blackmoon | 56644e5c4a97e7c6115a7312d42afce8564d7184fcc85604fd1fa62a62882b17

Sharing

Copy URL Twitter E-mail

General

Target

56644e5c4a97e7c6115a7312d42afce8564d7184fcc85604fd1fa62a62882b17
Size

364KB
MD5

d10a04840e06dd07156057207ad78a8b
SHA1

7dcfc86e0cd3ac5b2174203604bbf9fc346b61ee
SHA256

56644e5c4a97e7c6115a7312d42afce8564d7184fcc85604fd1fa62a62882b17
SHA512

95b68380c5fddc46f6392947a88e26361edef2fe1e25b285ba5f983251297244d83618baf352aa19b94feb086b84767c38729baa7993711491923e7427a3c954
SSDEEP

6144:CVOqpqftHvrVEPcgWBBc+0cg8RPt23K6AYDAZ:CMqpWRvrVEPctBLXVv6nDA

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56644e5c4a97e7c6115a7312d42afce8564d7184fcc85604fd1fa62a62882b17

Files

56644e5c4a97e7c6115a7312d42afce8564d7184fcc85604fd1fa62a62882b17
.exe windows:4 windows x86 arch:x86

9c469746cd2afcf554546cbde8c60504

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GetModuleFileNameA
FindFirstFileA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GlobalAlloc
lstrlenA
GetSystemDirectoryA
GetWindowsDirectoryA
GetLastError
GetCurrentProcess
GetTimeZoneInformation
SetLastError
SetFilePointer
GlobalLock
TerminateProcess
OpenProcess
lstrcpyA
lstrcatA
LockResource
LoadResource
FindResourceA
GetVersion
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
LocalFree
lstrcpynA
EnterCriticalSection
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
FlushFileBuffers
MulDiv
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
GlobalUnlock
GlobalFree
GetUserDefaultLCID
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
GetStartupInfoA
CreateProcessA
WaitForSingleObject
Sleep
CreateFileA
WriteFile
SetFileAttributesA
GetTickCount
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
MoveFileExA
GetTempFileNameA
GetTempPathA
MoveFileA
CreateDirectoryA
Module32First
GetVersionExA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventA
OpenEventA

user32

GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
GetMenuItemID
PtInRect
GetWindowLongA
SetWindowLongA
GetDlgItem
ShowWindow
SystemParametersInfoA
GetDC
ReleaseDC
GetSystemMetrics
SetWindowTextA
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
SetActiveWindow
GetActiveWindow
IsWindow
IsWindowEnabled
EnableWindow
IsIconic
GetWindowPlacement
SetFocus
SetWindowPos
IsDialogMessageA
SendDlgItemMessageA
GetMenuItemCount
GetDlgCtrlID
EndDialog
CreateDialogIndirectParamA
DestroyWindow
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
SetCursor
PostQuitMessage
DestroyMenu
GetWindow
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
SendMessageA
GetClientRect
ClientToScreen
GetForegroundWindow
GetCursorPos
PostMessageA
FindWindowExA
FindWindowA
UpdateWindow
MoveWindow
GetParent
GetWindowRect
GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
IsWindowVisible
EnumWindows
SetForegroundWindow

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

ole32

OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
GetObjectA
GetStockObject
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
SelectObject
DeleteDC
DeleteObject

shlwapi

PathFileExistsA

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi

shell32

SHGetSpecialFolderPathA

rasapi32

RasGetConnectStatusA
RasHangUpA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

wsock32

send
WSAStartup
WSACleanup
select
closesocket
recv

wininet

HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetConnectA
InternetSetOptionA
InternetCloseHandle
InternetOpenA

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c469746cd2afcf554546cbde8c60504

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

gdi32

shlwapi

oledlg

oleaut32

shell32

rasapi32

winspool.drv

comctl32

wsock32

wininet

Sections

.text Size: 136KB - Virtual size: 134KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 20KB - Virtual size: 202KB

.vmp0 Size: 4KB - Virtual size: 2KB

.rsrc Size: 176KB - Virtual size: 172KB

.text
Size: 136KB - Virtual size: 134KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 20KB - Virtual size: 202KB

.vmp0
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 176KB - Virtual size: 172KB