Behavioral task
behavioral1
Sample
4e333bbd52bd1d32b6dd18c9dcb7c15bb2ac5ef2ff539fd750fee8cd2a89ed76.exe
Resource
win7-20240708-en
windows7-x64
General
-
Target
4e333bbd52bd1d32b6dd18c9dcb7c15bb2ac5ef2ff539fd750fee8cd2a89ed76
-
Size
5.4MB
-
MD5
8a57e347bc279162947c0a6cdb491e69
-
SHA1
010f0ea8c547272b48b973bb27bbbfe6fb6cdeec
-
SHA256
4e333bbd52bd1d32b6dd18c9dcb7c15bb2ac5ef2ff539fd750fee8cd2a89ed76
-
SHA512
50c4675597c7fdc5165902cb3a3686a0b8803b690c2c45a368f2a998e1cfc79d1c7e1ecff587967d16796b670ec3d7747fb4f68131e18854e2cc7a942d3edd39
-
SSDEEP
49152:3eohevEoCh33Y6WeJDOEQnJQ0MzmBiSwKe3rKoMVgduYS+U6/UR5R2RpR4LV4y8r:AC0M6BiSGNMxke0zGw9G0j3+Un
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4e333bbd52bd1d32b6dd18c9dcb7c15bb2ac5ef2ff539fd750fee8cd2a89ed76
Files
-
4e333bbd52bd1d32b6dd18c9dcb7c15bb2ac5ef2ff539fd750fee8cd2a89ed76.exe windows:4 windows x86 arch:x86
07777c907e1fca271229eff13fb98c67
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetStdHandle
HeapSize
GetACP
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
GetLocalTime
GetThreadTimes
ResumeThread
SuspendThread
OpenThread
RtlMoveMemory
VirtualAllocEx
CreateThread
SetWaitableTimer
CreateWaitableTimerA
InterlockedDecrement
OpenEventA
Thread32Next
ReadFile
GetExitCodeProcess
GetLastError
FormatMessageA
LoadLibraryExA
FreeLibrary
LCMapStringA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
GlobalFree
RtlFillMemory
CreateMutexA
ReleaseMutex
OpenMutexA
HeapFree
DebugActiveProcess
CreateEventA
GetFileType
GetShortPathNameA
WriteFile
SetFilePointer
SetEndOfFile
CopyFileA
GetDateFormatA
GetTimeFormatA
DeleteFileA
MoveFileA
GetThreadContext
SetThreadContext
SetHandleCount
Thread32First
GetStdHandle
CreateRemoteThread
MulDiv
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
FlushFileBuffers
lstrcpyA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
SetLastError
GetTimeZoneInformation
IsDebuggerPresent
GetProcessHeap
HeapAlloc
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
Module32First
OpenProcess
WriteProcessMemory
GetModuleHandleA
GetProcAddress
GetExitCodeThread
VirtualFreeEx
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetCurrentProcess
ReadProcessMemory
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
lstrcpyn
GetLongPathNameA
IsBadCodePtr
FreeEnvironmentStringsA
PeekNamedPipe
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
LCMapStringW
IsBadWritePtr
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToSystemTime
TerminateProcess
TerminateThread
LocalAlloc
LocalFree
Module32Next
GetModuleFileNameA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetProcessTimes
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
lstrcpynA
EnterCriticalSection
LeaveCriticalSection
VirtualQueryEx
GetCurrentProcessId
SetProcessWorkingSetSize
VirtualProtectEx
GetVersion
Sleep
CreateFileA
DeviceIoControl
InterlockedIncrement
IsDBCSLeadByteEx
lstrlenA
GetCurrentThreadId
GetCommandLineA
WritePrivateProfileStringA
GetVolumeInformationA
SetFileAttributesA
GetFileAttributesA
GetCurrentDirectoryA
SetLocalTime
GetStartupInfoA
GetUserDefaultLCID
CreateDirectoryA
SetUnhandledExceptionFilter
GetVersionExA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
GetComputerNameA
GetFileSize
WaitForSingleObject
CreatePipe
GetTickCount
IsBadReadPtr
HeapReAlloc
ExitProcess
VirtualFree
VirtualAlloc
CreateProcessA
FreeEnvironmentStringsW
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableW
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetStdHandle
GetACP
HeapSize
GetStringTypeA
GetFileType
TerminateProcess
GetLocalTime
GetSystemTime
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
LocalReAlloc
GlobalHandle
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
LocalFree
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
CopyFileA
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
GetWindowsDirectoryA
GetCurrentProcess
GetTimeZoneInformation
SetLastError
FileTimeToSystemTime
CreateMutexA
ReleaseMutex
SuspendThread
SetNamedPipeHandleState
WaitNamedPipeA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
OpenEventA
TlsAlloc
TlsSetValue
TlsGetValue
InterlockedIncrement
InterlockedDecrement
DeleteFileA
MoveFileA
GetFileAttributesA
SetFileAttributesA
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateEventA
CreateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
TlsFree
GetDriveTypeA
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
RemoveDirectoryA
lstrlenW
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
DeviceIoControl
CreateFileA
WaitForMultipleObjects
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
TerminateThread
SetEnvironmentVariableA
user32
PtInRect
GetMenuItemCount
CreateWindowStationA
KillTimer
PostThreadMessageA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
RegisterWindowMessageA
PrintWindow
TabbedTextOutA
DrawTextA
GrayStringA
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
GetMessagePos
GetMessageTime
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetActiveWindow
LoadStringA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
SetActiveWindow
SetWindowPos
SetParent
UpdateWindow
UnregisterClassA
SetLayeredWindowAttributes
GetWindowLongA
SetWindowTextA
GetWindowTextLengthA
GetClassNameA
GetParent
EnableWindow
SetClassLongA
LoadCursorFromFileA
CallNextHookEx
SetWindowsHookExA
GetKeyboardState
GetAsyncKeyState
ShowCursor
SetCapture
ReleaseCapture
ClipCursor
FindWindowExA
GetDoubleClickTime
mouse_event
SetCursorPos
ClientToScreen
SendInput
EnumChildWindows
GetWindow
GetDesktopWindow
SetTimer
ChangeDisplaySettingsA
EnumDisplaySettingsA
FindWindowA
MoveWindow
SetWindowLongA
MsgWaitForMultipleObjects
UnhookWindowsHookEx
CallWindowProcA
keybd_event
MapVirtualKeyA
ValidateRect
GetCaretPos
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
GetLastActivePopup
IsWindowEnabled
SetCursor
PostQuitMessage
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
PostMessageA
GetWindowThreadProcessId
GetClientRect
GetForegroundWindow
AttachThreadInput
GetFocus
SetFocus
wvsprintfA
GetKeyState
IsWindow
GetWindowRect
GetWindowTextA
EnumThreadWindows
SendMessageTimeoutA
CharLowerA
IsWindowVisible
ShowWindow
GetCursorPos
WindowFromPoint
SendMessageA
FlashWindowEx
ShowWindowAsync
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
GetSystemMetrics
wsprintfA
MessageBoxA
LoadKeyboardLayoutA
GetKeyboardLayoutNameA
ActivateKeyboardLayout
GetKeyboardLayout
SystemParametersInfoA
SetForegroundWindow
IsIconic
InvalidateRect
GetDlgCtrlID
EnumWindows
FlashWindow
GetWindowInfo
OpenIcon
GetDlgItem
GetDC
ReleaseDC
GetPropA
RemovePropA
GetKeyboardLayoutList
DestroyWindow
SetPropA
CreateWindowExA
IsZoomed
UpdateLayeredWindow
UnloadKeyboardLayout
SwapMouseButton
CharUpperA
DefWindowProcA
GetGUIThreadInfo
GetAncestor
GetSysColorBrush
ExitWindowsEx
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
LockWindowUpdate
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
SetWindowRgn
WaitForInputIdle
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
UnregisterClassA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
CallWindowProcA
GetForegroundWindow
SetWindowTextA
wsprintfA
gdi32
RectVisible
PtVisible
GetDeviceCaps
GetStockObject
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateFontIndirectA
SelectObject
SetBkMode
SetTextColor
TextOutA
DeleteObject
CreateCompatibleDC
CreateDIBSection
DeleteDC
CreateRectRgn
GetPixel
CreateCompatibleBitmap
GetTextExtentPointA
GetObjectA
Escape
ExtTextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
TextOutA
CombineRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
ExtTextOutA
Escape
GetTextMetricsA
CreateRectRgn
FillRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
GetTextExtentPoint32A
GetDeviceCaps
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
SaveDC
StretchBlt
comdlg32
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
GetFileTitleA
GetFileTitleA
wininet
InternetCloseHandle
HttpOpenRequestA
InternetTimeToSystemTime
FtpOpenFileA
InternetTimeFromSystemTime
HttpQueryInfoA
InternetConnectA
InternetOpenA
FtpGetFileSize
InternetReadFile
InternetSetCookieA
HttpSendRequestA
InternetCloseHandle
shell32
ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA
SHFileOperationA
SHChangeNotify
DragQueryFileA
Shell_NotifyIconA
ShellExecuteA
shlwapi
PathRemoveBlanksA
PathMakeSystemFolderA
PathIsSystemFolderA
PathUnmakeSystemFolderA
PathFindFileNameA
StrTrimA
PathIsDirectoryA
PathRenameExtensionA
PathIsDirectoryEmptyA
PathFileExistsA
PathFindExtensionA
oleaut32
SysAllocString
SafeArrayGetDim
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
VariantCopy
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetLBound
VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
UnRegisterTypeLi
LoadTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
SafeArrayDestroy
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
VariantCopy
dbghelp
MakeSureDirectoryPathExists
ole32
CLSIDFromProgID
CoFreeUnusedLibraries
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
gdiplus
GdipCreateFromHDC
GdipSetClipHrgn
GdipSetSmoothingMode
GdipCreatePen1
GdipDrawRectangle
GdipDeletePath
GdipDeletePen
GdipResetClip
GdipDeleteGraphics
GdipDrawPath
GdiplusStartup
advapi32
CryptReleaseContext
RegFlushKey
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegSetValueExA
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
CryptAcquireContextA
CryptCreateHash
RegCreateKeyA
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegOpenKeyA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumValueA
RegCloseKey
psapi
GetModuleFileNameExA
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
winhttp
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
oledlg
ord8
rasapi32
RasGetConnectStatusA
RasHangUpA
RasHangUpA
RasGetConnectStatusA
winspool.drv
OpenPrinterA
DocumentPropertiesA
ClosePrinter
ClosePrinter
DocumentPropertiesA
OpenPrinterA
comctl32
ord17
ImageList_GetImageCount
ImageList_SetBkColor
ord17
ImageList_Destroy
ImageList_Read
ImageList_Duplicate
wsock32
recv
select
WSACleanup
WSAStartup
closesocket
send
winmm
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutRestart
ws2_32
shutdown
getservbyname
ntohs
WSAGetLastError
ntohl
accept
getpeername
recv
connect
ioctlsocket
recvfrom
setsockopt
socket
htons
WSAAsyncSelect
closesocket
send
select
WSACleanup
inet_ntoa
gethostbyname
WSAStartup
inet_addr
wldap32
ord29
Sections
.text Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.2MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ