blackmoon | 756d5868f8294d10350e0fa3feaeabef3d892c81791006400e176f436cffa8a4[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

756d5868f8294d10350e0fa3feaeabef3d892c81791006400e176f436cffa8a4.exe
Size

692KB
MD5

ac324f28bdaba160788567477f6b2cb9
SHA1

30b5cf20cd759a05c293b7c683837d089f4a109e
SHA256

756d5868f8294d10350e0fa3feaeabef3d892c81791006400e176f436cffa8a4
SHA512

d4fdc5051579227f9c31461c3a789318eb021d9213d65191351af53bf34114dde0e2660432dcf6880997ea559d7671d82c9a16a36d8870684d09c2dd64ceee55
SSDEEP

6144:D+CqW1FibsBz8tVbe0Sf/HrzAmEeIUwqUJGWesV3BeUO38EkWi6D8926tcx4+0XC:D+EFXV/HrMmEe/wJ5esVxejME0kf

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
756d5868f8294d10350e0fa3feaeabef3d892c81791006400e176f436cffa8a4.exe

Files

756d5868f8294d10350e0fa3feaeabef3d892c81791006400e176f436cffa8a4.exe
.exe windows:4 windows x86 arch:x86

64abd7860c682bff85bff8701e3328c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
CreateThread
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
RtlMoveMemory
TerminateThread
CreateToolhelp32Snapshot
Process32First
Process32Next
WideCharToMultiByte
GetCurrentProcess
LCMapStringA
LoadLibraryA
FreeLibrary
CreateDirectoryA
MoveFileA
CopyFileA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetTickCount
VirtualAlloc
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
SetStdHandle
IsBadCodePtr
SetEndOfFile
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
LCMapStringW
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
TerminateProcess
RtlUnwind
GetOEMCP
GetCPInfo
FlushFileBuffers
SetErrorMode
GetProcessVersion
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
SetLastError
InterlockedIncrement
lstrcpyA
lstrcatA
WritePrivateProfileStringA
InterlockedDecrement
GlobalFlags
lstrlenA
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetNativeSystemInfo
GetFileSize
ReadFile
SetFilePointer
Sleep
DeleteFileA
CreateFileA
WriteFile
GetModuleFileNameA
GetCommandLineA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
FlushInstructionCache
CloseHandle

advapi32

CryptDestroyHash
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
CryptReleaseContext
RegOpenKeyExA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptAcquireContextA
RegSetValueExA

dbghelp

MakeSureDirectoryPathExists

shlwapi

PathRemoveFileSpecA
PathFileExistsA

user32

CreateWindowExW
UpdateWindow
SystemParametersInfoA
GetClassLongA
GetMessageW
TranslateMessage
DispatchMessageW
GetPropW
PostQuitMessage
IsWindow
SendMessageW
SetPropW
MoveWindow
MessageBeep
SetForegroundWindow
SetWindowPos
PostMessageW
RemovePropW
MsgWaitForMultipleObjects
LoadCursorW
LoadIconW
RegisterClassExW
DefWindowProcW
GetWindowRect
UpdateLayeredWindow
SetTimer
ReleaseCapture
CallWindowProcW
SetCursor
BeginPaint
EndPaint
ReleaseDC
GetWindowLongW
SetWindowLongW
TrackMouseEvent
SendMessageA
DestroyWindow
IsZoomed
SetCapture
GetFocus
SetFocus
GetDC
GetWindowTextW
IsRectEmpty
SetWindowRgn
RedrawWindow
GetIconInfo
IsIconic
CreateCaret
DestroyCaret
GetKeyState
SetCaretPos
DestroyIcon
GetCursorPos
GetParent
ShowWindow
KillTimer
DestroyMenu
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
CreateWindowExA
SetPropA
GetPropA
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
PostMessageA
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExA
IsWindowVisible
ValidateRect
CallNextHookEx
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetClassNameA
PtInRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SetWindowLongA
GetSystemMetrics
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
UnregisterClassA

gdiplus

GdipSetClipRegion
GdipSetClipRect
GdipGetVisibleClipBounds
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipResetClip
GdipDeleteStringFormat
GdipGetFontSize
GdipGetFontStyle
GdipDeletePath
GdipCloneBitmapArea
GdipGraphicsClear
GdipCreatePath
GdipAddPathArc
GdipClosePathFigure
GdipSetClipPath
GdipFillPath
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipDrawRectangle
GdipDeletePen
GdipSetPenDashStyle
GdipDrawPath
GdipSetStringFormatMeasurableCharacterRanges
GdipCreateRegion
GdipMeasureCharacterRanges
GdipGetRegionBounds
GdipDeleteRegion
GdipSetTextRenderingHint
GdipDrawString
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipGetImagePixelFormat
GdipCreateRegionHrgn
GdipCreatePathGradientFromPath
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromHICON
GdipImageSelectActiveFrame
GdipGetFontHeight
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipGetStringFormatAlign
GdipSetStringFormatAlign
GdipCombineRegionRect
GdipCreateMatrix
GdipGetRegionScansCount
GdipGetRegionScans
GdipDeleteMatrix
GdipFillPolygon
GdipDrawPolygon
GdipCreateStringFormat
GdipGetStringFormatTrimming
GdipGetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatFlags
GdipGetFamilyName
GdipSetSmoothingMode
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdiplusStartup
GdipMeasureString
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipDrawImageRect
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipLoadImageFromStream
GdipBitmapGetPixel
GdipDrawImageRectRect

ole32

CreateStreamOnHGlobal
CLSIDFromString

wininet

InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetSetCookieA
InternetReadFile
HttpQueryInfoA
InternetOpenA

psapi

GetModuleFileNameExA
EnumProcessModules

shell32

ShellExecuteA

gdi32

GetStockObject
GetObjectA
GetTextExtentPoint32W
GetDIBits
GetObjectW
DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateRoundRectRgn
BitBlt
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps

imm32

ImmGetContext
ImmAssociateContext
ImmGetCompositionStringA
ImmReleaseContext

comctl32

ImageList_GetIconSize
ImageList_GetIcon
ord17

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

Sections

.text
Size: 464KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

@p��u�
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

64abd7860c682bff85bff8701e3328c5

Headers

File Characteristics

Imports

kernel32

advapi32

dbghelp

shlwapi

user32

gdiplus

ole32

wininet

psapi

shell32

gdi32

imm32

comctl32

winspool.drv

Sections

.text Size: 464KB - Virtual size: 462KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 80KB - Virtual size: 157KB

.rsrc Size: 100KB - Virtual size: 99KB

@p���u� Size: 20KB - Virtual size: 20KB

.text
Size: 464KB - Virtual size: 462KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 80KB - Virtual size: 157KB

.rsrc
Size: 100KB - Virtual size: 99KB

@p��u�
Size: 20KB - Virtual size: 20KB