_AppEnd
_AppStart
_AppUnload
_ControlPanel
_GetPhoneVefCode
_GetTicket
_OnEvent
_OnGroup
_OnGuildPush
_OnPluginMessage
_OnPrivate
cq_int
��ʼ��
Behavioral task
behavioral1
Sample
8f3f325c0c67b4e034f89ab401bd20984256bbb49918f2d3db42f7c00ac41097.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
General
-
Target
8f3f325c0c67b4e034f89ab401bd20984256bbb49918f2d3db42f7c00ac41097
-
Size
4.4MB
-
MD5
7969ae50ed50e668f174076bdf16fff3
-
SHA1
d628ec691f7abcbb06bc314325c80486284a0373
-
SHA256
8f3f325c0c67b4e034f89ab401bd20984256bbb49918f2d3db42f7c00ac41097
-
SHA512
3667d4dcf1a5284fd4ac03261c418d9782729353189e4b24a060d929743385bf6a381beec9eac593299cc595ded89d28f12be0f10012812e95c7bfcfcd27dbf0
-
SSDEEP
49152:xFHGO58y9c75vu3yFXSESlqY4k9kH+t3Wjx9a48Q+s8KuqGaX0ToIBAUZLYa9vSj:mFvu3nBEk9ketGdwXJBAUZL5jHH
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8f3f325c0c67b4e034f89ab401bd20984256bbb49918f2d3db42f7c00ac41097
Files
-
8f3f325c0c67b4e034f89ab401bd20984256bbb49918f2d3db42f7c00ac41097.dll windows:4 windows x86 arch:x86
d7a234b123de23cadd5e77997dd26725
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
RemoveDirectoryA
SetLocalTime
WritePrivateProfileStringA
GetStartupInfoA
SetFileAttributesA
CreateDirectoryA
FindClose
GetFileAttributesA
GetCommandLineA
GetProcAddress
GetWindowsDirectoryA
GetCurrentThread
VirtualProtectEx
DeviceIoControl
CreateFileA
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
MulDiv
LoadLibraryA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
DeleteCriticalSection
FreeLibrary
LoadLibraryExA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenThread
IsDebuggerPresent
GetModuleHandleA
HeapFree
GetTimeFormatA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject
ResumeThread
GlobalReAlloc
TlsFree
MapViewOfFile
SetHandleCount
GetSystemDirectoryA
ReleaseMutex
FindFirstFileA
FindNextFileA
Thread32Next
Thread32First
DeleteFileA
GetCurrentDirectoryA
GetLongPathNameA
Module32Next
Module32First
SetEndOfFile
SetFilePointer
GetLastError
GetModuleHandleW
VirtualQueryEx
MoveFileA
SetWaitableTimer
CreateWaitableTimerA
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStdHandle
GetFileType
SetStdHandle
HeapSize
GetACP
GetSystemTime
RaiseException
RtlUnwind
GetOEMCP
GetVersionExA
CopyFileA
GetProcessTimes
GetLocalTime
FileTimeToSystemTime
OpenMutexA
IsDBCSLeadByteEx
FormatMessageA
Sleep
CreateEventA
SuspendThread
GetThreadContext
SetThreadContext
LoadLibraryW
LeaveCriticalSection
GetVolumeInformationA
VirtualAlloc
GetCPInfo
TerminateProcess
LocalAlloc
LocalFree
DebugActiveProcess
GlobalFree
IsBadReadPtr
GetThreadTimes
CreatePipe
CreateProcessA
PeekNamedPipe
ReadFile
GetExitCodeProcess
WriteFile
GetModuleFileNameW
CreateMutexA
GetModuleFileNameA
InitializeCriticalSection
TerminateThread
RtlFillMemory
OpenEventA
InterlockedDecrement
OpenFileMappingA
CreateFileMappingA
GetFileSize
GetUserDefaultLCID
HeapReAlloc
ExitProcess
GetTickCount
PostQueuedCompletionStatus
GetQueuedCompletionStatus
HeapDestroy
lstrlenA
WriteProcessMemory
GetProcessHeap
HeapAlloc
GetCurrentProcess
OpenProcess
ReadProcessMemory
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
VirtualAllocEx
CreateRemoteThread
GetExitCodeThread
RtlMoveMemory
VirtualFreeEx
lstrcpyn
CreateThread
EnterCriticalSection
GetTempPathA
LCMapStringA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
GetTimeZoneInformation
SetLastError
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
lstrcpyA
FlushFileBuffers
TlsAlloc
GlobalHandle
GetSystemInfo
CreateIoCompletionPort
HeapCreate
lstrcpynA
InterlockedIncrement
GetShortPathNameA
VirtualFree
GetComputerNameA
GetVersion
IsBadWritePtr
SetProcessWorkingSetSize
UnmapViewOfFile
LocalFree
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
GetUserDefaultLCID
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
GetSystemTime
RaiseException
TerminateProcess
HeapSize
SetStdHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
GetFileAttributesA
DeleteFileA
CreateDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
LocalAlloc
GetACP
SuspendThread
ReleaseMutex
CreateMutexA
GetLocalTime
GetCurrentProcess
DuplicateHandle
GetFileType
GetFileSize
SetFilePointer
FileTimeToLocalFileTime
lstrcpynA
lstrcmpiA
lstrcmpA
SetLastError
GetTimeZoneInformation
FileTimeToSystemTime
TerminateThread
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
HeapAlloc
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
CloseHandle
user32
FlashWindowEx
DefWindowProcA
UpdateLayeredWindow
IsZoomed
CreateWindowExA
SetPropA
DestroyWindow
RemovePropA
GetPropA
IsIconic
ShowWindowAsync
ClipCursor
EnableWindow
SwapMouseButton
GetKeyboardState
CharUpperA
PostThreadMessageA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
ReleaseCapture
CreateWindowStationA
GetKeyState
SendInput
PostQuitMessage
SetCursor
IsWindowEnabled
GetLastActivePopup
ValidateRect
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetDlgItem
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnregisterClassA
PtInRect
GetMenuItemCount
SetCursorPos
TabbedTextOutA
DrawTextA
GrayStringA
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
GetMessagePos
GetMessageTime
ActivateKeyboardLayout
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
SetWindowTextA
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
SetClassLongA
LoadCursorFromFileA
InvalidateRect
CallWindowProcW
ShowWindow
keybd_event
GetKeyboardLayoutNameA
LoadKeyboardLayoutA
MessageBoxA
wsprintfA
EnumThreadWindows
FindWindowExA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
SendMessageTimeoutA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetClassNameA
GetWindowTextLengthA
EnumWindows
GetWindowInfo
EmptyClipboard
GetFocus
AttachThreadInput
GetWindowThreadProcessId
GetSystemMetrics
MapVirtualKeyA
EnumChildWindows
CharLowerA
RegisterWindowMessageA
ChangeDisplaySettingsA
EnumDisplaySettingsA
SetWindowLongA
GetCursorPos
SetFocus
OpenIcon
UpdateWindow
MoveWindow
GetParent
SetParent
GetGUIThreadInfo
SetWindowLongW
IsWindowVisible
GetWindow
MsgWaitForMultipleObjects
GetDoubleClickTime
ReleaseDC
PrintWindow
GetCaretPos
SetActiveWindow
GetWindowLongA
SetLayeredWindowAttributes
GetDlgCtrlID
FlashWindow
UnloadKeyboardLayout
GetKeyboardLayoutList
SystemParametersInfoA
CopyRect
GetKeyboardLayout
wvsprintfA
SetTimer
GetClientRect
GetWindowTextA
GetAncestor
GetForegroundWindow
mouse_event
ShowCursor
WindowFromPoint
FindWindowA
ExitWindowsEx
GetDesktopWindow
GetAsyncKeyState
SendMessageA
PostMessageA
GetDC
IsWindow
ClientToScreen
KillTimer
GetWindowRect
SetCapture
GetClassLongA
SetWindowPos
GetMenuState
CallWindowProcA
SetForegroundWindow
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
CloseClipboard
wsprintfA
WaitForInputIdle
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
GetCursorPos
MessageBoxA
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
GetSysColorBrush
LoadStringA
UnregisterClassA
SetWindowPos
GetDesktopWindow
GetClassNameA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
DestroyCursor
ScrollWindowEx
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetWindowTextA
GetWindowTextLengthA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
SendMessageA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
GetScrollPos
RegisterClassA
SetFocus
IsIconic
GetMenuItemCount
GetMenuItemID
CharUpperA
SetWindowTextA
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
IsDialogMessageA
GetClipboardData
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
GetFocus
gdi32
Escape
ExtTextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
GetStockObject
GetObjectA
CreateRectRgn
CreateDIBSection
TextOutA
SetTextColor
SetBkMode
CreateFontIndirectA
GetTextExtentPointA
DeleteDC
DeleteObject
GetPixel
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
Escape
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
GetTextMetricsA
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
GetDeviceCaps
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
EndPage
comdlg32
GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA
GetFileTitleA
ChooseColorA
wsock32
getsockname
WSACleanup
listen
ord1140
ord1141
ord1142
accept
connect
getpeername
recv
setsockopt
socket
WSAStartup
select
send
htons
ioctlsocket
bind
recvfrom
inet_addr
ntohs
closesocket
sendto
wininet
FtpGetFileSize
FtpOpenFileA
InternetTimeToSystemTime
InternetSetCookieA
InternetGetConnectedState
InternetReadFile
InternetTimeFromSystemTime
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
HttpQueryInfoA
InternetOpenA
HttpSendRequestA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
shell32
SHGetPathFromIDListA
SHGetFileInfoA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHFileOperationA
SHChangeNotify
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteA
Shell_NotifyIconA
ole32
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
CoInitialize
OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun
OleUninitialize
OleRun
CoCreateInstance
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CLSIDFromProgID
dbghelp
MakeSureDirectoryPathExists
winhttp
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
shlwapi
PathIsSystemFolderA
PathFindExtensionA
PathFileExistsA
PathRemoveBlanksA
StrTrimA
PathIsDirectoryEmptyA
PathUnmakeSystemFolderA
PathIsDirectoryA
PathFindFileNameA
PathMakeSystemFolderA
PathRenameExtensionA
oleaut32
LHashValOfNameSys
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
SafeArrayCreate
RegisterTypeLi
SafeArrayGetElemsize
LoadTypeLi
VarR8FromBool
VarR8FromCy
SysFreeString
VariantCopy
VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
UnRegisterTypeLi
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
advapi32
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
LookupAccountSidA
RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegCreateKeyA
RegSetValueExA
RegFlushKey
RegEnumValueA
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
gdiplus
GdipDeleteGraphics
GdipResetClip
GdipDeletePen
GdipDeletePath
GdipDrawPath
GdipDrawRectangle
GdipCreatePen1
GdiplusStartup
GdipCreateFromHDC
GdipSetClipHrgn
GdipSetSmoothingMode
psapi
GetModuleFileNameExA
ws2_32
WSAWaitForMultipleEvents
WSASocketA
WSARecv
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSACloseEvent
WSASend
ntohl
accept
getpeername
recv
ioctlsocket
recvfrom
inet_ntoa
WSAStartup
WSACleanup
select
send
closesocket
WSAAsyncSelect
oledlg
ord8
rasapi32
RasHangUpA
RasGetConnectStatusA
RasHangUpA
RasGetConnectStatusA
winspool.drv
DocumentPropertiesA
OpenPrinterA
ClosePrinter
OpenPrinterA
DocumentPropertiesA
ClosePrinter
comctl32
ord17
ord17
ImageList_Destroy
winmm
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutRestart
waveOutPause
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
Exports
Exports
Sections
.text Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 552KB - Virtual size: 856KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 172KB - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ