blackmoon | e6c2f7dfa7ab630fd739ea29b959352386f7c98b6364ba191a0a3366ca9825f6

Sharing

Copy URL Twitter E-mail

General

Target

e6c2f7dfa7ab630fd739ea29b959352386f7c98b6364ba191a0a3366ca9825f6
Size

1.1MB
MD5

236b5fcd732b8ad95311ae0f6dfacd11
SHA1

e24e955b76591245f38ce9262748293f9af0bf82
SHA256

e6c2f7dfa7ab630fd739ea29b959352386f7c98b6364ba191a0a3366ca9825f6
SHA512

ec7c506869a249e2095f152a5ec0655cbf708df4645fd9f6daf29c260813c1ae0e802f1fd1126b910ecef5455d340a098b5f90d04373609fa7ded47aa148b427
SSDEEP

24576:hjxt3JsKiY72PQWnUu2LtWJiXtvnIYDGavQQ8asX3FhOg1ySwsNpaS3fTmSM2mTk:h9XiY72PnnaDLDyNvke+3

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6c2f7dfa7ab630fd739ea29b959352386f7c98b6364ba191a0a3366ca9825f6

Files

e6c2f7dfa7ab630fd739ea29b959352386f7c98b6364ba191a0a3366ca9825f6
.exe windows:4 windows x86 arch:x86

5f847d53ff4dd4a8d0da73ae07dd93fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
SetWaitableTimer
CreateWaitableTimerA
GetExitCodeProcess
ReadFile
WideCharToMultiByte
CreateProcessA
CreatePipe
GlobalMemoryStatusEx
CreateThread
lstrcpynA
CloseHandle
VirtualQueryEx
GetCurrentProcess
GetLocalTime
GetSystemTime
_lclose
SetFileTime
SystemTimeToFileTime
_lopen
IsWow64Process
GetProcAddress
GetModuleHandleA
OpenProcess
GetCurrentProcessId
GetDriveTypeA
CreateToolhelp32Snapshot
Process32First
Process32Next
WTSGetActiveConsoleSessionId
RtlZeroMemory
GetLastError
RtlMoveMemory
TerminateProcess
WriteFile
Module32First
LocalAlloc
LocalFree
GetDateFormatA
GetTimeFormatA
LCMapStringA
FreeLibrary
GetCommandLineA
FormatMessageA
GlobalAlloc
GlobalLock
GlobalUnlock
GetUserDefaultLCID
GetEnvironmentVariableA
GetTickCount
WritePrivateProfileStringA
GetPrivateProfileStringA
GetCurrentDirectoryA
GetDiskFreeSpaceA
MulDiv
GetVersionExA
CreateDirectoryA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
GetStartupInfoA
WaitForSingleObject
SetFilePointer
GetFileSize
CreateFileA
SetFileAttributesA
MoveFileA
CopyFileA
GetModuleFileNameA
DeleteFileA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GlobalFree
VirtualFree
VirtualAlloc
GetCurrentThreadId
Sleep
PeekNamedPipe
lstrcpyn
WinExec
GetProcessHeap
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
SetSystemPowerState
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateThread
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
InterlockedDecrement
lstrcatA
lstrcpyA
InterlockedIncrement
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
LockResource
LoadResource
FindResourceA
GetProcessVersion
SetErrorMode
FlushFileBuffers
LoadLibraryA

user32

SetCursor
GetWindowLongA
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
PtInRect
GetWindowRect
GetDlgCtrlID
ClientToScreen
SetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
SendMessageA
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
PostMessageA
keybd_event
MessageBoxA
PostQuitMessage
ExitWindowsEx
SetForegroundWindow
SetActiveWindow
GetActiveWindow
IsWindow
GetForegroundWindow
IsWindowEnabled
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetParent
EnableWindow
GetClassNameA
GetWindow
GetWindowTextA
MsgWaitForMultipleObjects
BlockInput
GetSystemMetrics

advapi32

RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
EnumDependentServicesA
EnumServicesStatusExA
EnumServicesStatusA
ChangeServiceConfigA
ControlService
StartServiceA
DeleteService
GetServiceKeyNameA
GetServiceDisplayNameA
QueryServiceConfig2A
QueryServiceConfigA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCloseKey
RegEnumValueA
RegEnumKeyA
RegOpenKeyA
LookupAccountSidA
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
StartServiceCtrlDispatcherA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

OleIsCurrentClipboard
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoInitialize
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleFlushClipboard
CoUninitialize

ws2_32

getpeername
send
recv
select
__WSAFDIsSet
accept
ntohs
connect
inet_addr
WSACleanup
gethostname
WSAStartup
gethostbyname
inet_ntoa
htonl
recvfrom
htons
bind
closesocket
listen
sendto
socket
getsockname

gdi32

DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetStockObject
GetObjectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
CreateBitmap

wininet

InternetOpenA
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetCheckConnectionA

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

StrFormatByteSize64A
PathIsDirectoryA
PathFileExistsA

winhttp

WinHttpSetOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpSetTimeouts
WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpReadData

dbghelp

MakeSureDirectoryPathExists

oledlg

ord8

oleaut32

VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 720KB - Virtual size: 819KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5f847d53ff4dd4a8d0da73ae07dd93fe

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

gdi32

wininet

psapi

wtsapi32

userenv

version

shlwapi

winhttp

dbghelp

oledlg

oleaut32

winspool.drv

comctl32

Sections

.text Size: 364KB - Virtual size: 363KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 720KB - Virtual size: 819KB

.rsrc Size: 4KB - Virtual size: 736B

.text
Size: 364KB - Virtual size: 363KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 720KB - Virtual size: 819KB

.rsrc
Size: 4KB - Virtual size: 736B