blackmoon | 790d52386e05a3c1d2da6ff5fc382f371d5bdcf29f77997681fdfbab1b0f699e

Sharing

Copy URL

Twitter E-mail

General

Target

790d52386e05a3c1d2da6ff5fc382f371d5bdcf29f77997681fdfbab1b0f699e
Size

620KB
MD5

48db2d1f390e929f53f057defd5e9e7b
SHA1

230d64bf371178a9d78a530fbbacc73fc0eb6b2a
SHA256

790d52386e05a3c1d2da6ff5fc382f371d5bdcf29f77997681fdfbab1b0f699e
SHA512

1906a55465725cc9a8620542a84217969b0d7fd11835beff9f07480bd8eb142937788462f667874f39c2b9754a8af8a136bb899afef8fb07b0dd023c51bec640
SSDEEP

12288:Ro8A6ftidleyEYYgzfhBOFX13i/oAwWTZMwzoKiqyqa8lGLWJUgw8Xg:Rob6ftidleylzfhBOJ13eoAw0ZFoKwqg

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
790d52386e05a3c1d2da6ff5fc382f371d5bdcf29f77997681fdfbab1b0f699e

Files

790d52386e05a3c1d2da6ff5fc382f371d5bdcf29f77997681fdfbab1b0f699e
.exe windows:4 windows x86 arch:x86

fbba9136842c19b29a6627fe4a41fda9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

kernel32

TerminateProcess
LocalAlloc
LocalFree
MultiByteToWideChar
WaitForSingleObject
GetCurrentDirectoryW
FreeLibrary
GetCommandLineA
LCMapStringA
GetPrivateProfileStringA
SetFileAttributesA
GetTickCount
Sleep
GetStartupInfoA
CreateProcessA
GetFileSize
GlobalFree
GetUserDefaultLCID
GetModuleFileNameA
DeleteFileA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
ReadFile
CancelIo
WriteFile
ResetEvent
CreateFileA
GetModuleHandleA
SetWaitableTimer
CreateWaitableTimerA
CreateThread
lstrcpynA
lstrcpyn
FindClose
FindFirstFileW
GlobalUnlock
RtlMoveMemory
GlobalLock
GlobalAlloc
GetLocalTime
OpenProcess
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventA
OpenEventA
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc
CloseHandle
VirtualQueryEx
GetCurrentProcess
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
WideCharToMultiByte
lstrlenW
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFilePointer
UnmapViewOfFile
SystemTimeToFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
CreateDirectoryA
GetFileAttributesA
SetFileTime
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
MulDiv
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcatA
lstrcpyA
InterlockedIncrement
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
LockResource
LoadResource
FindResourceA
GetProcessVersion
SetErrorMode
FlushFileBuffers
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

GetMenuItemCount
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
ValidateRect
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
GetWindowTextA
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
IsWindowVisible
UnregisterClassA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
GetLastActivePopup
GetWindowLongA
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
SetForegroundWindow
SetActiveWindow
GetActiveWindow
IsWindow
IsWindowEnabled
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
RegisterClipboardFormatA
DrawIcon
SendInput
SetWindowsHookExA
CallNextHookEx
MessageBoxTimeoutA
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
wsprintfA
GetSystemMetrics
PeekMessageA
GetCursorPos
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
GetParent
EnableWindow
GetIconInfo
GetCursorInfo
ModifyMenuA
CheckMenuItem
SetMenuItemBitmaps
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
UnhookWindowsHookEx
GetForegroundWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MsgWaitForMultipleObjects
ReleaseDC
GetDC
CreateWindowExA
LoadStringA

advapi32

EqualSid
AllocateAndInitializeSid
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
FreeSid
GetTokenInformation
OpenProcessToken

shell32

ShellExecuteA
ShellExecuteExW
SHGetSpecialFolderPathA

ole32

CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CLSIDFromProgID
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

LHashValOfNameSys
LoadTypeLi
SystemTimeToVariantTime
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantChangeType
VarR8FromBool
VarR8FromCy
VariantClear
SafeArrayDestroy
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString

gdi32

GetStockObject
GetObjectA
GetBitmapBits
StretchBlt
GetDIBColorTable
GetDIBits
BitBlt
CreateCompatibleBitmap
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDeviceCaps
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpCheckPlatform

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

shlwapi

PathFindExtensionA
PathFileExistsA

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

oledlg

ord8

Sections

.text
Size: 416KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fbba9136842c19b29a6627fe4a41fda9

Headers

File Characteristics

Imports

winmm

kernel32

user32

advapi32

shell32

ole32

oleaut32

gdi32

winhttp

wininet

urlmon

shlwapi

setupapi

winspool.drv

comctl32

oledlg

Sections

.text Size: 416KB - Virtual size: 414KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 168KB - Virtual size: 264KB

.text
Size: 416KB - Virtual size: 414KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 168KB - Virtual size: 264KB