blackmoon | 44894c60225a4db87d2449ccbf02eceecb89e25548c02dcc9c806344f7c6d047

Sharing

Copy URL Twitter E-mail

General

Target

44894c60225a4db87d2449ccbf02eceecb89e25548c02dcc9c806344f7c6d047
Size

3.8MB
MD5

94d3e3bae05997968c4616643e172251
SHA1

01af578d5e14d4b2eb9e3187e7ce0c3d98dba086
SHA256

44894c60225a4db87d2449ccbf02eceecb89e25548c02dcc9c806344f7c6d047
SHA512

b489b8d974c4775a6b4c2a3e973c3bf58de1ee90c21109aa5dda341b21f06678e8972f168b7abbeda445dbbab959dbc4369e14e9a66ca34bff28e8e25d901dbc
SSDEEP

49152:rl8K5+Xu2YR2dsVxKVRma5fN3VBBTvbDnb69mLlNV/6:6pXu2VsVxcRm6n3bLTNVS

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44894c60225a4db87d2449ccbf02eceecb89e25548c02dcc9c806344f7c6d047

Files

44894c60225a4db87d2449ccbf02eceecb89e25548c02dcc9c806344f7c6d047
.exe windows:4 windows x86 arch:x86

8811a93e3b08e12d34a0170d903810cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeExA
SetEndOfFile
IsBadCodePtr
HeapFree
GetProcessHeap
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
SetHandleCount
IsBadStringPtrA
RtlUnwind
RaiseException
TerminateProcess
HeapSize
GetACP
TlsAlloc
FlushFileBuffers
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetVersion
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetEnvironmentVariableA
SetEnvironmentVariableA
GlobalAlloc
FreeLibrary
HeapCreate
HeapDestroy
WideCharToMultiByte
lstrlenA
SetLastError
InterlockedIncrement
WritePrivateProfileStringA
GlobalFlags
MulDiv
RtlMoveMemory
LocalFree
LocalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
DeleteCriticalSection
GlobalHandle
TlsFree
GlobalReAlloc
LocalReAlloc
InterlockedDecrement
SetErrorMode
lstrcatA
lstrcpyA
CopyFileA
GlobalAddAtomA
GetFileAttributesA
CreatePipe
CreateProcessA
CloseHandle
PeekNamedPipe
GlobalFindAtomA
ReadFile
IsBadWritePtr
Sleep
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStdHandle
GetWindowsDirectoryA
lstrcpynA
GetSystemDirectoryA
GetLastError
GetLocaleInfoA
GetTempPathA
lstrcpyn
CreateThread
GetStringTypeW
SetStdHandle
VirtualQuery
GetSystemInfo
InterlockedCompareExchange
InterlockedExchange
GetExitCodeProcess
lstrlenW
GetCurrentProcess
VirtualFreeEx
CreateFileA
HeapAlloc
VirtualAlloc
VirtualFree
MultiByteToWideChar
GetModuleFileNameA
VirtualProtect
WriteFile
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
GetCommandLineA
GetVersionExA
DeleteFileA
GetFileSize
GlobalLock
GlobalUnlock
GetUserDefaultLCID
FindClose
FindFirstFileA
FindNextFileA
SetFilePointer
GetTickCount
IsBadReadPtr
HeapReAlloc
ExitProcess
GlobalFree
IsBadWritePtr
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
GetEnvironmentVariableA
GetFileType
GetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadCodePtr
SetStdHandle
IsBadReadPtr
GetTempPathW
CreateFileW
SetFilePointer
GetFileSize
GetCurrentProcess
TerminateProcess
DeleteFileW
GetVersionExW
LoadLibraryW
VirtualQuery
GetModuleHandleW
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WaitForMultipleObjects
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
ExitProcess
GlobalSize
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
GetLastError
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
FindFirstFileA
FindClose
GetFileAttributesA
SetCurrentDirectoryA
GetVolumeInformationA
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
VirtualFree
LoadLibraryA
VirtualAlloc
lstrcpynA
WriteFile
ReadFile
GetFileSizeEx
CreateFileA
HeapCreate
HeapDestroy
HeapReAlloc
HeapFree
WideCharToMultiByte
lstrlenW
GetCurrentThreadId
lstrcpyn
GetProcessHeap
GetModuleHandleA
GetProcAddress
HeapAlloc
MultiByteToWideChar
GlobalAlloc
GlobalLock
RtlMoveMemory
GlobalUnlock
GlobalFree
lstrcatA
SetHandleCount
Sleep
CreateWaitableTimerA
SetWaitableTimer
CloseHandle

user32

GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
PeekMessageA
GetMessageA
TranslateMessage
GetClientRect
DispatchMessageA
wsprintfA
MessageBoxA
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnhookWindowsHookEx
UnregisterClassA
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
MapWindowPoints
ClientToScreen
SetWindowTextA
GetWindowTextA
GetMenuItemCount
PostQuitMessage
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
GetWindow
EndDialog
RegisterWindowMessageA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
GetWindowDC
CharUpperA
GetWindowTextLengthA
GetWindowTextA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CopyImage
MsgWaitForMultipleObjects
GetCursorInfo
GetIconInfo
GetClipboardData
GetDC
ReleaseDC
BeginPaint
FrameRect
EndPaint
FillRect
GetClassNameA
SetCapture
DrawIcon
SetWindowLongA
CallWindowProcA
wsprintfA
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
IsRectEmpty
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
GetWindowLongA
RedrawWindow
UnregisterClassA
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
GetCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
MessageBoxW
GetDesktopWindow
LoadStringA
GetSysColorBrush
GetClientRect
ReleaseCapture
EnableWindow

dbghelp

MakeSureDirectoryPathExists

shlwapi

PathFindExtensionA
StrTrimA
PathFileExistsA
PathFindFileNameA

wininet

InternetTimeToSystemTime
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA

shell32

SHGetSpecialFolderPathA
ShellExecuteA
DragQueryFileA
Shell_NotifyIconA
ShellExecuteA

ole32

OleUninitialize
CLSIDFromProgID
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoInitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize
CoUninitialize
OleRun
CLSIDFromString
CoCreateInstance
CLSIDFromProgID
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
OleInitialize
OleInitialize
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CLSIDFromString
CreateStreamOnHGlobal

winhttp

WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpWriteData
WinHttpCloseHandle
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpOpen
WinHttpCrackUrl
WinHttpSendRequest
WinHttpReadData
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetCredentials
WinHttpConnect

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
CryptAcquireContextA
CryptImportKey
CryptSetKeyParam
CryptDestroyKey
CryptGetKeyParam
CryptEncrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptExportKey
CryptDecrypt
CryptReleaseContext
CryptHashData
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueA
CryptAcquireContextA
CryptCreateHash
RegCloseKey
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

crypt32

CryptDecodeObjectEx
CertCloseStore
CertFreeCertificateContext
CryptImportPublicKeyInfo
CryptStringToBinaryA

gdi32

RectVisible
PtVisible
TextOutA
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
Escape
GetDeviceCaps
ExtTextOutA
GetObjectA
GetStockObject
CreateBitmap
DeleteObject
DeleteDC
SaveDC
RestoreDC
SetTextColor
SetBkColor
SelectObject
Escape
ExtTextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
DPtoLP
LPtoDP
GetTextMetricsA
Ellipse
StartPage
StartDocA
EndDoc
EndPage
GetStockObject
CreateFontIndirectA
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
CreateBitmap
CreateDCA
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
SetBkMode
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
RealizePalette
SelectPalette
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
CreateFontA
TextOutA
GetPixel
SetTextColor
DeleteObject
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
BitBlt
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateSolidBrush
Rectangle
EndPath

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA
ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17
ord17
ImageList_Destroy

oledlg

ord8

oleaut32

VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysFreeString
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayDestroy
VariantCopy
SysAllocString
VariantClear
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VariantTimeToSystemTime
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
OleLoadPicture

winmm

midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
waveOutOpen
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader

ws2_32

WSAAsyncSelect
closesocket
inet_ntoa
WSACleanup
recvfrom
accept
getpeername
recv
ioctlsocket

wldap32

ord29

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseColorA
GetFileTitleA

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 628KB - Virtual size: 626KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 668KB - Virtual size: 800KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8811a93e3b08e12d34a0170d903810cc

Headers

File Characteristics

Imports

kernel32

user32

dbghelp

shlwapi

wininet

shell32

ole32

winhttp

advapi32

crypt32

gdi32

winspool.drv

comctl32

oledlg

oleaut32

winmm

ws2_32

wldap32

comdlg32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 628KB - Virtual size: 626KB

.data Size: 668KB - Virtual size: 800KB

.rsrc Size: 40KB - Virtual size: 36KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 628KB - Virtual size: 626KB

.data
Size: 668KB - Virtual size: 800KB

.rsrc
Size: 40KB - Virtual size: 36KB