blackmoon | 9e2fadff8c9fdbd74afdffb884fdbd8795467b01c4fd78c0376a9455c5bfc3ca

Sharing

Copy URL

Twitter E-mail

General

Target

9e2fadff8c9fdbd74afdffb884fdbd8795467b01c4fd78c0376a9455c5bfc3ca
Size

4.6MB
MD5

f66a58d75236727641f3d6d3ec811f4d
SHA1

3335031b59357016dd2bdfd38e4d96f11408678b
SHA256

9e2fadff8c9fdbd74afdffb884fdbd8795467b01c4fd78c0376a9455c5bfc3ca
SHA512

fb4c9f03ce21a9102f95ad6172b4e22bf9bc981fa8a3a1872678b02656bd644f81237a54fb691c6af6809109ddca8483a8d000db9461b851d86dcee55c70570c
SSDEEP

49152:rVXe/q5NlEtfTiC6VEfTFlpt2wrd5eQ35esIC+Fza7z22CuNV/y:ZO/q5N4TiCIEhUwppIba79CuNVa

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e2fadff8c9fdbd74afdffb884fdbd8795467b01c4fd78c0376a9455c5bfc3ca

Files

9e2fadff8c9fdbd74afdffb884fdbd8795467b01c4fd78c0376a9455c5bfc3ca
.exe windows:4 windows x86 arch:x86

a6ed953090d6aa6cb84779390439626e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
MulDiv
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcatA
lstrcpyA
InterlockedIncrement
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
LockResource
LoadResource
FindResourceA
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
lstrlenA
GetTickCount
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
FormatMessageA
GlobalFree
GetUserDefaultLCID
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
DeleteFileA
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileA
GetFileSize
ReadFile
GetModuleFileNameA
IsBadReadPtr
HeapReAlloc
ExitProcess
HeapAlloc
HeapFree
VirtualFreeEx
GetCurrentProcess
IsWow64Process
SetWaitableTimer
CreateWaitableTimerA
RtlMoveMemory
VirtualAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetProcessId
GetFileAttributesA
CloseHandle
TlsFree
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
TerminateProcess
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
WriteFile
SetErrorMode
GetProcessVersion
GetCurrentThreadId
LocalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetVersion
MulDiv
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
FlushFileBuffers
SetEndOfFile
GetStringTypeExA
GetCPInfo
GetOEMCP
GetStdHandle
GetProcessHeap
RtlUnwind
RaiseException
TerminateProcess
FindNextFileA
DeleteCriticalSection
FindFirstFileA
FindClose
CloseHandle
WriteFile
CreateFileA
GetUserDefaultLCID
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
SetFilePointer
GetFileSize
ReadFile
LocalFree
GetModuleFileNameA
FreeLibrary
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
HeapFree
InterlockedCompareExchange
InterlockedExchange
GetSystemDirectoryA
GetTempPathA
lstrlenW
GetCurrentProcess
VirtualFreeEx
WideCharToMultiByte
HeapCreate
HeapDestroy
ExitProcess
HeapReAlloc
IsBadReadPtr
LeaveCriticalSection
GetSystemInfo
VirtualQuery
VirtualProtect
SetStdHandle
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
Sleep
IsBadWritePtr
VirtualAlloc
VirtualFree
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetWindowsDirectoryA
SetHandleCount
IsBadCodePtr
lstrcpyn
IsBadStringPtrA
GetFileAttributesA
RtlMoveMemory
LoadLibraryA
GetProcAddress
CreateThread
CopyFileA
GetLocaleInfoA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
HeapSize
GetACP
GetCommandLineA
TlsAlloc
HeapAlloc

user32

CallWindowProcA
GetWindowInfo
SetWindowLongA
MessageBoxA
wsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetDC
GetTopWindow
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetCursorPos
MsgWaitForMultipleObjects
RegisterWindowMessageA
PostMessageA
GetClassNameA
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
SendDlgItemMessageA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetMenuItemCount
UnhookWindowsHookEx
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnumWindows
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
CopyRect
GetClientRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
GetCapture
WinHelpA
GetClassInfoA
UpdateWindow
RegisterClassA
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
GetMenu
UnregisterClassA
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostQuitMessage
IsDialogMessageA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
PostThreadMessageA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
EnableMenuItem
EndDialog
CreateDialogIndirectParamA
DestroyMenu
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
EndDialog
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
UnhookWindowsHookEx
ClientToScreen
SetWindowTextA
UnregisterClassA
PtInRect
ModifyMenuA
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
MessageBoxA
CopyRect
GetClientRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetMenuItemCount
GetClassNameA
GetDlgCtrlID
GetWindow
RegisterClipboardFormatA
GetWindowTextA
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
wsprintfA
GetWindowRect

shlwapi

PathFindFileNameA
PathFindExtensionA
StrTrimA
PathFileExistsA
PathFindFileNameA
PathFindExtensionA

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
ShellExecuteExA
SHGetSpecialFolderPathA
SHOpenFolderAndSelectItems
ShellExecuteA
ord189
ord155

ole32

CLSIDFromProgID
CLSIDFromString
OleRun
CoCreateInstance
OleUninitialize
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CoFreeUnusedLibraries
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

advapi32

RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegEnumValueA
RegEnumKeyA
RegCreateKeyExA
RegOpenKeyExA
RegOpenCurrentUser
RegCloseKey
RegCloseKey
CryptExportKey
CryptAcquireContextA
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptGetHashParam
CryptImportKey
CryptSetKeyParam
CryptHashData
CryptGetKeyParam
CryptEncrypt
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
CryptDecrypt
CryptCreateHash

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetMapMode
SetTextColor
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap
RemoveFontResourceA
GetObjectA
GetStockObject
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
GetObjectA
GetStockObject
CreateBitmap
DeleteObject
DeleteDC
SaveDC
SetWindowExtEx
SelectObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
RestoreDC

oleaut32

GetActiveObject
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
VariantChangeType
VariantInit
SafeArrayDestroy
VariantCopy
SysAllocString
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
VariantChangeType
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantClear
SysAllocString
VariantCopy
SafeArrayDestroy
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
VarR8FromBool
VarR8FromCy
VariantTimeToSystemTime

gdiplus

GdiplusStartup

advpack

IsNTAdmin

ntdll

NtCreateSemaphore
RtlCompressBuffer
RtlComputeCrc32
RtlDecompressBuffer
NtWaitForSingleObject
NtReleaseSemaphore
NtClose
RtlGetCompressionWorkSpaceSize

dbghelp

MakeSureDirectoryPathExists

wininet

InternetTimeToSystemTime

crypt32

CertFreeCertificateContext
CryptStringToBinaryA
CryptDecodeObjectEx
CertCloseStore
CryptImportPublicKeyInfo

bcrypt

BCryptImportKeyPair
BCryptCreateHash
BCryptVerifySignature
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptDestroyKey
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptSignHash
BCryptGetProperty
BCryptHashData

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA
OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17
ord17

oledlg

ord8
ord8

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.4MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6ed953090d6aa6cb84779390439626e

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

shell32

ole32

advapi32

gdi32

oleaut32

gdiplus

advpack

ntdll

dbghelp

wininet

crypt32

bcrypt

winspool.drv

comctl32

oledlg

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 120KB - Virtual size: 118KB

.data Size: 2.4MB - Virtual size: 2.5MB

.rsrc Size: 4KB - Virtual size: 684B

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 120KB - Virtual size: 118KB

.data
Size: 2.4MB - Virtual size: 2.5MB

.rsrc
Size: 4KB - Virtual size: 684B