blackmoon | 497ac129ddda7980fce1417ab741f810f15aba9f5e915986128aa8e9ac6db84f

Sharing

Copy URL Twitter E-mail

General

Target

497ac129ddda7980fce1417ab741f810f15aba9f5e915986128aa8e9ac6db84f
Size

5.1MB
MD5

3f4bb808b90b7a9406ad46582bce0339
SHA1

ebdc056c5e87626d2c95225617b5fba14fea6879
SHA256

497ac129ddda7980fce1417ab741f810f15aba9f5e915986128aa8e9ac6db84f
SHA512

610053579b9733911f7843c925051c9138018d1729e815157c65bf8cc705a389f31ed31ac206c20030204b11e791ad8ac0458f0ee6da42d9ae943b620ad0561b
SSDEEP

49152:n76qs1VlknhlrHtIPTlpvuBtlGLrS7FoO/Q6++h2NSbDe:+1PgdHtIPTlywrS9/RbD

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
497ac129ddda7980fce1417ab741f810f15aba9f5e915986128aa8e9ac6db84f

Files

497ac129ddda7980fce1417ab741f810f15aba9f5e915986128aa8e9ac6db84f
.dll windows:4 windows x86 arch:x86

4795e2a68ff73d7d78e7a51c393ee925

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

htonl
inet_ntoa
WSACleanup
accept
listen
bind
htons
WSAGetLastError
ioctlsocket
socket
closesocket
connect
inet_addr
__WSAFDIsSet
select
recv
send
ntohs
getsockname
gethostname
shutdown
WSAStartup
gethostbyname

kernel32

GetTempPathA
GetVersionExA
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LoadLibraryA
GetCommandLineA
LCMapStringA
FindFirstFileA
SetFilePointer
SetEndOfFile
SetFileAttributesA
GetLocalTime
GetTickCount
GetEnvironmentVariableA
FormatMessageA
GetUserDefaultLCID
GetFileSize
ReadFile
WritePrivateProfileStringA
GetPrivateProfileStringA
HeapReAlloc
HeapAlloc
ExitProcess
FreeLibrary
LoadLibraryExA
CreateRemoteThread
VirtualProtect
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
IsBadStringPtrA
LocalSize
GlobalSize
TerminateThread
QueryDosDeviceW
OpenProcess
GetCurrentProcess
CreateProcessA
Thread32Next
Thread32First
Process32Next
Process32First
CreateToolhelp32Snapshot
IsBadReadPtr
CreateFileMappingA
FindClose
DeleteCriticalSection
FindFirstFileW
WriteFile
CreateFileW
CreateThread
LocalFree
CreateDirectoryW
LocalAlloc
lstrlenW
Sleep
GetExitCodeThread
ReadProcessMemory
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
RtlMoveMemory
GetComputerNameA
GetVolumeInformationA
DeviceIoControl
lstrcpyn
CreateFileA
CreateEventA
OpenEventA
DeleteFileW
GetModuleFileNameA
VirtualQuery
SetWaitableTimer
CreateWaitableTimerW
HeapFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
VirtualFree
VirtualAlloc
CloseHandle
TerminateProcess
GetWindowsDirectoryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
GetProcessHeap
GetModuleHandleA
GetSystemDirectoryA
lstrlenA
SetLastError
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
GetCurrentThreadId
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
UnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
GetSystemTime
ExitThread
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
lstrcpynA
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
MulDiv
GetVersion
GetTimeZoneInformation
GetNativeSystemInfo
lstrcpyA
lstrcatA
GetLastError

user32

LoadCursorW
CloseClipboard
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
RegisterClassExW
DefWindowProcW
SystemParametersInfoA
MessageBoxTimeoutA
CopyImage
MsgWaitForMultipleObjects
CreateWindowExW
SendMessageW
GetClassNameW
SetClipboardData
EmptyClipboard
OpenClipboard
PeekMessageA
SetForegroundWindow
SetWindowPos
CallWindowProcA
ShowWindow
IsWindowVisible
FindWindowExA
GetForegroundWindow
GetDesktopWindow
GetWindow
GetClassNameA
GetWindowTextLengthA
GetMessageA
DispatchMessageA
wsprintfA
SetClassLongA
GetClassLongA
SetRect
MessageBoxA
SetWindowTextA
EnableWindow
GetWindowTextA
IsWindow
GetWindowRect
MoveWindow
SetActiveWindow
MessageBeep
GetPropA
GetMessageW
TranslateMessage
DispatchMessageW
RemovePropA
PostMessageW
SetTimer
GetAsyncKeyState
DestroyWindow
GetWindowThreadProcessId
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
FindWindowA
SetCursor
SendMessageA
KillTimer
IntersectRect
InvalidateRect
UpdateLayeredWindow
ReleaseCapture
LoadCursorFromFileW
IsZoomed
IsIconic
IsWindowEnabled
SetParent
PostMessageA
UpdateWindow
ValidateRect
SetWindowRgn
GetParent
PtInRect
ReleaseDC
SetCaretPos
GetCursorPos
CallWindowProcW
GetClientRect
GetDlgItem
GetWindowLongA
CreateWindowExA
DestroyCursor
SetWindowLongA
GetSysColor
LoadBitmapA
RegisterHotKey
UnregisterHotKey
GetActiveWindow
PostQuitMessage
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetKeyState
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
CreateDialogIndirectParamA
EndDialog
UnregisterClassA
GetDlgCtrlID
GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
RegisterWindowMessageA
GetMessagePos
GetMessageTime
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
LoadCursorA
MapWindowPoints
LoadIconA
GetSysColorBrush
LoadStringA
PostThreadMessageA
ScreenToClient
GetDC
DefMDIChildProcA
GetClassLongW
DefWindowProcA
GetWindowTextW
AdjustWindowRectEx
SetPropA
SetWindowLongW
SetFocus
TrackMouseEvent
BeginPaint
EndPaint
GetFocus
SetCapture
GetSystemMetrics

shlwapi

PathFileExistsA
PathFindFileNameA
PathIsDirectoryW
StrToIntExA
PathFindExtensionA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDIBits
CreateRoundRectRgn
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetTextColor
SetBkMode
SetBkColor
GetStockObject
GetObjectA
ExtCreateRegion
CombineRgn
CreateSolidBrush
CreateBitmap
RestoreDC
SaveDC
BitBlt
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetDeviceCaps
TranslateCharsetInfo
CreateFontA
CreateRectRgn
SetViewportExtEx

comdlg32

GetOpenFileNameA
ChooseColorA

advapi32

RegSetValueExA
RegCreateKeyExA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegOpenKeyExA
RegCloseKey

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
Shell_NotifyIconW
SHFileOperationW
ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CLSIDFromString
StringFromGUID2
CLSIDFromProgID
CoCreateInstance
CoRevokeClassObject
OleRun

wininet

InternetConnectA
InternetCloseHandle
InternetOpenA
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA

atl

ord42

gdiplus

GdipImageSelectActiveFrame
GdipCreateHBITMAPFromBitmap
GdipGetCompositingQuality
GdiplusStartup
GdipCreateImageAttributes
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipCreatePathGradientFromPath
GdipDrawPolygon
GdipFillPolygon
GdipCreatePen2
GdipDeleteFont
GdipGetFamilyName
GdipGetFontSize
GdipGetFontStyle
GdipMeasureString
GdipGetImagePixelFormat
GdipCloneBitmapArea
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipDisposeImage
GdipSetClipRegion
GdipSetClipRect
GdipDrawRectangle
GdipDeletePen
GdipSetPenDashStyle
GdipResetClip
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipCreateStringFormat
GdipSetStringFormatHotkeyPrefix
GdipDeleteStringFormat
GdipGraphicsClear
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipDeleteBrush
GdipGetFontHeight
GdipCreateSolidFill
GdipDrawString
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipGetStringFormatAlign
GdipGetStringFormatTrimming
GdipCreateLineBrush
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageRect
GdipGetStringFormatFlags
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipLoadImageFromStream
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSetStringFormatMeasurableCharacterRanges
GdipCreateRegion
GdipMeasureCharacterRanges
GdipGetRegionBounds
GdipFillPath
GdipClosePathFigure
GdipAddPathArc
GdipCreatePath
GdipDeletePath
GdipDrawPath
GdipCreateRegionHrgn
GdipDeleteRegion

oleaut32

VariantChangeType
SysFreeString
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
OleLoadPicture
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayDestroy
VariantCopy
SysAllocString
VarR8FromCy
VariantClear

psapi

GetProcessImageFileNameW
GetModuleFileNameExA

imm32

ImmGetContext
ImmAssociateContext

iphlpapi

GetAdaptersInfo

oledlg

ord8

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_BeginDrag

Exports

Exports

My

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.1MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4795e2a68ff73d7d78e7a51c393ee925

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

shlwapi

gdi32

comdlg32

advapi32

shell32

ole32

wininet

atl

gdiplus

oleaut32

psapi

imm32

iphlpapi

oledlg

winspool.drv

comctl32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 3.1MB - Virtual size: 3.3MB

.rsrc Size: 4KB - Virtual size: 844B

.reloc Size: 96KB - Virtual size: 93KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 3.1MB - Virtual size: 3.3MB

.rsrc
Size: 4KB - Virtual size: 844B

.reloc
Size: 96KB - Virtual size: 93KB