blackmoon | 5d01f205dd24b4f1d3499684314faa51aec4b955b0f113671f4f3dd2cd3fc003

Sharing

Copy URL Twitter E-mail

General

Target

5d01f205dd24b4f1d3499684314faa51aec4b955b0f113671f4f3dd2cd3fc003
Size

4.8MB
MD5

0a63953eeab205598fedd772a0f945b6
SHA1

02f8015c0727e6d6dcbaf1d8c7c56503e6e6bef2
SHA256

5d01f205dd24b4f1d3499684314faa51aec4b955b0f113671f4f3dd2cd3fc003
SHA512

c72ffd7f68c1f5e483f88ad1af503c9a4129fa7cfeb9a32898ce2ab5b769691ac7e56846925a572517c4f6fa5154dd4e7e1699f6c957b0c09f25d737288db964
SSDEEP

49152:Re2b2PSgam42Vi22uWpOTUzCBt2wrd5eQ35esIC+Fza7z22CxFNV/h:Y2b2N42Vi2HWpnztwppIba79CxFNVp

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d01f205dd24b4f1d3499684314faa51aec4b955b0f113671f4f3dd2cd3fc003

Files

5d01f205dd24b4f1d3499684314faa51aec4b955b0f113671f4f3dd2cd3fc003
.exe windows:4 windows x86 arch:x86

d646d9ee049ca5fe7057ba1d5dd55771

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
MulDiv
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcatA
lstrcpyA
InterlockedIncrement
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
LockResource
LoadResource
FindResourceA
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
lstrlenA
GetTickCount
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
FormatMessageA
GlobalFree
GetUserDefaultLCID
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
DeleteFileA
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileA
GetFileSize
ReadFile
GetModuleFileNameA
IsBadReadPtr
HeapReAlloc
ExitProcess
HeapAlloc
HeapFree
VirtualFreeEx
GetCurrentProcess
IsWow64Process
SetWaitableTimer
CreateWaitableTimerA
RtlMoveMemory
VirtualAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetProcessId
GetFileAttributesA
CloseHandle
TlsFree
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
TerminateProcess
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
WriteFile
SetErrorMode
GetProcessVersion
GetCurrentThreadId
lstrlenW
lstrlenA
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
GetSystemInfo
VirtualQuery
VirtualProtect
SetStdHandle
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadStringPtrA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
LocalAlloc
LocalFree
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetVersion
MulDiv
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
FlushFileBuffers
IsBadReadPtr
RtlMoveMemory
SetEndOfFile
GetStringTypeExA
FindNextFileA
FindFirstFileA
FindClose
GetTickCount
CloseHandle
GetCurrentProcess
SetFilePointer
GetUserDefaultLCID
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileSize
ReadFile
GetCommandLineA
GetModuleFileNameA
FreeLibrary
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
HeapReAlloc
ExitProcess
WideCharToMultiByte
CreateFileA
HeapDestroy
HeapCreate
LCMapStringW
Sleep
IsBadWritePtr
VirtualAlloc
VirtualFree
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetProcessHeap
GetLocaleInfoA
LoadLibraryA
GetProcAddress
HeapFree
IsBadCodePtr
GetModuleHandleA
CreateThread
lstrcpyn
CopyFileA
GetFileAttributesA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetCPInfo
GetOEMCP
GetACP
HeapSize
HeapAlloc
TerminateProcess
RaiseException
RtlUnwind
WriteFile
VirtualFreeEx

user32

CallWindowProcA
GetWindowInfo
SetWindowLongA
MessageBoxA
wsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetDC
IsDialogMessageA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetCursorPos
MsgWaitForMultipleObjects
RegisterWindowMessageA
PostMessageA
GetClassNameA
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
GetMenuItemCount
UnhookWindowsHookEx
SetWindowTextA
EnumWindows
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
SetWindowPos
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostQuitMessage
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
ClientToScreen
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
EndDialog
PostThreadMessageA
CreateDialogIndirectParamA
DestroyMenu
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
EndDialog
PostQuitMessage
wsprintfA
IsWindow
DispatchMessageA
SetMenuItemBitmaps
GetClassNameA
PtInRect
GetDlgCtrlID
LoadBitmapA
ClientToScreen
SetWindowTextA
GetNextDlgTabItem
GetMenuItemCount
GetDC
ReleaseDC
GetMenuState
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
TranslateMessage
GetMessageA
PeekMessageA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
MessageBoxA
CopyRect
SendDlgItemMessageA
GetClientRect
AdjustWindowRectEx
SetActiveWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetFocus
EnableMenuItem
CheckMenuItem
UnregisterClassA
UnhookWindowsHookEx
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
GetWindowTextA
GetWindowRect
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
GetWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
IsDialogMessageA
ModifyMenuA

shlwapi

PathFindFileNameA
PathFindExtensionA
PathFindExtensionA
StrTrimA
PathFileExistsA
PathFindFileNameA

ole32

CLSIDFromProgID
CLSIDFromString
OleRun
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleUninitialize
OleIsCurrentClipboard
OleInitialize
CoInitialize
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleFlushClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoCreateInstance

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
ShellExecuteExA
ShellExecuteA
SHOpenFolderAndSelectItems
ord189
SHGetSpecialFolderPathA
ord155

advapi32

RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegEnumValueA
RegEnumKeyA
RegCreateKeyExA
RegOpenKeyExA
RegOpenCurrentUser
RegCloseKey
CryptReleaseContext
RegCloseKey
RegOpenKeyExA
RegSetValueExA
CryptExportKey
CryptAcquireContextA
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptDecrypt
CryptSetKeyParam
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptEncrypt
CryptGetKeyParam
RegCreateKeyExA

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetMapMode
SetTextColor
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap
RemoveFontResourceA
GetObjectA
GetStockObject
GetClipBox
GetClipBox
SetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
GetDeviceCaps
Escape
SetMapMode
SetTextColor
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
PtVisible
RectVisible
TextOutA
ExtTextOutA
OffsetViewportOrgEx
DeleteObject
CreateBitmap
GetStockObject
GetObjectA
SetViewportOrgEx

oleaut32

GetActiveObject
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
VariantChangeType
VariantInit
SafeArrayDestroy
VariantCopy
SysAllocString
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
VariantTimeToSystemTime
VarR8FromCy
VarR8FromBool
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantClear
SysAllocString
VariantCopy
SafeArrayDestroy
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
VariantChangeType
SysFreeString
LoadTypeLi

gdiplus

GdiplusStartup

advpack

IsNTAdmin

ntdll

NtReleaseSemaphore
NtCreateSemaphore
NtClose
NtWaitForSingleObject
RtlDecompressBuffer
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlComputeCrc32

dbghelp

MakeSureDirectoryPathExists

wininet

InternetTimeToSystemTime

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpSetTimeouts

crypt32

CryptDecodeObjectEx
CryptImportPublicKeyInfo
CryptStringToBinaryA
CertCloseStore
CertFreeCertificateContext

bcrypt

BCryptCreateHash
BCryptImportKeyPair
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptVerifySignature
BCryptDestroyKey
BCryptSignHash
BCryptDestroyHash
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptGetProperty

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17
ord17

oledlg

ord8
ord8

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.4MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d646d9ee049ca5fe7057ba1d5dd55771

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

ole32

shell32

advapi32

gdi32

oleaut32

gdiplus

advpack

ntdll

dbghelp

wininet

winhttp

crypt32

bcrypt

winspool.drv

comctl32

oledlg

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 2.4MB - Virtual size: 2.5MB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 2.4MB - Virtual size: 2.5MB

.rsrc
Size: 12KB - Virtual size: 10KB