blackmoon | 0c925216e492aa4d53dd434a2250349916f5f3415c7ccf32b9cc9dd38535759f

Sharing

Copy URL Twitter E-mail

General

Target

0c925216e492aa4d53dd434a2250349916f5f3415c7ccf32b9cc9dd38535759f
Size

324KB
MD5

61ae473cd93666a40558909e619f8dd5
SHA1

52ee0596818c408cf4372b5cc3aaf03081886454
SHA256

0c925216e492aa4d53dd434a2250349916f5f3415c7ccf32b9cc9dd38535759f
SHA512

c0f062a2cbd527d9a864c9926574a456972d07b9ef49c142703a9edabc7c6cecfc3f7e6ac1d330e3ec24af969539833ee328428ffbd340d166b05b737fdfdd5b
SSDEEP

3072:DyywcpdT2u42TMwEaPHzFvn2UykjAJ8kStJpmWLt:DScj6uFEaPHzFvjAFyJ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c925216e492aa4d53dd434a2250349916f5f3415c7ccf32b9cc9dd38535759f

Files

0c925216e492aa4d53dd434a2250349916f5f3415c7ccf32b9cc9dd38535759f
.dll windows:4 windows x86 arch:x86

13890eeb7c7a00958f68f1108caa78d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA
StrDupW
wvnsprintfA

ws2_32

WSAStartup

kernel32

GetProcAddress
LCMapStringA
GetCommandLineA
WriteFile
CreateFileA
GetFileSize
ReadFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
Sleep
FindFirstFileA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
IsBadReadPtr
HeapReAlloc
ExitProcess
HeapCreate
VirtualProtect
GetTickCount
lstrcmpA
MulDiv
HeapDestroy
RtlZeroMemory
lstrlenW
GetProcessHeap
HeapAlloc
VirtualAlloc
RtlMoveMemory
HeapFree
InterlockedDecrement
InterlockedIncrement
CreateThread
GetModuleHandleA
CloseHandle
LocalFree
LocalAlloc
OpenProcess
GetCurrentProcess
GetSystemDirectoryA
CreateRemoteThread
LoadLibraryA
GetTempPathA
GetModuleFileNameA
MoveFileA
CreateDirectoryA
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualFree
IsDebuggerPresent
FreeLibrary
lstrcmpiA
GetVersionExA
GetEnvironmentVariableA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
GlobalAlloc
GlobalLock
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA
GetVersion
GlobalFlags
WritePrivateProfileStringA
WideCharToMultiByte
MultiByteToWideChar
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP
RtlUnwind
TerminateProcess
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW

user32

GetWindowThreadProcessId
SetTimer
KillTimer
LoadIconA
LoadCursorA
FindWindowExA
IsWindow
GetClassNameA
GetWindowTextA
IsWindowVisible
PostMessageA
SetCursor
GetWindowLongA
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
UnhookWindowsHookEx
UnregisterClassA
PtInRect
GetDlgCtrlID
GetWindow
ClientToScreen
GetMenuItemCount
TabbedTextOutA
DrawTextA
GrayStringA
CreateWindowStationA
GetDlgItem
SetWindowLongA
SetWindowPos
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
MapWindowPoints
LoadStringA
DestroyMenu
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
PostQuitMessage
UnregisterClassW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
GetWindowTextLengthA
SendMessageA
SetWindowTextA
InvalidateRect
SetLayeredWindowAttributes
EnableWindow
IsWindowEnabled
CreateWindowExW
SystemParametersInfoA
AdjustWindowRectEx
TrackMouseEvent
PrintWindow
DrawTextW
GetClientRect
GetWindowTextLengthW
GetSysColorBrush
GetSysColor
MoveWindow
GetWindowLongW
ScreenToClient
GetParent
GetWindowRect
SendMessageW
DestroyWindow
ShowWindow
SetWindowLongW
DefWindowProcW
ReleaseDC
GetDC
RegisterClassW

gdi32

CreateBitmap
CreateSolidBrush
StretchBlt
SetStretchBltMode
GetObjectA
CreateCompatibleBitmap
DeleteDC
DeleteObject
BitBlt
CreateDIBSection
CreateCompatibleDC
SelectObject
SetBkMode
SetBkColor
SetTextColor
GetDeviceCaps
GetStockObject
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetSpecialFolderLocation
DragQueryFileW
DragFinish
SHGetSpecialFolderPathA
SHGetPathFromIDListA

comctl32

InitCommonControlsEx
ord17

ole32

CLSIDFromString

gdiplus

GdipGetImageHeight
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipDeleteBrush
GdipFillRectangle
GdipCreateTexture
GdipGraphicsClear
GdipCreateFromHDC
GdiplusStartup
GdipGetImageWidth
GdipDrawImageRectRect
GdipDeleteGraphics

atl

ord11
ord42

uxtheme

DrawThemeParentBackground

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

Exports

Exports

DirectInput8Create

Sections

.text
Size: 260KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13890eeb7c7a00958f68f1108caa78d7

Headers

File Characteristics

Imports

shlwapi

ws2_32

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

gdiplus

atl

uxtheme

winspool.drv

Exports

Exports

Sections

.text Size: 260KB - Virtual size: 256KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 24KB - Virtual size: 83KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 260KB - Virtual size: 256KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 24KB - Virtual size: 83KB

.reloc
Size: 16KB - Virtual size: 14KB