blackmoon | f19d3ccb3f4b4c8e34df120fbb272d915c98f6f063fe0876a3520b24db1512b2

Sharing

Copy URL Twitter E-mail

General

Target

f19d3ccb3f4b4c8e34df120fbb272d915c98f6f063fe0876a3520b24db1512b2
Size

7.8MB
MD5

b3c99115c1b0ccfd658e934cab7d4b77
SHA1

438b9440c7acc91f0ce7af65a3124fb90f6a037f
SHA256

f19d3ccb3f4b4c8e34df120fbb272d915c98f6f063fe0876a3520b24db1512b2
SHA512

4d43cdb80729fe09e9239afb3b5b1b159f5cc2ff62e5e5e330d3515b2a47824b9272c1fb812bcc0b761d8c71dbafe942917a8532bf3cffc6c4405aa16d8622e7
SSDEEP

98304:w3Fb7qmStKZmgoYIaf2AA8lbpHhB8sr3xeRPFSEeX6v8k4kxnIHYS1GnYbJBAUZS:rYA8lV/meXJ9eIHYS1GnYbJV8A+r

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f19d3ccb3f4b4c8e34df120fbb272d915c98f6f063fe0876a3520b24db1512b2

Files

f19d3ccb3f4b4c8e34df120fbb272d915c98f6f063fe0876a3520b24db1512b2
.exe windows:4 windows x86 arch:x86

c293afa5ed1bb648851e8890a59b9263

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
GetProcessVersion
FindResourceA
LoadResource
GetExitCodeProcess
Sleep
LCMapStringW
LockResource
GetLocaleInfoA
SetLastError
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetStringTypeW
SetStdHandle
GetStringTypeA
SetEndOfFile
GetStringTypeExA
GetCPInfo
GetOEMCP
ReadFile
IsBadWritePtr
InterlockedIncrement
WritePrivateProfileStringA
GlobalFlags
GetFileAttributesA
LocalFree
LocalAlloc
CreateThread
GlobalDeleteAtom
CopyFileA
RtlUnwind
RaiseException
TerminateProcess
HeapSize
GetACP
CreateFileA
SetUnhandledExceptionFilter
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
DeleteCriticalSection
GlobalHandle
TlsFree
GlobalReAlloc
LocalReAlloc
InterlockedDecrement
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetSystemDirectoryA
GetTempPathA
RtlMoveMemory
GetVersion
lstrcpyn
IsBadStringPtrA
GetProcAddress
HeapFree
LoadLibraryA
GetProcessHeap
SetHandleCount
IsBadCodePtr
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualFree
GetModuleFileNameA
VirtualProtect
WriteFile
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetEnvironmentVariableA
SetEnvironmentVariableA
GlobalAlloc
FreeLibrary
WideCharToMultiByte
HeapCreate
InterlockedCompareExchange
InterlockedExchange
GetModuleHandleA
lstrlenA
HeapAlloc
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapDestroy
lstrcmpA
GetWindowsDirectoryA
GetEnvironmentStringsW
MultiByteToWideChar
GetCurrentProcess
VirtualFreeEx
lstrlenW
CreatePipe
CreateProcessA
CloseHandle
PeekNamedPipe
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
GetCommandLineA
DeleteFileA
GetFileSize
GetVersionExA
FindClose
FindFirstFileA
FindNextFileA
GetTickCount
SetFilePointer
GlobalLock
GlobalUnlock
GetUserDefaultLCID
IsBadReadPtr
HeapReAlloc
ExitProcess
GlobalFree
MulDiv
CompareStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
GetEnvironmentVariableA
GetFileType
GetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
InterlockedIncrement
CompareStringW
IsBadCodePtr
GetACP
SuspendThread
ReleaseMutex
CreateMutexA
UnmapViewOfFile
TerminateThread
GetTempPathW
CreateFileW
SetFilePointer
GetFileSize
DeleteFileW
GetVersionExW
LoadLibraryW
VirtualQuery
GetModuleHandleW
ResumeThread
GetProfileStringA
WriteFile
WaitForMultipleObjects
SetStdHandle
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
GlobalSize
GlobalFree
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
GetLastError
GetVersionExA
WritePrivateProfileStringA
CreateEventA
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
SetCurrentDirectoryA
GetVolumeInformationA
MulDiv
GetCommandLineA
GetTickCount
SetProcessWorkingSetSize
lstrcpynA
ReleaseSemaphore
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForSingleObject
CreateSemaphoreA
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
lstrcmpA
lstrcmpiW
HeapDestroy
HeapCreate
lstrcmpW
RtlZeroMemory
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapFree
lstrlenA
lstrcpyn
RtlMoveMemory
GetModuleHandleA
VirtualAlloc
LoadLibraryA
GetProcessHeap
VirtualFree
MultiByteToWideChar
GetModuleFileNameA
VirtualProtect
GetFileAttributesA
GetCurrentProcessId
OpenProcess
TerminateProcess
ExitProcess
GetProcAddress
Sleep
IsBadReadPtr
GetCurrentProcess
VirtualQueryEx
SetHandleCount
GetLocalTime
lstrlenW
WideCharToMultiByte
CreateWaitableTimerA
SetWaitableTimer
CloseHandle
GetCurrentThreadId
RemoveDirectoryA
CreateThread

user32

UpdateWindow
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
GetClientRect
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnhookWindowsHookEx
UnregisterClassA
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
DestroyMenu
LoadIconA
SetWindowTextA
GetWindowTextA
GetMenuItemCount
PostQuitMessage
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetMessageA
CreateDialogIndirectParamA
LoadCursorA
GetSysColorBrush
LoadStringA
ClientToScreen
EndDialog
PostThreadMessageA
GetWindow
PeekMessageA
SystemParametersInfoA
RegisterClassA
GetMenuItemCount
GetMenuItemID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
UnhookWindowsHookEx
GetMessageTime
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
CharUpperA
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA
IsWindow
GetPropA
RemovePropA
DestroyWindow
SetWindowLongA
SetPropA
CreateWindowExA
IsWindowVisible
ShowWindow
IsZoomed
IsIconic
GetWindowRect
GetSysColorBrush
GetDC
UpdateLayeredWindow
ReleaseDC
DefWindowProcA
CallWindowProcA
GetParent
GetAncestor
GetClassNameA
MsgWaitForMultipleObjects
GetInputState
SendMessageA
SetWindowLongW
CallWindowProcW
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
DestroyCursor
SetParent
PostMessageA
GetTopWindow
GetFocus
GetClientRect
LockWindowUpdate
InvalidateRect
UnregisterClassA
UpdateWindow
EqualRect
SetForegroundWindow
DestroyMenu
IsChild
IsRectEmpty
FillRect
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
GetWindowLongA
RedrawWindow
EnableWindow
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
GetClassInfoA
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
MessageBoxW
GetDesktopWindow
EmptyClipboard
AdjustWindowRectEx
MoveWindow
ValidateRect

shell32

SHGetSpecialFolderPathA
ShellExecuteA
Shell_NotifyIconA
ShellExecuteA

shlwapi

PathFindFileNameA
StrTrimA
PathFileExistsA
PathFindExtensionA
StrToIntW
PathIsDirectoryW
StrToIntExW

ole32

CLSIDFromProgID
CoFreeUnusedLibraries
CLSIDFromProgID
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize
CLSIDFromString
OleInitialize
CoCreateInstance
OleRun
CoUninitialize
CoRegisterMessageFilter
CoInitialize
OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CoCreateGuid

dbghelp

MakeSureDirectoryPathExists

wininet

InternetTimeToSystemTime
InternetReadFile
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetSetOptionA

crypt32

CertCloseStore
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CertFreeCertificateContext
CryptStringToBinaryA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
CryptExportKey
CryptAcquireContextA
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptImportKey
CryptSetKeyParam
CryptGetKeyParam
CryptEncrypt
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDecrypt
CryptDestroyHash
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExA
RegSetValueExA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
RegCreateKeyExA
CryptReleaseContext
RegQueryValueA

winhttp

WinHttpSetTimeouts
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpOpen
WinHttpSetCredentials
WinHttpWriteData
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest

gdi32

ScaleWindowExtEx
RectVisible
GetClipBox
GetDeviceCaps
TextOutA
SetWindowExtEx
PtVisible
ExtTextOutA
SetMapMode
SetTextColor
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
SetViewportOrgEx
OffsetViewportOrgEx
Escape
SetViewportExtEx
ScaleViewportExtEx
GetObjectA
GetStockObject
CreateBitmap
DeleteObject
StartDocA
StartPage
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
BitBlt
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
EndDoc
EndPage
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
CombineRgn
PatBlt
CreatePen
CreateBitmap
CreateDCA
DeleteObject
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
GetNearestPaletteIndex
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
CreateRectRgn
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
OffsetViewportOrgEx
CreateCompatibleBitmap

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17
ImageList_Destroy
ord17
ImageList_Create

oledlg

ord8

oleaut32

VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysFreeString
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayDestroy
VariantCopy
SysAllocString
VariantClear
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VariantTimeToSystemTime
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy

winmm

midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamStop
midiOutReset
midiStreamOpen
midiStreamRestart
waveOutUnprepareHeader
waveOutRestart
waveOutPrepareHeader
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
midiStreamClose

ws2_32

recv
ioctlsocket
recvfrom
WSAAsyncSelect
getpeername
accept
ntohl
inet_ntoa
WSACleanup
closesocket

comdlg32

GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
GetFileTitleA

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 692KB - Virtual size: 905KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c293afa5ed1bb648851e8890a59b9263

Headers

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

ole32

dbghelp

wininet

crypt32

advapi32

winhttp

gdi32

winspool.drv

comctl32

oledlg

oleaut32

winmm

ws2_32

comdlg32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 4.0MB - Virtual size: 4.0MB

.data Size: 692KB - Virtual size: 905KB

.rsrc Size: 40KB - Virtual size: 36KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 4.0MB - Virtual size: 4.0MB

.data
Size: 692KB - Virtual size: 905KB

.rsrc
Size: 40KB - Virtual size: 36KB