blackmoon | 19ad8c25abed4df4673f9665c8a98f136931094773a1402eb2632bb4cc98f33f

Sharing

Copy URL Twitter E-mail

General

Target

19ad8c25abed4df4673f9665c8a98f136931094773a1402eb2632bb4cc98f33f
Size

4.2MB
MD5

75f7e311bbc8ec32e58db2bdec1f4019
SHA1

5c29293a408abeb66d7bd905b828a3513f125708
SHA256

19ad8c25abed4df4673f9665c8a98f136931094773a1402eb2632bb4cc98f33f
SHA512

1efbe9d7acc82264d15a3bddb2f6619992f5cbaff0535475e578a903f338d2a2bc940471554eed34d6a48562ca4fcfbec2751a72a8455e66fd185e5b1a842c65
SSDEEP

49152:zwXIWK4QpAosr0GLtwrVHcmUlnNuN6UVc2de+69TbgdjMDinb69msfNV/g8S1:gosrLLtwNcm0nENVFde+cIjMDogNVP

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19ad8c25abed4df4673f9665c8a98f136931094773a1402eb2632bb4cc98f33f

Files

19ad8c25abed4df4673f9665c8a98f136931094773a1402eb2632bb4cc98f33f
.dll windows:4 windows x86 arch:x86

f030032de3b35d933e2c3fc057862995

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
VirtualQuery
SetStdHandle
GetStringTypeW
InterlockedCompareExchange
InterlockedExchange
HeapAlloc
CreatePipe
CreateFileA
CopyFileA
lstrlenA
lstrlenW
GetCurrentProcess
GetStringTypeA
GetModuleHandleA
VirtualFreeEx
MultiByteToWideChar
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
CreateThread
lstrcpyn
GetFileAttributesA
GetLocaleInfoA
GetProcAddress
LoadLibraryA
RtlMoveMemory
SetHandleCount
GetStdHandle
ReadFile
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
IsBadCodePtr
GetEnvironmentStringsW
IsBadWritePtr
Sleep
LCMapStringW
SetUnhandledExceptionFilter
HeapFree
TlsGetValue
CreateProcessA
IsBadStringPtrA
LocalFree
LocalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
DeleteCriticalSection
GlobalHandle
TlsFree
GlobalReAlloc
LocalReAlloc
InterlockedDecrement
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetVersion
MulDiv
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
FlushFileBuffers
SetEndOfFile
GetStringTypeExA
GetCPInfo
GetOEMCP
PeekNamedPipe
GetFileType
RtlUnwind
RaiseException
TerminateProcess
HeapSize
GetACP
GetExitCodeProcess
GetEnvironmentStrings
VirtualAlloc
VirtualFree
GetModuleFileNameA
VirtualProtect
WriteFile
TlsAlloc
GetProcessHeap
TlsSetValue
GetCurrentProcessId
GetEnvironmentVariableA
SetEnvironmentVariableA
GlobalAlloc
FreeLibrary
WideCharToMultiByte
HeapCreate
HeapDestroy
GlobalFree
ExitProcess
HeapReAlloc
IsBadReadPtr
SetFilePointer
GetTickCount
FindNextFileA
FindFirstFileA
FindClose
GetUserDefaultLCID
GlobalUnlock
GlobalLock
GetVersionExA
GetFileSize
DeleteFileA
GetCommandLineA
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
CloseHandle
IsBadCodePtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
SetEnvironmentVariableA
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
TerminateProcess
RaiseException
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
InterlockedIncrement
SuspendThread
ReleaseMutex
CreateMutexA
GetVersion
IsBadReadPtr
VirtualAlloc
VirtualFree
VirtualQuery
TerminateThread
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
SetStdHandle
GetFileAttributesA
FreeEnvironmentStringsW
LCMapStringW
LCMapStringA
CloseHandle
WaitForSingleObject
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA

user32

GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
GrayStringA
GetClientRect
AdjustWindowRectEx
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
GetNextDlgTabItem
SendDlgItemMessageA
GetClassNameA
SetWindowLongA
PeekMessageA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
PostQuitMessage
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
UnregisterClassA
UnhookWindowsHookEx
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
IsWindow
SetActiveWindow
IsDialogMessageA
GetDlgItem
SetWindowPos
GetSysColor
MapWindowPoints
ShowWindow
UpdateWindow
LoadIconA
SetFocus
LoadCursorA
MessageBoxA
GetFocus
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetSysColorBrush
LoadStringA
UnregisterClassA
GetDesktopWindow
GetClassNameA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
RegisterClassA
CreateWindowExA
GetClassLongA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
GetWindowPlacement
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
EndPaint
BeginPaint
CharUpperA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetMenuState
GetTabbedTextExtentA
GrayStringA
TabbedTextOutA
WindowFromDC
EnumChildWindows
GetWindowDC
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
GetPropA
MoveWindow
CallWindowProcA
SetPropA
DrawTextA
GetCursor
DrawStateA
FrameRect
GetNextDlgTabItem
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
TrackPopupMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DeleteMenu

ole32

CoCreateInstance
OleIsCurrentClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CLSIDFromProgID
CoRevokeClassObject
CLSIDFromString
CLSIDFromProgID
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
OleInitialize
OleUninitialize
CLSIDFromString
OleFlushClipboard
OleRun

shlwapi

PathFindExtensionA
PathFindFileNameA
StrTrimA
PathFileExistsA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
DragQueryFileA
Shell_NotifyIconA
ShellExecuteA

wininet

InternetTimeToSystemTime

dbghelp

MakeSureDirectoryPathExists

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
CryptAcquireContextA
CryptImportKey
CryptReleaseContext
CryptExportKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptEncrypt
CryptGetKeyParam
CryptDestroyKey
CryptSetKeyParam
CryptDecrypt
RegCreateKeyExA
RegQueryValueA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

winhttp

WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpWriteData
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSetCredentials

crypt32

CryptImportPublicKeyInfo
CryptDecodeObjectEx
CertCloseStore
CertFreeCertificateContext
CryptStringToBinaryA

gdi32

DeleteObject
SetBkColor
RestoreDC
SaveDC
DeleteDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetObjectA
SetTextColor
CreateBitmap
GetStockObject
SelectObject
GetTextMetricsA
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
Escape
ExtTextOutA
RectVisible
PtVisible
CreatePenIndirect
RestoreDC
SaveDC
SetWindowOrgEx
SetDIBitsToDevice
SetTextColor
SetBkMode
TextOutA
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetPixel
ExtCreateRegion
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBrushIndirect
CreateHatchBrush
CreateBitmap
CreatePatternBrush
SelectObject
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
SetPixelV
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA
DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17
_TrackMouseEvent
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_Draw
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create
ImageList_Duplicate
ImageList_DrawIndirect
ImageList_Read

oledlg

ord8

oleaut32

SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantClear
SysAllocString
VariantCopy
SafeArrayDestroy
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
VariantChangeType
SysFreeString
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
VarR8FromCy
VariantTimeToSystemTime
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA
AVIStreamGetFrame

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutRestart
PlaySoundA
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
midiStreamOut

msimg32

GradientFill

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

ws2_32

inet_ntoa
WSACleanup
closesocket
WSAAsyncSelect
recvfrom
ioctlsocket
recv
getpeername
accept
ntohl

wldap32

ord29

Exports

Exports

AppInfov
EvenmenuA
EvenmenuB
EventCollection
EventDisable
EventEnable
EventFriendReq
EventGroupAdmin
EventGroupMemberDecrease
EventGroupMemberIncrease
EventGroupMsg
EventOfficialMsg
EventPluginIns
EventPrivateMsg
EventSendMsg
EventSysMsg
EventUninstall
EventWithdrawn
Initializev

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 732KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f030032de3b35d933e2c3fc057862995

Headers

File Characteristics

Imports

kernel32

user32

ole32

shlwapi

shell32

wininet

dbghelp

advapi32

winhttp

crypt32

gdi32

winspool.drv

comctl32

oledlg

oleaut32

msvfw32

avifil32

winmm

msimg32

comdlg32

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 296KB - Virtual size: 294KB

.data Size: 732KB - Virtual size: 1.0MB

.rsrc Size: 24KB - Virtual size: 20KB

.reloc Size: 176KB - Virtual size: 173KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 296KB - Virtual size: 294KB

.data
Size: 732KB - Virtual size: 1.0MB

.rsrc
Size: 24KB - Virtual size: 20KB

.reloc
Size: 176KB - Virtual size: 173KB