blackmoon | f87721e54ef81cd02613b8d15f771557657abacb71f2059ea031f6f4a9b7f637

Sharing

Copy URL Twitter E-mail

General

Target

f87721e54ef81cd02613b8d15f771557657abacb71f2059ea031f6f4a9b7f637
Size

14.3MB
MD5

8920c77f59268884ab86d4bb9c84208b
SHA1

53c882d4dbe2a32f20995c464286de64319e3eac
SHA256

f87721e54ef81cd02613b8d15f771557657abacb71f2059ea031f6f4a9b7f637
SHA512

86694124603473d86266e479b7c1cf16d1ba4d7aebcc9fd29da3e4184929362b34de881d17412e5af26f646b793b0afc43bf4b75840ef9754f34c50759da4533
SSDEEP

196608:zW9QfLckqlg6LUemFsrMkGJN8y0jEmgqY9dllds3a8n8Fsg12gqGKvmIPxoaSWJV:lKY93bGjJGKOI5oaSW

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f87721e54ef81cd02613b8d15f771557657abacb71f2059ea031f6f4a9b7f637

Files

f87721e54ef81cd02613b8d15f771557657abacb71f2059ea031f6f4a9b7f637
.exe windows:4 windows x86 arch:x86

61af3025b19edcace37caf9b227b9ea1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA
AVIStreamGetFrame

iphlpapi

GetAdaptersInfo

shlwapi

PathFindFileNameA
StrToIntW
StrStrW
StrToIntExW
StrStrA
StrTrimW
StrStrIW
StrRStrIW
StrCmpNA

winmm

midiStreamOut
midiOutPrepareHeader
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
midiStreamProperty
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
PlaySoundA

ws2_32

gethostname
inet_addr
gethostbyname
recv
send
connect
setsockopt
inet_ntoa
WSAStartup
WSACleanup
closesocket
accept
__WSAFDIsSet
ntohs
getsockname
select
WSAAsyncSelect
htons
bind
htonl
socket
sendto
recvfrom
ioctlsocket
listen
WSASocketA
getpeername

kernel32

GetLastError
GetFullPathNameA
GetUserDefaultLCID
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrcatA
ExitProcess
GetModuleFileNameA
WritePrivateProfileStringA
LockResource
LoadResource
FindResourceA
WaitForMultipleObjects
GetProfileStringA
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
SetSystemPowerState
LoadLibraryExA
Beep
GlobalMemoryStatus
SetLastError
GetTimeZoneInformation
GetVersion
GetCurrentThread
DuplicateHandle
GetSystemTime
GetTempFileNameA
LocalFree
FormatMessageA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetThreadLocale
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LocalAlloc
GlobalHandle
TlsFree
LocalReAlloc
GetFileTime
GlobalFlags
GetProfileIntA
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadCodePtr
GetPrivateProfileStringA
OutputDebugStringA
ExpandEnvironmentStringsA
FindFirstFileA
FindClose
SetFileAttributesA
GetVersionExA
MoveFileA
DeleteFileA
CopyFileA
CreateDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
MulDiv
SetLocalTime
GetCommandLineA
GetSystemInfo
PulseEvent
OpenEventA
HeapReAlloc
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
ChangeTimerQueueTimer
CreateTimerQueue
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteFile
lstrcmpiA
GetFileSize
CreateFileW
lstrcmpiW
HeapDestroy
HeapCreate
lstrcmpW
RtlZeroMemory
lstrcmpA
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
VirtualFree
VirtualAlloc
GetModuleHandleW
SetEvent
ReleaseMutex
CreateMutexA
GetLogicalDriveStringsA
ReadDirectoryChangesW
GetComputerNameA
GetDiskFreeSpaceExA
InterlockedExchange
TlsAlloc
CreateEventA
GetWindowsDirectoryA
GetShortPathNameA
FreeLibrary
GetExitCodeThread
lstrcpyn
SetWaitableTimer
CreateWaitableTimerA
SetEnvironmentVariableA
GetCurrentProcessId
InterlockedDecrement
IsBadWritePtr
LoadLibraryA
GetTempPathA
InterlockedExchangeAdd
GlobalFree
GlobalAlloc
IsBadReadPtr
TlsGetValue
TlsSetValue
GetQueuedCompletionStatus
CreateIoCompletionPort
ResetEvent
InterlockedIncrement
lstrcpynA
GetTickCount
GetSystemDirectoryA
InterlockedCompareExchange
lstrlenW
GlobalUnlock
GlobalSize
GlobalLock
ReadProcessMemory
Module32Next
WriteProcessMemory
VirtualProtectEx
GetProcAddress
GetModuleHandleA
VirtualFreeEx
CreateRemoteThread
VirtualAllocEx
PostQueuedCompletionStatus
CreateThread
SetFilePointer
ReadFile
GetFileSizeEx
CreateProcessA
GetCurrentThreadId
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcessTimes
Sleep
GetTimeFormatA
GetDateFormatA
GetLocalTime
VirtualQueryEx
GetCurrentProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateFileA
TerminateProcess
WaitForSingleObject
LocalSize
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
RtlMoveMemory
HeapFree
lstrlenA
HeapAlloc
GetProcessHeap
GetFileAttributesA
RemoveDirectoryA

user32

CharUpperA
CreateDialogIndirectParamA
EndDialog
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
GetClassLongA
RegisterClassA
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
GetMenuCheckMarkDimensions
wvsprintfA
CharNextA
SetWindowContextHelpId
MapDialogRect
GetSysColorBrush
GetNextDlgGroupItem
GetDesktopWindow
CreateIconIndirect
GetIconInfo
CopyIcon
LoadStringA
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowTextA
GetClassNameA
ExitWindowsEx
DrawStateA
FrameRect
GetNextDlgTabItem
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
ModifyMenuA
CreateAcceleratorTableA
GetDlgCtrlID
EnableMenuItem
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
GetClassInfoA
DeleteMenu
DestroyAcceleratorTable
GetMessagePos
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
GetCapture
GetScrollRange
SetScrollRange
SetScrollPos
InflateRect
PtInRect
OffsetRect
RedrawWindow
SetActiveWindow
SetCursorPos
InvertRect
IsRectEmpty
IsChild
EqualRect
LockWindowUpdate
GetTopWindow
MessageBeep
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoW
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuStringW
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
GetWindowTextLengthA
InsertMenuW
GetMenuItemCount
AppendMenuW
LoadMenuW
GetSystemMenu
CreateMenu
CharLowerW
CharUpperW
IsDialogMessageW
TranslateAcceleratorW
GetMessageW
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageW
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
PostQuitMessage
DestroyIcon
SetTimer
KillTimer
SetClassLongW
GetClassLongW
SetRect
DestroyCursor
RemovePropW
GetPropW
SetPropW
MessageBoxW
EnableWindow
IsWindowEnabled
PostMessageW
ValidateRect
GetDlgItem
SendMessageW
TrackMouseEvent
SetCursor
LoadCursorW
DefMDIChildProcW
GetAsyncKeyState
ReleaseDC
GetDC
DefWindowProcW
FillRect
RegisterClassExW
LoadCursorA
DestroyWindow
GetWindow
ShowWindow
BringWindowToTop
CreateWindowExW
UpdateWindow
InvalidateRect
SetWindowRgn
SetWindowTextW
RemovePropA
MoveWindow
SetParent
DefWindowProcA
ScreenToClient
ReleaseCapture
SetCapture
SetFocus
GetFocus
EndPaint
IntersectRect
BeginPaint
CallWindowProcW
AppendMenuA
DestroyMenu
TrackPopupMenu
CreatePopupMenu
GetCursorPos
SetWindowTextA
GetPropA
SetPropA
SetWindowLongW
GetWindowLongW
SendMessageTimeoutW
CallWindowProcA
EnumWindows
GetWindowLongA
CallNextHookEx
DispatchMessageW
TranslateMessage
SetWindowsHookExW
SetWindowLongA
IsClipboardFormatAvailable
WaitForInputIdle
GetActiveWindow
MessageBoxA
MsgWaitForMultipleObjects
GetForegroundWindow
ClientToScreen
SetWindowPos
MapVirtualKeyA
GetGUIThreadInfo
SetKeyboardState
GetKeyboardState
AttachThreadInput
PostMessageA
GetClientRect
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClipboardFormatA
GetWindowTextW
GetWindowTextLengthW
GetClassNameW
GetParent
GetWindowThreadProcessId
IsWindowVisible
FindWindowExA
ShowWindowAsync
IsWindow
GetClipboardData
GetClipboardFormatNameA
EnumClipboardFormats
OpenClipboard
PostThreadMessageA
PeekMessageA
GetScrollPos
SendMessageA
SetForegroundWindow
OpenIcon
GetAncestor
GetWindowRect
DrawTextW
GetDoubleClickTime
ClipCursor
GetMenuStringA
GetTabbedTextExtentA
GrayStringA
TabbedTextOutA
WindowFromDC
EnumChildWindows
GetWindowDC
DrawTextA
GetCursor
CreateWindowExA
SetMenuInfo
GetClassInfoExW
UnregisterClassA

gdi32

GetPixel
StartPage
StartDocA
EndDoc
EndPage
CreateFontIndirectA
PatBlt
CreatePen
CreateBitmap
CreateBrushIndirect
FillRgn
CreateDCA
GetPolyFillMode
SetWindowOrgEx
SaveDC
RestoreDC
CreatePenIndirect
PtVisible
RectVisible
Escape
AbortDoc
SetBrushOrgEx
MoveToEx
GetTextMetricsW
SetBitmapBits
TranslateCharsetInfo
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
SetPixelV
Ellipse
ExtSelectClipRgn
GetViewportExtEx
GetMapMode
CopyMetaFileA
CreateFontA
GetBitmapBits
SetDIBitsToDevice
TextOutA
CreateRectRgnIndirect
SetPixel
GetClipRgn
CreatePolygonRgn
SelectClipRgn
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
GetTextColor
LineTo
GetTextExtentPoint32A
GetDeviceCaps
CreatePatternBrush
ExtCreateRegion
CreateDIBSection
GetObjectA
SetBkMode
SetTextColor
CreateSolidBrush
ExtTextOutA
SetBkColor
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
CreateCompatibleDC
CombineRgn
CreateRectRgn
GetStockObject
DeleteDC
GetTextMetricsA
OffsetRgn
FrameRgn
Rectangle
SelectObject
LPtoDP
DPtoLP
GetCurrentObject
DeleteObject
RoundRect
CreateRoundRectRgn
GetTextExtentPoint32W
BitBlt
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode

msimg32

GradientFill
AlphaBlend

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

ChooseColorA
GetFileTitleA
PrintDlgA
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA

advapi32

RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegOpenKeyA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
CreateProcessAsUserA

shell32

DragFinish
DragQueryFileA
DragQueryFileW
Shell_NotifyIconW
StrRStrW
ShellExecuteA
Shell_NotifyIconA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA
DragAcceptFiles
ShellExecuteEx

ole32

CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleDuplicateData
CoRegisterMessageFilter
CoLockObjectExternal
DoDragDrop
OleGetClipboard
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoTaskMemFree
ReleaseStgMedium
CLSIDFromProgID
OleInitialize
OleUninitialize
CoCreateInstance
OleRun
GetHGlobalFromStream
CreateStreamOnHGlobal
CLSIDFromString
RevokeDragDrop
StringFromGUID2
CoUninitialize
CoInitialize
CoRevokeClassObject
CoTaskMemAlloc

oleaut32

VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
SafeArrayDestroy
SafeArrayCreate
OleCreatePictureIndirect
SafeArrayPutElement
UnRegisterTypeLi
SysFreeString
SafeArrayGetElemsize
SysAllocStringByteLen
VarDateFromStr
SysAllocStringLen
SysStringLen
RegisterTypeLi
LHashValOfNameSys
OleCreateFontIndirect
LoadTypeLi

imagehlp

MakeSureDirectoryPathExists

atl

ord42

comctl32

ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_Add
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
InitCommonControlsEx
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Duplicate
ImageList_DrawIndirect
ImageList_Write
ImageList_Read
ord17
ImageList_EndDrag

wininet

InternetTimeFromSystemTime

oledlg

ord8

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

61af3025b19edcace37caf9b227b9ea1

Headers

File Characteristics

Imports

msvfw32

avifil32

iphlpapi

shlwapi

winmm

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

imagehlp

atl

comctl32

wininet

oledlg

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.rdata Size: 8.6MB - Virtual size: 8.6MB

.data Size: 156KB - Virtual size: 564KB

.rsrc Size: 52KB - Virtual size: 52KB

.sedata Size: 280KB - Virtual size: 280KB

.idata Size: 16KB - Virtual size: 16KB

.text
Size: 5.2MB - Virtual size: 5.2MB

.rdata
Size: 8.6MB - Virtual size: 8.6MB

.data
Size: 156KB - Virtual size: 564KB

.rsrc
Size: 52KB - Virtual size: 52KB

.sedata
Size: 280KB - Virtual size: 280KB

.idata
Size: 16KB - Virtual size: 16KB