blackmoon | aa471c8e4f1813d90729f69fa9052ac5fb57e02b281dedc2a418e7e922686fb9

Sharing

Copy URL

Twitter E-mail

General

Target

aa471c8e4f1813d90729f69fa9052ac5fb57e02b281dedc2a418e7e922686fb9
Size

590KB
MD5

e725e775609118d9e7fe593ae36efbc8
SHA1

be8dae620eaf037079e0ebc7923ffbc996a7cedd
SHA256

aa471c8e4f1813d90729f69fa9052ac5fb57e02b281dedc2a418e7e922686fb9
SHA512

ffd608be380b2bd50886f5a58644ef55e175e43d37971237b4d550481f29db002348db8a65c883147762f4d8274fc205a23b92875f6ae7402d8180b2e70cfdb8
SSDEEP

12288:yC96YkGJuNGrc4T7AZ4mEWps7VQG3pbWo+vfZRWfM6WMUPUgw8Xg:yC96YkGJi0c4T7AZFRGVQ6ph+vfZRWgo

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa471c8e4f1813d90729f69fa9052ac5fb57e02b281dedc2a418e7e922686fb9

Files

aa471c8e4f1813d90729f69fa9052ac5fb57e02b281dedc2a418e7e922686fb9
.exe windows:4 windows x86 arch:x86

5195a1629062dd86a167a96bea582c77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

kernel32

GlobalUnlock
CreateThread
QueryPerformanceCounter
VirtualQueryEx
lstrcpynA
GetModuleHandleA
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
CreateFileA
ResetEvent
WriteFile
CancelIo
ReadFile
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
DeleteFileA
Sleep
GetUserDefaultLCID
GetPrivateProfileStringA
CreateProcessA
GetStartupInfoA
GetFileSize
GetTickCount
LCMapStringA
SetFileAttributesA
GetCommandLineA
FreeLibrary
RtlMoveMemory
SetFileTime
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
UnmapViewOfFile
GlobalLock
SetFilePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetWindowsDirectoryA
GetSystemDirectoryA
GlobalAlloc
lstrcpyn
WideCharToMultiByte
lstrlenW
GetCurrentDirectoryW
WaitForSingleObject
GetTempPathA
OpenEventA
CreateEventA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetCurrentProcessId
GetCurrentProcess
OpenProcess
TerminateProcess
LocalAlloc
LocalFree
MultiByteToWideChar

user32

UnhookWindowsHookEx
OpenClipboard
EmptyClipboard
GetDC
SetClipboardData
CloseClipboard
ReleaseDC
GetMessageA
GetForegroundWindow
GetCursorInfo
GetCursorPos
PeekMessageA
GetSystemMetrics
wsprintfA
MessageBoxA
DispatchMessageA
TranslateMessage
SendInput
SetTimer
MessageBoxTimeoutA
CallNextHookEx
SetWindowsHookExA
DrawIcon
GetIconInfo

advapi32

AllocateAndInitializeSid
GetTokenInformation
EqualSid
FreeSid
OpenProcessToken

shell32

SHGetSpecialFolderPathA
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleRun
CoInitialize

oleaut32

RegisterTypeLi
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SystemTimeToVariantTime
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
LHashValOfNameSys
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim

gdi32

DeleteDC
DeleteObject
CreateDIBSection
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBColorTable
StretchBlt
GetBitmapBits
GetDIBits
GetDeviceCaps

winhttp

WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl
WinHttpCheckPlatform
WinHttpSetOption

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

msvcrt

__CxxFrameHandler
strncmp
memmove
realloc
strrchr
atof
modf
_CIpow
floor
strtod
rand
srand
_CIfmod
_stricmp
_except_handler3
calloc
_mbsstr
div
atol
_i64toa
_ftol
atoi
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
malloc
free
sprintf

shlwapi

PathFileExistsA

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5195a1629062dd86a167a96bea582c77

Headers

File Characteristics

Imports

winmm

kernel32

user32

advapi32

shell32

ole32

oleaut32

gdi32

winhttp

setupapi

msvcrt

shlwapi

Sections

.text Size: 343KB - Virtual size: 343KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 232KB - Virtual size: 316KB

.text
Size: 343KB - Virtual size: 343KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 232KB - Virtual size: 316KB