blackmoon | 726bbb282a1abd79eac8436cc3ab4399453d69059ec5a9c8012a2ff21bd93845

Sharing

Copy URL Twitter E-mail

General

Target

726bbb282a1abd79eac8436cc3ab4399453d69059ec5a9c8012a2ff21bd93845
Size

460KB
MD5

f0fb16899df2714b7767bd6357c14871
SHA1

09e421c51144131ea64671b53ca57e9a72ffd4e6
SHA256

726bbb282a1abd79eac8436cc3ab4399453d69059ec5a9c8012a2ff21bd93845
SHA512

45a07cb65d0f4b8775908a011a6e5cd44c8a2cf4914452eb901aeba14be750a6981a2118aa06a0f8e72dfa1644b453862bc3ee01263ab848b04f26754b948423
SSDEEP

12288:TDuSILl0SpPFh/u164vgeYuFoc3CzFLKQcBDOBCxfnumhdCOj:TDuSILl00PFh/u164vgeYAoc3CzFO6Ba

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
726bbb282a1abd79eac8436cc3ab4399453d69059ec5a9c8012a2ff21bd93845

Files

726bbb282a1abd79eac8436cc3ab4399453d69059ec5a9c8012a2ff21bd93845
.exe windows:4 windows x86 arch:x86

cb3c31ce74c48d3d778e8b652bbe073e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
SetFilePointer
GetLastError
GetCurrentProcess
TerminateProcess
GlobalUnlock
lstrcpyA
GlobalAlloc
SetLastError
lstrcatA
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersion
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
lstrcpynA
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
GlobalFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeviceIoControl
GetVersionExA
GetProcAddress
FreeLibrary
GetCommandLineA
LCMapStringA
GetLocalTime
LoadLibraryA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTickCount
CreateFileA
GetFileSize
ReadFile
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
Sleep
CreateThread
SetWaitableTimer
CreateWaitableTimerA
WideCharToMultiByte
SetThreadExecutionState
LocalFree
LocalAlloc
WriteFile
lstrlenA
lstrcpyn
GetCurrentThreadId
Module32First
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
IsBadReadPtr
RtlMoveMemory
MultiByteToWideChar

gdi32

GetObjectA
SelectObject
GetDeviceCaps
GetStockObject
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteDC
DeleteObject

advapi32

CreateServiceA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
EnumDependentServicesA
EnumServicesStatusExA
EnumServicesStatusA
QueryServiceConfigA
GetServiceKeyNameA
GetServiceDisplayNameA
ChangeServiceConfig2A
QueryServiceConfig2A
ChangeServiceConfigA
QueryServiceStatus
DeleteService
ControlService
StartServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA

shlwapi

PathFileExistsA

user32

GetMessageA
PeekMessageA
RegisterWindowMessageA
MsgWaitForMultipleObjects
MapVirtualKeyA
CreateIconFromResource
FindWindowA
PostMessageA
RedrawWindow
EnableMenuItem
GetSystemMenu
TranslateMessage
GetFocus
DispatchMessageA
AttachThreadInput
SetLayeredWindowAttributes
GetWindowLongA
GetForegroundWindow
SendMessageTimeoutA
IsWindow
GetWindowRect
GetClientRect
ClientToScreen
GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
IsWindowVisible
EnumWindows
GetParent
SetParent
CallWindowProcA
SetWindowLongA
ShowWindow
LoadStringA
GetSysColorBrush
PostThreadMessageA
MessageBoxA
wsprintfA
GetSystemMetrics
DestroyMenu
SetFocus
SetWindowPos
CallNextHookEx
LoadCursorA
LoadIconA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
CopyRect
SendMessageA
ReleaseDC
GetDC
SystemParametersInfoA
GetDlgItem
GetCursorPos
PtInRect
GetWindow
PostQuitMessage
SetCursor
EnableWindow
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExA
ValidateRect
UnregisterClassA
GetKeyState
GetActiveWindow
GetNextDlgTabItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
GetDlgCtrlID
SetWindowTextA
GetMenuItemCount
GetWindowPlacement
IsIconic
SetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow

comdlg32

GetOpenFileNameA

shell32

Shell_NotifyIconA
DragFinish
DragQueryFileA
DragAcceptFiles

gdiplus

GdiplusStartup

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 324KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cb3c31ce74c48d3d778e8b652bbe073e

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

shlwapi

user32

comdlg32

shell32

gdiplus

winspool.drv

comctl32

Sections

.text Size: 324KB - Virtual size: 321KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 48KB - Virtual size: 171KB

.rsrc Size: 60KB - Virtual size: 57KB

.text
Size: 324KB - Virtual size: 321KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 48KB - Virtual size: 171KB

.rsrc
Size: 60KB - Virtual size: 57KB