blackmoon | e8bc88995b3cf509ce7ffd8349e0e7a61501719631b39285bb9a9bb1afcf4c1e

Sharing

Copy URL

Twitter E-mail

General

Target

e8bc88995b3cf509ce7ffd8349e0e7a61501719631b39285bb9a9bb1afcf4c1e
Size

2.2MB
MD5

94063dd1976857c56d3ec28004b03ecd
SHA1

ce1238e6707aec08fc800d0fcb572f2cc491827d
SHA256

e8bc88995b3cf509ce7ffd8349e0e7a61501719631b39285bb9a9bb1afcf4c1e
SHA512

9f9a291d0bd01a83f88c9e2c42b0ede42465a0f0e64a98f9e66db9ee15558f353aa6f62296b92f9f4e594b2696788c3ce1699af9c6c46c4c8fb720cf760e395b
SSDEEP

24576:HElra6k3vOFVGnQr7oqItUpr06mUMcLIz+uzM7k3wJmOKMCmLy:HywfeP/lS1nz53wJWq

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
e8bc88995b3cf509ce7ffd8349e0e7a61501719631b39285bb9a9bb1afcf4c1e

Files

e8bc88995b3cf509ce7ffd8349e0e7a61501719631b39285bb9a9bb1afcf4c1e
.exe windows:4 windows x86 arch:x86

cb7d81ad101a14e1a5d09e6afdaf7afa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
GetCommandLineA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
GetCurrentDirectoryA
GetDiskFreeSpaceA
MulDiv
DeleteFileA
CreateFileA
GetFileSize
ReadFile
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
RtlMoveMemory
Thread32Next
Thread32First
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
VirtualFreeEx
WriteProcessMemory
ReadProcessMemory
ResumeThread
GetCurrentThreadId
SetWaitableTimer
CreateWaitableTimerW
CreateProcessW
lstrlenW
GetCurrentDirectoryW
LoadLibraryExA
IsBadCodePtr
lstrlenA
FreeLibrary
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
QueryDosDeviceA
GetLogicalDriveStringsA
GetSystemDirectoryA
GetTempFileNameA
WideCharToMultiByte
CloseHandle
VirtualAllocEx
CopyFileA
GetTempPathA
OpenThread
GetCurrentProcess
GetVersionExA
GetProcAddress
GetModuleHandleA
SetStdHandle
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
TerminateProcess
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
WriteFile
SetErrorMode
GetProcessVersion
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
SetLastError
InterlockedIncrement
lstrcpyA
lstrcatA
InterlockedDecrement
GlobalFlags
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
VirtualAlloc
VirtualFree
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
LeaveCriticalSection
IsBadWritePtr
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
InitializeCriticalSection
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
IsWow64Process
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetVersion
EnterCriticalSection
LeaveCriticalSection
RaiseException
SetFilePointer
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetLastError
GetStringTypeA
WaitForSingleObject
CloseHandle
VirtualAllocEx
GetWindowsDirectoryA
lstrcpyn
CreateThread
MultiByteToWideChar
VirtualFreeEx
GetModuleHandleA
CreateToolhelp32Snapshot
Module32First
Module32Next
RtlMoveMemory
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
FlushFileBuffers
lstrcpynA
GetModuleFileNameA
GetCommandLineA
LCMapStringA
GetUserDefaultLCID
GetFileSize
ReadFile
CreateFileA
WriteFile
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
VirtualQueryEx
ReadProcessMemory
RtlFillMemory
lstrlenA
LoadLibraryA
VirtualFree
VirtualAlloc
VirtualProtect
GetExitCodeThread
CreateRemoteThread
Process32Next
Process32First
FreeLibrary
LoadLibraryExA
GetProcAddress
WriteProcessMemory
OpenProcess
GetNativeSystemInfo

user32

GetWindowThreadProcessId
GetAncestor
RegisterWindowMessageA
SetTimer
KillTimer
EnumWindows
IsWindowVisible
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
PostThreadMessageA
GetParent
MsgWaitForMultipleObjects
DestroyMenu
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
UnregisterClassA
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
ClientToScreen
PeekMessageA
GetMessageA
wsprintfA
DispatchMessageA
CallWindowProcA
GetCursorPos
GetWindowTextA
FindWindowA
GetForegroundWindow
MessageBoxA
TranslateMessage
WindowFromPoint
GetDlgItem
SendMessageA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetTextColor
GetDeviceCaps
SetBkColor
SelectObject
RestoreDC
SaveDC
Escape
CreateBitmap
TextOutA
RectVisible
PtVisible
GetObjectA
GetStockObject
DeleteDC
DeleteObject
ExtTextOutA

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
AdjustTokenPrivileges

shlwapi

PathFindFileNameA
PathFileExistsA
StrToIntExA

comdlg32

GetOpenFileNameW

psapi

GetMappedFileNameA

ole32

CLSIDFromProgID
OleRun
CoInitialize
CoUninitialize
CLSIDFromString
CoCreateInstance

oleaut32

RegisterTypeLi
SafeArrayDestroy
SafeArrayCreate
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
VariantClear
SysAllocString
VarR8FromCy
SysFreeString
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayUnaccessData

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 632KB - Virtual size: 630KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cb7d81ad101a14e1a5d09e6afdaf7afa

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comdlg32

psapi

ole32

oleaut32

winspool.drv

comctl32

Sections

.text Size: 632KB - Virtual size: 630KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 1.5MB - Virtual size: 1.6MB

.text
Size: 632KB - Virtual size: 630KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 1.5MB - Virtual size: 1.6MB