blackmoon | b792d47c86d0067886f089dfdacc5570N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b792d47c86d0067886f089dfdacc5570N.exe
Size

5.9MB
MD5

b792d47c86d0067886f089dfdacc5570
SHA1

bdfc0209836073a33a0f76eeb9ece08d68d1d246
SHA256

d2e056d1f9973241d639af00a42c9b534d7de9a8376e309251c7240cb2cdc961
SHA512

aa45207fd3a4f46a02b252e78c1f37b812af30b9035b58dc0c2569de1a9a3948193d7a216665d61daf702f3597e2b969363454282f4919f0e54e8da55be693a2
SSDEEP

98304:lZ0PFrtpcuir/RTsNN5YfOVmcS+5cAGM/S19UEFcO54dwJgt2pPEGrfKsWrn:D08MY+HO54mJgtMEGrUD

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b792d47c86d0067886f089dfdacc5570N.exe

Files

b792d47c86d0067886f089dfdacc5570N.exe
.exe windows:4 windows x86 arch:x86

12b15d766451b7b7812eab4f62da5e5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteValueA
PathAppendA
PathFileExistsA
PathIsDirectoryA
SHDeleteKeyA

ws2_32

sendto
gethostbyaddr
gethostname
inet_ntoa
gethostbyname
closesocket
send
recv
connect
socket
inet_addr
htons
WSAStartup
WSACleanup

kernel32

Sleep
WritePrivateProfileStringA
SetFilePointer
FindClose
FindFirstFileA
FindNextFileA
SetCurrentDirectoryA
DeleteFileA
CopyFileA
GetUserDefaultLCID
WriteFile
CreateFileA
GetFileSize
ReadFile
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
OpenFileMappingA
UnmapViewOfFile
MapViewOfFile
GetLastError
CreateFileMappingA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ResumeThread
SuspendThread
TerminateThread
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
VirtualProtectEx
VirtualFreeEx
VirtualAllocEx
FlushInstructionCache
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
UnhandledExceptionFilter
WideCharToMultiByte
Module32Next
GetProcAddress
GetModuleHandleA
Module32First
Process32Next
Process32First
lstrcmpA
CreateToolhelp32Snapshot
CreateProcessA
lstrcpynA
LocalFree
RtlMoveMemory
LocalAlloc
GetLongPathNameA
TerminateProcess
SetWaitableTimer
CreateWaitableTimerA
CreateThread
GetTickCount
lstrcpyn
ReadProcessMemory
VirtualQueryEx
OpenProcess
CloseHandle
UnlockFile
SetEndOfFile
GetFullPathNameA
GetFileTime
TlsAlloc
GlobalHandle
GlobalReAlloc
GetCurrentProcess
VirtualFree
VirtualAlloc
GetCommandLineA
MultiByteToWideChar
GetModuleHandleW
GetCurrentProcessId
LockFile
FlushFileBuffers
GetCurrentThread
TlsFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExA
GetVersion
lstrlenA
DeviceIoControl
GetTimeZoneInformation
GetSystemDefaultLangID
GetLocaleInfoA
GlobalSize
lstrcpyA
SizeofResource
LockResource
LoadResource
FindResourceA
LoadLibraryExA
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
GetVolumeInformationA
GetDriveTypeA
InterlockedExchange
GlobalMemoryStatus
GetTempPathA
GetWindowsDirectoryA
EnumResourceNamesA
GetSystemDirectoryA
CreateDirectoryA
GetProfileStringA
SetLastError
WriteProfileStringA
lstrcatA
WinExec
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetStdHandle
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
LCMapStringW
GetStringTypeW
GetStringTypeA
GetACP
HeapSize
GetLocalTime
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetCurrentDirectoryA
GlobalFlags
DuplicateHandle
MulDiv
GlobalDeleteAtom
VerLanguageNameA
lstrcmpiA
FreeLibrary
LoadLibraryA
LCMapStringA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue

user32

LoadIconW
RegisterClassExW
DefWindowProcW
CreateWindowExW
SendMessageW
ShowWindow
UpdateWindow
SystemParametersInfoA
GetClassLongA
GetDesktopWindow
GetWindow
GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
PostMessageA
SetWindowTextA
IsWindow
ClientToScreen
GetClientRect
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
CallWindowProcA
MsgWaitForMultipleObjects
SendMessageA
PostQuitMessage
GetForegroundWindow
IsWindowVisible
EnumChildWindows
SetWindowPos
SetWindowLongA
GetPropW
LoadCursorW
ReleaseCapture
CallWindowProcW
SetCursor
BeginPaint
EndPaint
GetWindowRect
ReleaseDC
GetWindowLongW
SetWindowLongW
UpdateLayeredWindow
TrackMouseEvent
KillTimer
RemovePropW
IsZoomed
PostMessageW
SetCapture
GetFocus
SetFocus
SetPropW
GetDC
GetWindowTextW
IsRectEmpty
SetTimer
SetWindowRgn
RedrawWindow
GetIconInfo
IsIconic
GetAsyncKeyState
DefWindowProcA
DefMDIChildProcA
LoadCursorA
DestroyCursor
CreateWindowExA
GetWindowLongA
GetDlgItem
GetParent
ScreenToClient
InvalidateRect
ValidateRect
MoveWindow
SetParent
IsWindowEnabled
EnableWindow
GetWindowTextLengthA
MessageBoxA
SetPropA
GetPropA
RemovePropA
SetRect
SetClassLongA
SetForegroundWindow
CreateCaret
DestroyCaret
GetKeyState
SetCaretPos
GetCursorPos
DestroyIcon
wsprintfA
DispatchMessageA
GetMessageA
PostThreadMessageA
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
PeekMessageA
IsDialogMessageA
GetWindowPlacement
RegisterWindowMessageA
GetMessagePos
GetMessageTime
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
GetSysColorBrush
DestroyMenu
CharUpperA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetActiveWindow
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
WindowFromPoint
PtInRect
EnumWindows
FindWindowExA
ChangeDisplaySettingsA
EnumDisplaySettingsA
SendMessageTimeoutA
FindWindowA
SetCursorPos
mouse_event
keybd_event
GetSystemMetrics
LoadImageA
VkKeyScanExA
GetKeyboardLayout
SendDlgItemMessageA
GetMenuItemCount
GetDlgCtrlID
LoadStringA
UnregisterClassA
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
LoadBitmapA
GetKeyboardState
RegisterClipboardFormatA

gdi32

CreateDCA
RealizePalette
SelectPalette
CreateBitmap
SaveDC
RestoreDC
GetDIBits
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
CreateCompatibleBitmap
GetStockObject
GetObjectA
ExtCreateRegion
CombineRgn
GetTextExtentPoint32W
GetPixel
GetDeviceCaps
RemoveFontResourceA
AddFontResourceA
EnumFontFamiliesExA
Escape
BitBlt
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateRoundRectRgn
SetBkColor
GetObjectW

advapi32

RegCloseKey
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
RegOpenKeyExA
CopySid
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
GetUserNameA
GetLengthSid
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
AddAce
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitializeAcl
FreeSid
AllocateAndInitializeSid
RegGetKeySecurity
RegSetValueExA
RegCreateKeyExA
SetSecurityDescriptorDacl

shell32

SHChangeNotify
DragAcceptFiles
DragFinish
DragQueryFileA
ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA
SHEmptyRecycleBinA

comctl32

ImageList_GetIconSize
ImageList_GetIcon
ord17

ole32

CreateStreamOnHGlobal
CoCreateGuid
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoInitialize
CLSIDFromProgID
CoCreateInstance
OleRun
CoUninitialize
CLSIDFromString

crypt32

CryptQueryObject
CryptMsgGetParam
CertCloseStore
CryptMsgClose

gdiplus

GdipFillRectangle
GdipDeleteBrush
GdipDrawRectangle
GdipDeletePen
GdipSetPenDashStyle
GdipDrawPath
GdipDeletePath
GdipCreatePath
GdipAddPathArc
GdipClosePathFigure
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromHICON
GdipSetInterpolationMode
GdipCloneBitmapArea
GdipCreateSolidFill
GdipImageSelectActiveFrame
GdipDeleteStringFormat
GdipMeasureString
GdipGetFontHeight
GdipGetFontSize
GdipGetFontStyle
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipGetStringFormatAlign
GdipSetStringFormatAlign
GdipBitmapGetPixel
GdipDrawString
GdipSetCompositingQuality
GdipSetClipPath
GdipFillPath
GdipSetStringFormatMeasurableCharacterRanges
GdipCreateRegion
GdipMeasureCharacterRanges
GdipGetRegionBounds
GdipGetImagePixelFormat
GdipCombineRegionRect
GdipCreateMatrix
GdipGetRegionScansCount
GdipCreateLineBrushFromRect
GdipCreateRegionHrgn
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipDeleteRegion
GdipResetClip
GdipDisposeImageAttributes
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipGetVisibleClipBounds
GdipSetClipRect
GdipGetRegionScans
GdipDeleteMatrix
GdipFillPolygon
GdipDrawPolygon
GdipCreateStringFormat
GdipGetStringFormatTrimming
GdipGetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatFlags
GdiplusStartup
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipSetClipRegion
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipCreateFromHDC
GdipGraphicsClear
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipDrawImageRect
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipLoadImageFromStream
GdipGetFamilyName

atl

ord47
ord11
ord42
ord10

imm32

ImmGetCompositionStringA
ImmAssociateContext
ImmGetContext
ImmReleaseContext

iphlpapi

GetAdaptersInfo
SendARP

oledlg

ord8

oleaut32

SysAllocString
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
VarR8FromCy
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantClear
VariantInit
VariantChangeType
SafeArrayDestroy

mpr

WNetCancelConnection2A
WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA
WNetAddConnection2A

winmm

waveOutGetNumDevs
mciSendStringA
waveOutGetDevCapsA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

comdlg32

GetFileTitleA
PrintDlgA

winspool.drv

OpenPrinterA
SetPrinterA
DocumentPropertiesA
GetPrinterA
ClosePrinter
EnumPrintersA

wininet

InternetOpenA
InternetGetConnectedState
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
InternetCloseHandle
InternetOpenUrlA

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.8MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

12b15d766451b7b7812eab4f62da5e5d

Headers

File Characteristics

Imports

shlwapi

ws2_32

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

crypt32

gdiplus

atl

imm32

iphlpapi

oledlg

oleaut32

mpr

winmm

version

comdlg32

winspool.drv

wininet

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 4.8MB - Virtual size: 4.9MB

.rsrc Size: 512B - Virtual size: 16B

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 4.8MB - Virtual size: 4.9MB

.rsrc
Size: 512B - Virtual size: 16B