol
_i64toa
_ftol
atoi
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
malloc
free
sprintf

shlwapi

PathFileExistsA

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

40a8348a46646cba3fd5275e35865e7f

Headers

File Characteristics

Imports

winmm

kernel32

user32

advapi32

shell32

ole32

oleaut32

gdi32

winhttp

setupapi

msvcrt

shlwapi

Sections

.text Size: 343KB - Virtual size: 343KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 232KB - Virtual size: 316KB

.text
Size: 343KB - Virtual size: 343KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 232KB - Virtual size: 316KB