blackmoon | 98c8a5a62b9662413d856682eee863cafd703024384aed755edfa9237970514f

Sharing

Copy URL Twitter E-mail

General

Target

98c8a5a62b9662413d856682eee863cafd703024384aed755edfa9237970514f
Size

2.1MB
MD5

c1a5eab819ebbf34ccf66df22edccbf4
SHA1

ca9a3840af492943f6ae947906e318bcdaec54bf
SHA256

98c8a5a62b9662413d856682eee863cafd703024384aed755edfa9237970514f
SHA512

74b460615194cf8b89076c82f12de5fdb099f7cea4f6926685bd4f115bfd30942c9dd64e0cee74d25b90ed13a1f8e4a546c6d274c39127df6d6832800e09d9ca
SSDEEP

24576:+axe4WBlq+JdaawrnvRkCg/wlrIPJAYmOy3XQGV7088ezjQk3KCHBIZo40Q5Gv5q:+a44N+Ih2CUc3XhH3KChVQl

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98c8a5a62b9662413d856682eee863cafd703024384aed755edfa9237970514f

Files

98c8a5a62b9662413d856682eee863cafd703024384aed755edfa9237970514f
.exe windows:4 windows x86 arch:x86

2103a05c91316fe214c6da749e700f2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleInputA
SetConsoleMode
GetConsoleMode
LoadLibraryA
FreeLibrary
GetEnvironmentVariableA
GlobalAlloc
GlobalLock
GlobalFree
MultiByteToWideChar
SetFileAttributesA
DeleteFileA
GetModuleFileNameA
LCMapStringA
ReadConsoleA
GetStdHandle
WriteFile
GetFileSize
ReadFile
GetTickCount
IsBadReadPtr
HeapReAlloc
ExitProcess
GetCommandLineA
QueryDosDeviceA
GetLogicalDriveStringsA
TerminateProcess
GlobalSize
lstrcpyn
GlobalUnlock
RtlMoveMemory
GetSystemDirectoryA
GetTempPathA
RtlZeroMemory
HeapFree
GetProcessHeap
DeviceIoControl
MoveFileExA
GetLastError
CreateFileA
HeapDestroy
HeapAlloc
HeapCreate
ReleaseMutex
GetSystemInfo
CreateMutexA
CreateEventA
Sleep
VirtualProtect
CreateThread
Module32First
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
GetProcAddress
WideCharToMultiByte
GetModuleHandleA
InterlockedExchange
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
VirtualAlloc
VirtualFree
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetWindowsDirectoryA
GetVersionExA
GetCurrentProcess
MulDiv
lstrcatA
lstrcpyA
SetErrorMode
lstrcpynA
GetCurrentThreadId
LocalAlloc
LocalFree
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
GetVersion
SetLastError
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetProcessVersion
lstrcmpA
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
SetFilePointer
FlushFileBuffers
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter

gdi32

SelectObject
CreateSolidBrush
CreateDIBSection
BitBlt
GetDIBits
CreateDIBitmap
GetStockObject
GetTextExtentPoint32A
CreateBitmap
GetCurrentObject
StretchBlt
Rectangle
GetObjectA
RestoreDC
SaveDC
DeleteDC
SetBkColor
SetTextColor
GetClipBox
CreateFontA
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateCompatibleDC
SetMapMode
TranslateCharsetInfo
GetDeviceCaps
DeleteObject

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA
DeleteService
OpenServiceA
ControlService
CloseServiceHandle
OpenSCManagerA

user32

GetWindowThreadProcessId
IsWindowVisible
GetClassNameA
SetLayeredWindowAttributes
GetWindowInfo
EnumWindows
GetWindowTextA
GetCursorPos
SendMessageA
MoveWindow
GetForegroundWindow
GetAsyncKeyState
MessageBoxTimeoutW
UnhookWinEvent
MapVirtualKeyA
AttachThreadInput
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetSystemMetrics
wsprintfA
MessageBoxA
GetMenuStringA
GetMenuItemID
GetSubMenu
GetMenu
GetScrollInfo
GetLastActivePopup
EnableWindow
DrawIconEx
ChildWindowFromPointEx
GetDlgItem
IsZoomed
FindWindowExA
SwitchToThisWindow
SetActiveWindow
WindowFromPoint
GetMenuBarInfo
GetAncestor
GetWindowRect
RedrawWindow
EnableMenuItem
IsWindowEnabled
ShowWindow
IsIconic
WindowFromDC
EnumDisplaySettingsA
ReleaseDC
GetWindowDC
DrawIcon
GetCursorInfo
FillRect
GetDC
SetWindowPos
SetWinEventHook
SendInput
SetKeyboardState
GetParent
SetForegroundWindow
CallWindowProcA
CreateWindowExA
GetSysColor
LoadBitmapA
RegisterHotKey
ReleaseCapture
ScreenToClient
SetCapture
SetWindowLongA
UnregisterHotKey
SetWindowsHookExA
CallNextHookEx
GetKeyState
UnhookWindowsHookEx
LoadStringA
GetNextDlgTabItem
GetFocus
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
GetWindowPlacement
SystemParametersInfoA
RegisterWindowMessageA
GetWindowLongA
GetWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
DestroyWindow
GetDlgCtrlID
GetMenuItemCount
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal

wsock32

WSACleanup

shell32

SHAppBarMessage
DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderPathA

shlwapi

PathIsDirectoryA
PathFileExistsA
PathFindFileNameA

gdiplus

GdipGetImageHeight
GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipDrawImageRectRect
GdipCreateBitmapFromStream
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageWidth
GdipFillRectangle
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext

oleaut32

VariantTimeToSystemTime

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_BeginDrag

Sections

.text
Size: 940KB - Virtual size: 936KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2103a05c91316fe214c6da749e700f2b

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

user32

ole32

wsock32

shell32

shlwapi

gdiplus

oleaut32

winspool.drv

comctl32

Sections

.text Size: 940KB - Virtual size: 936KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 1.1MB - Virtual size: 1.2MB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 940KB - Virtual size: 936KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 1.1MB - Virtual size: 1.2MB

.rsrc
Size: 4KB - Virtual size: 664B