blackmoon | a6d464e642e9a595848cc2700d0239c6797ca46f60ce2934e411381a2150c977

Sharing

Copy URL Twitter E-mail

General

Target

a6d464e642e9a595848cc2700d0239c6797ca46f60ce2934e411381a2150c977
Size

21.0MB
MD5

09368d89cb8b693a43822277821a7739
SHA1

d13c394a31f7bdca490cafdf915822969f4b4eb6
SHA256

a6d464e642e9a595848cc2700d0239c6797ca46f60ce2934e411381a2150c977
SHA512

a2532545891137b5098d63a951d0f047ad02bbd1155a27a8269d3f8a250408cc2a4e72a50fe5afe56a9d31c64bf410c609a49b9f87dca186546c96d14657aa4c
SSDEEP

393216:k1CxCyju+nB0MKDYcaYgexMbrCUlT+Bh1:u2ZquBODJaY7MiUw3

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6d464e642e9a595848cc2700d0239c6797ca46f60ce2934e411381a2150c977

Files

a6d464e642e9a595848cc2700d0239c6797ca46f60ce2934e411381a2150c977
.exe windows:4 windows x86 arch:x86

51d042ea4fd152620371b93c57879d33

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendStringA

kernel32

GetEnvironmentStrings
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
MultiByteToWideChar
LocalAlloc
CreateDirectoryW
LocalFree
FindFirstFileW
FindClose
GetCurrentProcessId
GetLocalTime
lstrlenA
IsBadCodePtr
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
SetFilePointer
Sleep
lstrcpyA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
GetTimeZoneInformation
GetVersion
GetTickCount
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
RtlMoveMemory
GlobalDeleteAtom
WaitForSingleObject
MulDiv
FlushFileBuffers
lstrcpynA
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
RaiseException
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
lstrcmpA
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
IsBadReadPtr
lstrlenW
RtlZeroMemory
GetCurrentProcess
OpenProcess
TerminateProcess
DeleteFileA
WideCharToMultiByte
CreateThread
GetDiskFreeSpaceExA
CreateWaitableTimerA
SetWaitableTimer
GetExitCodeThread
TerminateThread
GetTempPathW
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetProcessHeap
HeapAlloc
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
HeapFree
LCMapStringA
LoadLibraryA
GetCommandLineA
GetFileSize
ReadFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
SetFileAttributesA
CreateFileA
WriteFile
GetModuleFileNameA
HeapReAlloc
HeapDestroy
HeapCreate
lstrcmpW
lstrcmpiW
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
IsDialogMessageA
SendDlgItemMessageA
GetMenuItemCount
GetDlgCtrlID
EndDialog
CreateDialogIndirectParamA
DestroyWindow
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
GetMenu
GetSubMenu
GetMenuItemID
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
DefWindowProcA
GetMessageTime
RegisterClipboardFormatA
GetMessagePos
RegisterWindowMessageA
IsIconic
GetWindowPlacement
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
SetCursor
PostMessageA
PostQuitMessage
SetWindowTextA
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetWindowTextA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
GetDC
ReleaseDC
FindWindowA
GetClassNameA
SendMessageA
GetWindowRect
GetSystemMetrics
SetForegroundWindow
SetActiveWindow
GetActiveWindow
IsWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
SetWindowPos
SetFocus
RegisterClassA
GetCursorPos
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
PostMessageW
LoadCursorW
LoadCursorFromFileW
SetTimer
CallWindowProcA
MsgWaitForMultipleObjects
CloseWindow
FindWindowExA
SetWindowLongA
GetWindowThreadProcessId

shell32

SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathW

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoRevokeClassObject

shlwapi

PathFindFileNameA
PathFindExtensionA
StrToIntExW
StrToIntW
PathFileExistsA
PathIsDirectoryW

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
GetObjectA
GetStockObject
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
DeleteObject
DeleteDC
SelectObject
ScaleViewportExtEx

oleaut32

SystemTimeToVariantTime
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData

oledlg

ord8

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

ws2_32

select
recv
send
WSACleanup
WSAStartup
closesocket

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetCloseHandle

rasapi32

RasGetConnectStatusA
RasHangUpA

Sections

.text
Size: 540KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9.4MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

51d042ea4fd152620371b93c57879d33

Headers

File Characteristics

Imports

winmm

kernel32

user32

shell32

ole32

shlwapi

gdi32

oleaut32

oledlg

advapi32

ws2_32

winspool.drv

comctl32

wininet

rasapi32

Sections

.text Size: 540KB - Virtual size: 538KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 9.4MB - Virtual size: 9.6MB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 540KB - Virtual size: 538KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 9.4MB - Virtual size: 9.6MB

.rsrc
Size: 8KB - Virtual size: 5KB