blackmoon | c75023a61b3a993c21988305ea71bb481bbd97d0f3bd28bfebd0f5a963a84219

Sharing

Copy URL Twitter E-mail

General

Target

c75023a61b3a993c21988305ea71bb481bbd97d0f3bd28bfebd0f5a963a84219
Size

4.3MB
MD5

674fc7e35ed1550d41ca3baf9179f01f
SHA1

75da230056c452571ebb7647c726d62420eb0767
SHA256

c75023a61b3a993c21988305ea71bb481bbd97d0f3bd28bfebd0f5a963a84219
SHA512

5e2f68850c1e95071d2e8c628ab78c6a6325909656e15003021482f305434fec94980582d2d090ace0a7e2058054f6a5a0347047b681fff0c198b4652cfd7a9f
SSDEEP

49152:HCQZaqFEv2omr0BNNQMniaL1RBST1W6nz6pjJmsIWoeF0FLtBRIY0ZzF69AiSxsc:BZalE01QaiaLzOW6m3F+tjAjXhx7b

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c75023a61b3a993c21988305ea71bb481bbd97d0f3bd28bfebd0f5a963a84219

Files

c75023a61b3a993c21988305ea71bb481bbd97d0f3bd28bfebd0f5a963a84219
.dll windows:4 windows x86 arch:x86

7fc7f6642b142b102d988aeff35ade4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetWindowTextA
GetDlgCtrlID
UnregisterClassA
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PostQuitMessage
SendDlgItemMessageA
IsDialogMessageA
GetParent
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetWindowTextA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
ReleaseDC
FindWindowA
GetMenuItemCount
GetSystemMetrics
UnregisterHotKey
SetWindowLongA
SetCapture
SendMessageA
ScreenToClient
ReleaseCapture
RegisterHotKey
LoadBitmapA
GetSysColor
GetDC
GetCursorPos
CreateWindowExA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
SetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
CopyRect
GetClientRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
FindWindowExA
SendMessageTimeoutA
RegisterWindowMessageA
GetGUIThreadInfo
GetWindowThreadProcessId
GetWindowRect
DestroyMenu
IsWindow
GetForegroundWindow
PostMessageA
EnumChildWindows
wvsprintfA
CallWindowProcA
GetClassNameA
GetTopWindow

kernel32

OpenFileMappingA
MapViewOfFile
RtlMoveMemory
CloseHandle
LoadLibraryA
GetProcAddress
lstrcpyn
GetModuleHandleA
GetModuleFileNameA
lstrcpynA
GetLocalTime
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
GlobalFree
MultiByteToWideChar
GetCurrentProcessId
GetCurrentProcess
DeviceIoControl
FreeLibrary
GetCommandLineA
SetFilePointer
GetVersionExA
WideCharToMultiByte
WriteFile
GetPrivateProfileStringA
Sleep
WritePrivateProfileStringA
GetTickCount
CreateFileA
GetFileSize
ReadFile
LCMapStringA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
ReadProcessMemory
SetProcessWorkingSetSize
UnmapViewOfFile
VirtualFreeEx
CreateFileMappingA
VirtualAllocEx
VirtualProtectEx
VirtualQueryEx
CreateProcessA
OpenProcess
TerminateProcess
VirtualFree
VirtualAlloc
Beep
GetCurrentThread
CreateThread
InterlockedExchange
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
LCMapStringW
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
FlushFileBuffers
LocalFree
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThreadId
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersion
FindResourceA
LoadResource
LockResource
SetLastError
lstrlenA
MulDiv
lstrcatA
lstrcpyA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLastError

gdi32

GetDeviceCaps
TranslateCharsetInfo
DeleteDC
SelectObject
GetNearestPaletteIndex
CreateDIBitmap
DeleteObject
CreateBitmap
SaveDC
RestoreDC
SetBkColor
GetObjectA
GetStockObject
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateFontA
CreatePalette

winmm

timeGetTime

ws2_32

WSAStartup
socket
htons
inet_addr
sendto

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegCreateKeyExA

ole32

OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoInitialize
CoUninitialize

atl

ord42

oleacc

ObjectFromLresult

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VarR8FromBool
VarR8FromCy

shell32

DragQueryFileA
DragFinish
DragAcceptFiles

comctl32

ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_BeginDrag
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_DragMove
ImageList_Add

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Exports

Exports

BT��
DLL�ӿ�
��_��Ƿ��Ч
��_ȡ��
�ͻ��˻ص��ο�
��
�߳�_��ʼ��COM��
�߳�_ȡ��COM��
ָ�뻹ԭ
ָ��ת��

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 596KB - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fc7f6642b142b102d988aeff35ade4a

Headers

File Characteristics

Imports

user32

kernel32

gdi32

winmm

ws2_32

advapi32

ole32

atl

oleacc

oledlg

oleaut32

shell32

comctl32

winspool.drv

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 596KB - Virtual size: 774KB

.vmp0 Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 92KB - Virtual size: 89KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 596KB - Virtual size: 774KB

.vmp0
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 92KB - Virtual size: 89KB

.rsrc
Size: 4KB - Virtual size: 664B