blackmoon | b42583ea1a538988331439c7903703f28686d97dbd900183be5c9f26022a9345

Sharing

Copy URL

Twitter E-mail

General

Target

b42583ea1a538988331439c7903703f28686d97dbd900183be5c9f26022a9345
Size

256KB
MD5

18489c055c3d8b29bee30f44b77d44fc
SHA1

0d886928d23fe93ed6f48f5f1b109002b8ad02f2
SHA256

b42583ea1a538988331439c7903703f28686d97dbd900183be5c9f26022a9345
SHA512

af6fce5af569a7faf288a4d45dd263bf84f6af6e4fed9406ba65c2433ad1892bcd95ce8dda0914a3c7876a9e669bf0e29fb5ef634110267f7bdcffc7616f3601
SSDEEP

3072:+5E4z97xNhc39hhQYyc1aUTBXO4H6/XmBTRvDPkDUKDRuASo8JE8ctoG7oyoPnIa:+Kit34avmZRvDcka87G7XoPnIoR

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b42583ea1a538988331439c7903703f28686d97dbd900183be5c9f26022a9345

Files

b42583ea1a538988331439c7903703f28686d97dbd900183be5c9f26022a9345
.exe windows:4 windows x86 arch:x86

041fda3966188610773ac4064b61445b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
RtlUnwind
OpenEventA
HeapCreate
GetOEMCP
GetCPInfo
FlushFileBuffers
SetErrorMode
GetProcessVersion
FindResourceA
LoadResource
LockResource
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
CreateEventA
GetCurrentProcess
OpenProcess
LocalAlloc
LocalFree
IsDebuggerPresent
MultiByteToWideChar
IsBadReadPtr
IsBadCodePtr
lstrlenW
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
Process32Next
GlobalAddAtomA
TerminateProcess
RtlMoveMemory
GetModuleHandleA
GetProcAddress
lstrcpyn
LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
SetFilePointer
GetTickCount
CreateDirectoryA
SetFileAttributesA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
GetModuleFileNameA
DeleteFileA
CreateFileA
WriteFile
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
Sleep
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessW
CreatePipe
GetVersion
GlobalGetAtomNameA
GlobalFindAtomA
SetLastError
InterlockedIncrement
lstrcpyA
lstrcatA
CloseHandle
WritePrivateProfileStringA
InterlockedDecrement
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
MulDiv
GlobalFlags

user32

RemovePropA
FindWindowA
PostMessageA
MessageBoxTimeoutA
WaitForInputIdle
EndDialog
CreateDialogIndirectParamA
DestroyMenu
PostThreadMessageA
UnregisterClassA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
CallWindowProcA
EnableWindow
GetParent
IsWindowEnabled
GetForegroundWindow
IsWindow
GetActiveWindow
SetActiveWindow
SetForegroundWindow
PostQuitMessage
SendMessageA
SetCursor
GetWindowLongA
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
LoadStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
GrayStringA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush

advapi32

RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegEnumValueA
RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegCreateKeyA
GetTokenInformation
OpenProcessToken

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CoInitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
OleRun
CLSIDFromString
CoRevokeClassObject
CLSIDFromProgID

winhttp

WinHttpCloseHandle
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpConnect
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts

oleaut32

SysFreeString
SafeArrayDestroy
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear

wininet

InternetReadFile
InternetGetConnectedState
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap
GetStockObject
GetObjectA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comctl32

ord17

oledlg

ord8

shlwapi

PathFileExistsA

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

041fda3966188610773ac4064b61445b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

winhttp

oleaut32

wininet

gdi32

winspool.drv

comctl32

oledlg

shlwapi

Sections

.text Size: 188KB - Virtual size: 186KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 32KB - Virtual size: 128KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 188KB - Virtual size: 186KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 32KB - Virtual size: 128KB

.rsrc
Size: 8KB - Virtual size: 7KB