blackmoon | 5d1d63dda5a368185a7a9e5e0f32832666843de3e25a8dd16ac97d934d0438f0

Sharing

Copy URL Twitter E-mail

General

Target

5d1d63dda5a368185a7a9e5e0f32832666843de3e25a8dd16ac97d934d0438f0
Size

2.0MB
MD5

c0883c40167788066354f7a9fb196644
SHA1

3d8e7de9d1b3e40a80609be442beb558f24f17eb
SHA256

5d1d63dda5a368185a7a9e5e0f32832666843de3e25a8dd16ac97d934d0438f0
SHA512

bb99035e01408845064ea0ace251d038856becac223082ea34f137173372a77d9ab6f583c68f636f115634b1c0ad0f871ff1036906d28c874bb0d49acbb039a5
SSDEEP

49152:45bGPjZp2meAOhLOkQCCe+CN/0D5ampiI6QQfW:6GPcrzPCz9/pQQQfW

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d1d63dda5a368185a7a9e5e0f32832666843de3e25a8dd16ac97d934d0438f0

Files

5d1d63dda5a368185a7a9e5e0f32832666843de3e25a8dd16ac97d934d0438f0
.exe windows:4 windows x86 arch:x86

ec70adf28fae94f5a3a011fcb4147b36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
GetCommandLineA
GetUserDefaultLCID
WideCharToMultiByte
WriteFile
SetFilePointer
GetTickCount
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
SetFileAttributesA
CreatePipe
GetExitCodeProcess
PeekNamedPipe
WritePrivateProfileStringA
GetStartupInfoA
SetCurrentDirectoryA
CopyFileA
DeleteFileA
GetPrivateProfileStringA
GetFileSize
ReadFile
GetModuleFileNameA
HeapReAlloc
GetCurrentDirectoryA
IsWow64Process
GetSystemInfo
LocalFlags
GetQueuedCompletionStatus
CreateIoCompletionPort
GetLastError
Sleep
SetStdHandle
IsBadCodePtr
ExitProcess
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
FlushFileBuffers
GetCurrentProcess
SetErrorMode
GetProcessVersion
FindResourceA
LoadResource
LockResource
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
lstrcatA
MultiByteToWideChar
lstrcmpiA
lstrlenA
LocalFree
LocalAlloc
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
MulDiv
GlobalUnlock
RtlMoveMemory
GlobalFree
GlobalLock
GlobalAlloc
CreateThread
SetWaitableTimer
CreateWaitableTimerA
TerminateProcess
GetTempPathA
GetWindowsDirectoryA
CloseHandle
OpenProcess
GlobalFlags
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
WaitForSingleObject
GetExitCodeThread
PostQueuedCompletionStatus
InterlockedDecrement
LocalSize
HeapAlloc
HeapFree
GetProcessHeap
VirtualFree
VirtualUnlock
lstrcpyA
IsBadStringPtrA
IsBadWritePtr
IsBadReadPtr
VirtualLock
VirtualAlloc
GetModuleHandleA
lstrcpynW
CreateProcessA
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
SetFileTime
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
SystemTimeToFileTime
UnmapViewOfFile
CreateFileA
GetStringTypeW
InitializeCriticalSection
DeviceIoControl
GetCurrentProcessId

user32

IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
SetWindowPos
MoveWindow
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
GetParent
GetWindowRect
GetFocus
SetFocus
GetClassNameA
PeekMessageA
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
GetDialogBaseUnits
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CreateDialogParamA
DialogBoxParamA
GetClassInfoExA
EndDialog
IsWindow
GetCursorPos
RegisterClassExA
SetActiveWindow
DispatchMessageA
TranslateMessage
IsDialogMessageA
TranslateAcceleratorA
GetMessageA
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
PtInRect
GetDlgCtrlID
GetWindow
ClientToScreen
UnhookWindowsHookEx
TabbedTextOutA
GrayStringA
GetWindowPlacement
SystemParametersInfoA
GetForegroundWindow
GetMessagePos
GetMessageTime
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
CreateDialogIndirectParamA
GetDlgItem
GetWindowLongA
CreateWindowExA
DestroyCursor
SetWindowLongA
PostQuitMessage
DestroyIcon
TrackMouseEvent
SetCursor
LoadCursorA
DefMDIChildProcA
SendMessageA
DefWindowProcA
DestroyWindow
GetClientRect
GetAsyncKeyState
CallWindowProcA
EndPaint
BeginPaint
GetSystemMetrics
PostMessageA
LoadIconA
CreateIconFromResource
ReleaseDC
GetDC
CopyIcon
CopyImage
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
IsZoomed
MsgWaitForMultipleObjects
DrawTextA
EnableWindow
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
MessageBoxA
SetPropA
GetPropA
RemovePropA
SetWindowRgn
SetRect
GetClassLongA
SetClassLongA
FillRect
GetSysColor
IsIconic

oleaut32

VarR8FromCy
VarR8FromBool
OleLoadPicture
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi

advapi32

RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
StartServiceA
CreateServiceA
DeleteService
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteA
DragAcceptFiles
DragFinish
DragQueryFileA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleRun
OleFlushClipboard
OleIsCurrentClipboard
CLSIDFromString
CLSIDFromProgID

gdi32

FrameRgn
FillRgn
CreateCompatibleBitmap
SetBkColor
SetBkMode
SetTextColor
CreatePatternBrush
CreateSolidBrush
StretchBlt
CreateRoundRectRgn
CombineRgn
ExtCreateRegion
BitBlt
SelectObject
DeleteDC
CreateDIBSection
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject
GetDeviceCaps
CreateBitmap
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
HttpQueryInfoA
InternetGetConnectedState

ws2_32

WSASetLastError
WSAGetLastError
htons
WSAStartup
WSAIoctl
WSARecv
WSASocketA
inet_addr
setsockopt
bind
send
closesocket

shlwapi

PathFileExistsA
PathFindFileNameA

atl

ord42

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

oledlg

ord8

Sections

.text
Size: 376KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ec70adf28fae94f5a3a011fcb4147b36

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

advapi32

shell32

ole32

gdi32

wininet

ws2_32

shlwapi

atl

winspool.drv

comctl32

oledlg

Sections

.text Size: 376KB - Virtual size: 374KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 1.5MB - Virtual size: 1.6MB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: 376KB - Virtual size: 374KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 1.5MB - Virtual size: 1.6MB

.rsrc
Size: 24KB - Virtual size: 20KB