D:\服务端\登陆器\C++登陆器源码\登陆器2\登录器2\Logon\Release\rxjh.pdb
Behavioral task
behavioral1
Sample
3c519e5ef3de462f65c24098dffaf9eb5d19ec7a037005bb0c6c4d031c7f6e91.exe
Resource
win7-20240903-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
3c519e5ef3de462f65c24098dffaf9eb5d19ec7a037005bb0c6c4d031c7f6e91.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
3c519e5ef3de462f65c24098dffaf9eb5d19ec7a037005bb0c6c4d031c7f6e91
-
Size
5.1MB
-
MD5
7f8124cbbf1b410d288f7485253fb959
-
SHA1
239480d42f84c7d9fb0e80e12eeec71e0c5ef080
-
SHA256
3c519e5ef3de462f65c24098dffaf9eb5d19ec7a037005bb0c6c4d031c7f6e91
-
SHA512
278efc3c77d36ebb7eece4d79a885f87cc335a1f26881cd8b149c56c625354336f5f4bfbf08ff941ec248ff976e184471bad3424c85fa5701ff1ffe6092c7319
-
SSDEEP
98304:8qGpgtmGq2fkcP/4vK3tkA2M2SFdThuEEghMqr4um1vh81wqIfdB5XFJ9bg+0ntv:8cmTct6u9uEivh81DIpXbK+0nI6Qw3r8
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3c519e5ef3de462f65c24098dffaf9eb5d19ec7a037005bb0c6c4d031c7f6e91
Files
-
3c519e5ef3de462f65c24098dffaf9eb5d19ec7a037005bb0c6c4d031c7f6e91.exe windows:6 windows x86 arch:x86
18a4ed4fd20858f90c956f59f3389a15
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
InitializeSListHead
WriteConsoleW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
FindNextFileW
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetDriveTypeW
GetTimeZoneInformation
GetFileAttributesExW
EnumSystemLocalesW
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
GetFullPathNameW
VirtualQuery
VirtualAlloc
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStringTypeW
LCMapStringW
FormatMessageW
OutputDebugStringW
QueryPerformanceCounter
GetStartupInfoW
IsValidLocale
IsDebuggerPresent
LoadResource
LockResource
SizeofResource
FindResourceW
WideCharToMultiByte
GetTickCount
GetModuleHandleA
GetProcAddress
GetCurrentDirectoryA
FindClose
FindFirstFileA
GetLogicalDrives
GetModuleFileNameA
CloseHandle
WaitForSingleObject
GetCurrentProcess
TerminateProcess
CreateRemoteThread
OpenProcess
VirtualAllocEx
WriteProcessMemory
LocalFree
lstrcmpA
lstrcpyA
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
Module32Next
DeleteFileA
RemoveDirectoryA
WinExec
GetCommandLineW
CreateMutexA
SetCurrentDirectoryA
CreateDirectoryA
CreateFileA
GetFileSize
ReadFile
SetFileAttributesA
WriteFile
OutputDebugStringA
Beep
Sleep
GetCurrentProcessId
CreateThread
CreateProcessA
GlobalMemoryStatusEx
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
FreeResource
lstrlenA
CreateFileMappingA
FindResourceA
GetTempPathA
CopyFileA
MoveFileExA
MultiByteToWideChar
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetFileAttributesA
LocalFileTimeToFileTime
SetFilePointer
SetFileTime
SystemTimeToFileTime
GetFileInformationByHandle
GetLocalTime
FileTimeToSystemTime
SetLastError
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
FormatMessageA
InitializeCriticalSectionAndSpinCount
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
LoadLibraryA
LoadLibraryW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
LocalAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FindNextFileA
SetEvent
CreateEventA
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
GetVersionExA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetAtomNameA
GetThreadLocale
GetACP
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetOEMCP
GetCPInfo
VerSetConditionMask
VerifyVersionInfoA
GetFileAttributesExA
GetFileSizeEx
GetFileTime
FlushFileBuffers
GetFullPathNameA
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
LoadLibraryExA
GetShortPathNameA
lstrcmpiA
MoveFileA
GetVolumeInformationA
GetStringTypeExA
GetDiskFreeSpaceA
GetTempFileNameA
ReplaceFileA
GetUserDefaultLCID
GetWindowsDirectoryA
FindResourceExW
SearchPathA
GetProfileIntA
SetErrorMode
LocalLock
LocalUnlock
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetLastError
user32
GetMenuItemInfoA
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
TranslateMessage
GetMessageA
IsZoomed
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
InsertMenuItemA
TranslateAcceleratorA
LoadAcceleratorsA
ReleaseCapture
BringWindowToTop
MapVirtualKeyA
GetKeyNameTextA
LoadBitmapA
IntersectRect
EndDialog
CreateDialogIndirectParamA
IsDialogMessageA
ScrollWindowEx
IsWindowEnabled
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
UnhookWindowsHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassLongA
PtInRect
EqualRect
MapWindowPoints
ScreenToClient
GetWindowTextLengthA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SystemParametersInfoA
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
DispatchMessageA
SetLayeredWindowAttributes
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
SetRectEmpty
SendDlgItemMessageA
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
EnumDisplayMonitors
CharNextA
CopyAcceleratorTableA
SendMessageA
SetWindowPos
EnableWindow
PostMessageA
GetWindowDC
GetMenuState
GetMenuStringA
GetDesktopWindow
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
UnregisterClassA
CreateIconFromResource
LoadIconW
LoadIconA
LoadCursorW
CallNextHookEx
GetWindowThreadProcessId
GetClassNameA
EnumWindows
GetCursorPos
GetWindowTextA
SetWindowTextA
SwitchToThisWindow
UpdateWindow
DrawIcon
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetCapture
SetTimer
KillTimer
IsRectEmpty
WaitMessage
GetSysColorBrush
LoadCursorA
TrackMouseEvent
LoadImageW
RealChildWindowFromPoint
CopyImage
GetAsyncKeyState
GetDialogBaseUnits
CharUpperA
LoadMenuW
GetSystemMenu
DeleteMenu
IsIconic
IsWindowVisible
MessageBeep
NotifyWinEvent
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
GetKeyState
MonitorFromPoint
ReleaseDC
SetWindowRgn
InvalidateRect
GetClientRect
GetWindowRect
LoadImageA
GetNextDlgTabItem
GetActiveWindow
LoadMenuA
DestroyMenu
GetSubMenu
TrackPopupMenuEx
DrawStateA
GetDC
SetCursor
ClientToScreen
WindowFromPoint
GetSysColor
DrawFocusRect
FillRect
FrameRect
CopyRect
InflateRect
OffsetRect
DrawFrameControl
GetWindowLongA
GetParent
DestroyCursor
DestroyIcon
CreateIconIndirect
GetIconInfo
SetWindowLongA
IsWindow
RedrawWindow
GetFocus
MessageBoxA
AdjustWindowRectEx
PeekMessageA
PostQuitMessage
GetClassInfoA
OpenIcon
SetForegroundWindow
FindWindowA
wsprintfA
InvalidateRgn
SetRect
SetParent
GetNextDlgGroupItem
DrawIconEx
HideCaret
InvertRect
SetClassLongA
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawEdge
GetTabbedTextExtentW
GetTabbedTextExtentA
GetWindowRgn
SubtractRect
CreateMenu
WindowFromDC
InSendMessage
SendNotifyMessageA
EnumChildWindows
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
GetDoubleClickTime
MapVirtualKeyExA
IsCharLowerA
GetComboBoxInfo
GetDCEx
PostThreadMessageA
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
ModifyMenuA
LockWindowUpdate
CharUpperBuffA
RegisterClipboardFormatA
CopyIcon
SetCursorPos
RegisterWindowMessageA
gdi32
GetTextFaceA
GetTextExtentPoint32W
GetTextExtentPointA
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
SetPixelV
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DeleteMetaFile
CreateMetaFileA
CloseMetaFile
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
SetPaletteEntries
ExtFloodFill
Rectangle
GetCurrentObject
OffsetRgn
EnumFontFamiliesExA
Polyline
Polygon
CreatePolygonRgn
SetDIBColorTable
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
StretchDIBits
GetCharWidthA
CreateFontA
GetRgnBox
GetTextColor
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
CreateRoundRectRgn
LPtoDP
CreateDIBSection
Ellipse
CreateEllipticRgn
GetTextMetricsA
GetTextExtentPoint32A
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CreateFontIndirectA
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolylineTo
PolyBezierTo
MoveToEx
ExtCreatePen
SetArcDirection
SelectClipPath
PolyDraw
ArcTo
StartDocA
SetColorAdjustment
ModifyWorldTransform
SetWorldTransform
EnumMetaFile
PlayMetaFileRecord
SetTextJustification
SetTextAlign
SetTextCharacterExtra
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
SetMapperFlags
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
GetDeviceCaps
CreateDCA
CopyMetaFileA
ExtTextOutA
TextOutA
RectVisible
PtVisible
Escape
CreateSolidBrush
SetTextColor
SetPixel
SetBkColor
GetStockObject
GetPixel
DeleteDC
CreateBitmap
GetObjectA
StretchBlt
SelectObject
GetDIBits
GetBkColor
DeleteObject
CreateRectRgn
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
BitBlt
msimg32
TransparentBlt
AlphaBlend
winspool.drv
OpenPrinterA
GetJobA
ClosePrinter
DocumentPropertiesA
advapi32
SystemFunction036
RegOpenKeyA
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyExW
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
IsTextUnicode
RegSetValueA
RegCloseKey
BuildExplicitAccessWithNameA
SetSecurityInfo
SetEntriesInAclA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
shell32
SHGetDesktopFolder
CommandLineToArgvW
ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA
DragQueryFileA
DragFinish
SHGetFileInfoA
SHBrowseForFolderA
SHGetMalloc
SHAppBarMessage
ShellExecuteExA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ExtractIconA
SHAddToRecentDocs
comctl32
_TrackMouseEvent
shlwapi
UrlUnescapeA
PathFindExtensionA
PathRemoveExtensionA
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
PathFindFileNameA
PathRemoveFileSpecW
uxtheme
CloseThemeData
IsAppThemed
DrawThemeText
DrawThemeParentBackground
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
OpenThemeData
GetThemePartSize
GetThemeColor
GetCurrentThemeName
GetWindowTheme
GetThemeSysColor
ole32
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
CreateItemMoniker
CreateGenericComposite
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleRegEnumVerbs
OleRegGetMiscStatus
CreateFileMoniker
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
OleLockRunning
OleSetMenuDescriptor
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleRun
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
PropVariantCopy
CoDisconnectObject
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
OleDraw
CreateStreamOnHGlobal
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoInitialize
CoCreateInstance
CoUninitialize
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
WriteClassStm
ReadFmtUserTypeStg
oleaut32
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysStringLen
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SysAllocString
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
OleCreateFontIndirect
SafeArrayCreateVector
VariantChangeType
VariantClear
SysAllocStringLen
VariantInit
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetLBound
SysFreeString
oledlg
ord8
urlmon
URLDownloadToFileA
gdiplus
GdiplusShutdown
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdipGetImageWidth
winmm
PlaySoundA
wininet
FtpGetFileA
InternetErrorDlg
InternetGetCookieA
InternetSetCookieA
HttpEndRequestA
HttpSendRequestExA
HttpAddRequestHeadersA
GopherGetAttributeA
GopherOpenFileA
GopherFindFirstFileA
GopherCreateLocatorA
FtpCommandA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpOpenFileA
FtpRenameFileA
FtpDeleteFileA
FtpPutFileA
FtpFindFirstFileA
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetSetOptionExA
InternetQueryOptionA
InternetFindNextFileA
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetCanonicalizeUrlA
InternetCrackUrlA
DeleteUrlCacheEntry
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetOpenUrlA
InternetConnectA
InternetCloseHandle
InternetOpenA
ws2_32
select
recvfrom
recv
ntohs
inet_ntoa
htonl
getsockname
getpeername
sendto
accept
WSACleanup
WSAStartup
gethostbyname
WSASetLastError
socket
send
inet_addr
htons
connect
closesocket
WSAGetLastError
WSAAsyncSelect
bind
oleacc
AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
imm32
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 622KB - Virtual size: 622KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 37KB - Virtual size: 121KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ