blackmoon | d54ebef00f003066429040c783b64ac990417449dd77f5ed0ca55034a2cfe14f

Sharing

Copy URL

Twitter E-mail

General

Target

d54ebef00f003066429040c783b64ac990417449dd77f5ed0ca55034a2cfe14f
Size

1.7MB
MD5

7031f160e977a539c495c778484677a1
SHA1

1462fb737cf7d3b82f270d96435907f6c3d21124
SHA256

d54ebef00f003066429040c783b64ac990417449dd77f5ed0ca55034a2cfe14f
SHA512

00217bf7a0010888f5dbbbc3c32bb14387b8fc98f6c8fc12437f1c4d9687ff7a75a63daa3bf16b1d7c34d4ca2c716a9613e24d366b9d2486973bcd6e7bd7fe23
SSDEEP

49152:DxnMqlzdzrdrWAYy+s8KuqGaX0ToIBAUZLYF:9blJzrd6AYxJBAUZLi

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
d54ebef00f003066429040c783b64ac990417449dd77f5ed0ca55034a2cfe14f

Files

d54ebef00f003066429040c783b64ac990417449dd77f5ed0ca55034a2cfe14f
.exe windows:4 windows x86 arch:x86

89d3541fe1a9c24a1d876c1505c24e14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GlobalLock
GlobalUnlock
GetUserDefaultLCID
MultiByteToWideChar
GetEnvironmentVariableA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
WriteFile
GetTempPathA
GetTickCount
CreateFileA
GetFileSize
ReadFile
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
QueryDosDeviceW
GetTempPathW
Sleep
GetTimeZoneInformation
SetLastError
lstrlenA
Module32First
GetVersionExA
GetLastError
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
LocalFree
lstrcpynA
EnterCriticalSection
lstrcpyA
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
SetFilePointer
FlushFileBuffers
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
MulDiv
GlobalFlags
WritePrivateProfileStringA
lstrcatA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
LockResource
LoadResource
FindResourceA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetSystemTime
GetLocalTime
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle
TerminateProcess
OpenProcess
GetCurrentProcess
WideCharToMultiByte
lstrlenW
GlobalFree
RtlMoveMemory
GlobalAlloc
GetCurrentProcessId

user32

SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
ShowWindow
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
PostMessageA
PostQuitMessage
SetForegroundWindow
SetActiveWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
IsWindow
SetWindowTextA
SetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GetClientRect
SetWindowPos
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
UnhookWindowsHookEx
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
GetSystemMetrics
GetWindowTextA
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
GetWindowLongA
SetCursor
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
SendMessageA

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
OffsetViewportOrgEx
SetTextColor
CreateBitmap
SetMapMode
GetObjectA
GetStockObject
SetViewportOrgEx
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps

shell32

ShellExecuteA
SHGetSpecialFolderPathW

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitializeEx
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

psapi

GetProcessImageFileNameW

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy

shlwapi

PathFileExistsA

rasapi32

RasHangUpA
RasGetConnectStatusA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

wsock32

WSAStartup
send
select
closesocket
recv
WSACleanup

wininet

InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89d3541fe1a9c24a1d876c1505c24e14

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

psapi

oledlg

oleaut32

shlwapi

rasapi32

winspool.drv

comctl32

wsock32

wininet

advapi32

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 1.5MB - Virtual size: 1.7MB

.rsrc Size: 4KB - Virtual size: 668B

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 1.5MB - Virtual size: 1.7MB

.rsrc
Size: 4KB - Virtual size: 668B