blackmoon | cbe7c05503f59b8abdef0fc96f29f88b125c0fecbbf1369272bd4e370065534b

Sharing

Copy URL Twitter E-mail

General

Target

cbe7c05503f59b8abdef0fc96f29f88b125c0fecbbf1369272bd4e370065534b
Size

4.3MB
MD5

61a980ead703df95966eb012c71331a5
SHA1

51212a6687a691133023694777dad7a033b081f8
SHA256

cbe7c05503f59b8abdef0fc96f29f88b125c0fecbbf1369272bd4e370065534b
SHA512

7a0f4cf68ef3ee21ded982c488b90d378e3da787bd5ba4edc1bc0f70d5a8464f8782ce9ba9370e2bd587f291ae24e39c1d3e6af8e5d24441bfb9b44c0c52f672
SSDEEP

98304:8Ed1WUsNtpVRPiaLQOW6OsxY8lxey0QX2tiw:8Er2NDVRnWoxY8TZJ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbe7c05503f59b8abdef0fc96f29f88b125c0fecbbf1369272bd4e370065534b

Files

cbe7c05503f59b8abdef0fc96f29f88b125c0fecbbf1369272bd4e370065534b
.dll windows:4 windows x86 arch:x86

4734585baada8f890ddd57748e0e8672

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetWindowTextA
GetDlgCtrlID
UnregisterClassA
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PostQuitMessage
SendDlgItemMessageA
IsDialogMessageA
GetParent
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetWindowTextA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
ReleaseDC
FindWindowA
GetMenuItemCount
GetSystemMetrics
UnregisterHotKey
SetWindowLongA
SetCapture
SendMessageA
ScreenToClient
ReleaseCapture
RegisterHotKey
LoadBitmapA
GetSysColor
GetDC
GetCursorPos
CreateWindowExA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
SetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
CopyRect
GetClientRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
FindWindowExA
SendMessageTimeoutA
RegisterWindowMessageA
GetGUIThreadInfo
GetWindowThreadProcessId
GetWindowRect
DestroyMenu
IsWindow
GetForegroundWindow
PostMessageA
EnumChildWindows
wvsprintfA
CallWindowProcA
GetClassNameA
GetTopWindow

kernel32

OpenFileMappingA
MapViewOfFile
RtlMoveMemory
CloseHandle
LoadLibraryA
GetProcAddress
lstrcpyn
GetModuleHandleA
GetModuleFileNameA
lstrcpynA
GetLocalTime
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
GlobalFree
MultiByteToWideChar
GetCurrentProcessId
GetCurrentProcess
DeviceIoControl
FreeLibrary
GetCommandLineA
SetFilePointer
GetVersionExA
WideCharToMultiByte
WriteFile
Sleep
WritePrivateProfileStringA
CreateFileA
GetFileSize
ReadFile
GetPrivateProfileStringA
GetTickCount
LCMapStringA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
VirtualFree
VirtualAlloc
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
ReadProcessMemory
SetProcessWorkingSetSize
UnmapViewOfFile
VirtualFreeEx
CreateFileMappingA
VirtualAllocEx
VirtualProtectEx
VirtualQueryEx
CreateProcessA
OpenProcess
TerminateProcess
Beep
GetCurrentThread
CreateThread
InterlockedExchange
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
LCMapStringW
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
FlushFileBuffers
LocalFree
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThreadId
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersion
FindResourceA
LoadResource
LockResource
SetLastError
lstrlenA
MulDiv
lstrcatA
lstrcpyA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLastError

gdi32

GetDeviceCaps
TranslateCharsetInfo
DeleteDC
SelectObject
GetNearestPaletteIndex
CreateDIBitmap
DeleteObject
CreateBitmap
SaveDC
RestoreDC
SetBkColor
GetObjectA
GetStockObject
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateFontA
CreatePalette

winmm

timeGetTime

ws2_32

WSAStartup
socket
htons
inet_addr
sendto

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegCreateKeyExA

ole32

OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoInitialize
CoUninitialize

atl

ord42

oleacc

ObjectFromLresult

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VarR8FromBool
VarR8FromCy

shell32

DragQueryFileA
DragFinish
DragAcceptFiles

comctl32

ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_BeginDrag
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_DragMove
ImageList_Add

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Exports

Exports

BT��
DLL�ӿ�
��_��Ƿ��Ч
��_ȡ��
�ͻ��˻ص��ο�
��
�߳�_��ʼ��COM��
�߳�_ȡ��COM��
ָ�뻹ԭ
ָ��ת��

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 596KB - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4734585baada8f890ddd57748e0e8672

Headers

File Characteristics

Imports

user32

kernel32

gdi32

winmm

ws2_32

advapi32

ole32

atl

oleacc

oledlg

oleaut32

shell32

comctl32

winspool.drv

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 596KB - Virtual size: 774KB

.vmp0 Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 92KB - Virtual size: 89KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 596KB - Virtual size: 774KB

.vmp0
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 92KB - Virtual size: 89KB

.rsrc
Size: 4KB - Virtual size: 664B