blackmoon | f4f96ebcea3bff74c9b970ec3b9737e985dc96dc4dc95cfdf78bab8000a55589

Sharing

Copy URL

Twitter E-mail

General

Target

f4f96ebcea3bff74c9b970ec3b9737e985dc96dc4dc95cfdf78bab8000a55589
Size

3.7MB
MD5

de0522a910bc50443c790793a3df1902
SHA1

ab739c91e20f2092ad7f18077d07e5ae9bbf1ead
SHA256

f4f96ebcea3bff74c9b970ec3b9737e985dc96dc4dc95cfdf78bab8000a55589
SHA512

5452ca18c218cd06fd476d946edaf725c81dc16157c1e3c144adc333c26e580565e3bf23626c333d6b2a11a3db12eae070dbdeb2665ece3c38fea5e51d6d817f
SSDEEP

98304:POg0HFlHpS0DGAngjtsAz7Cn4+0P44jPiq5HG:mL3DGACtfzR4K59G

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4f96ebcea3bff74c9b970ec3b9737e985dc96dc4dc95cfdf78bab8000a55589

Files

f4f96ebcea3bff74c9b970ec3b9737e985dc96dc4dc95cfdf78bab8000a55589
.dll windows:4 windows x86 arch:x86

3a2af51264274b7ed0f60a98c7ca0fe5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
LCMapStringA
FreeLibrary
GetCommandLineA
SetFilePointer
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetFileSize
ReadFile
CreateFileA
WriteFile
DeleteFileA
FindFirstFileA
FindClose
GetModuleFileNameA
IsBadReadPtr
ExitProcess
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerA
HeapDestroy
HeapReAlloc
RtlZeroMemory
lstrcmpA
lstrlenA
InterlockedDecrement
InterlockedIncrement
HeapFree
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetCriticalSectionSpinCount
VirtualFree
VirtualAlloc
WaitForMultipleObjects
CreateEventA
HeapCreate
HeapAlloc
GetProcessHeap
InitializeCriticalSectionAndSpinCount
Sleep
GetTimeZoneInformation
SetLastError
GetTempPathA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
GlobalDeleteAtom
LocalFree
lstrcpynA
lstrcpyA
LocalAlloc
FlushFileBuffers
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatA
GetVersion
MulDiv
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
TerminateProcess
RaiseException
GetSystemTime
GetLocalTime
GetACP
HeapSize
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualQueryEx
GetCurrentProcess
lstrcpyn
GetSystemDirectoryA
CloseHandle
CreateThread
RtlMoveMemory
GetModuleHandleA
WriteProcessMemory
GetProcAddress
LoadLibraryA
GetModuleHandleExA

user32

ShowWindow
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
SetWindowLongA
CopyRect
SetWindowPos
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
IsDialogMessageA
SendDlgItemMessageA
PostQuitMessage
SetForegroundWindow
SetActiveWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
IsWindow
SetWindowTextA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetSystemMetrics
GetWindowTextA
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
GetWindowLongA
SetCursor
SendMessageA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
wvsprintfA
CallWindowProcA
GetAsyncKeyState
SetTimer
PostMessageA

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetMapMode
GetDeviceCaps
SetTextColor
SetBkColor
SelectObject
RestoreDC
SaveDC
GetObjectA
GetStockObject
DeleteDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
CreateBitmap

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA

ole32

CoRevokeClassObject
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

psapi

GetModuleFileNameExA

oledlg

ord8

oleaut32

VariantTimeToSystemTime

shlwapi

PathFileExistsA

rasapi32

RasGetConnectStatusA
RasHangUpA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

wsock32

WSAStartup
select
closesocket
recv
WSACleanup
send

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

Exports

Exports

TTCharToUnicode
TTDeleteEmbeddedFont
TTEmbedFont
TTEmbedFontEx
TTEmbedFontFromFileA
TTEnableEmbeddingForFacename
TTGetEmbeddedFontInfo
TTGetEmbeddingType
TTGetNewFontName
TTIsEmbeddingEnabled
TTIsEmbeddingEnabledForFacename
TTLoadEmbeddedFont
TTRunValidationTests
TTRunValidationTestsEx
_TTCharToUnicode24
_TTDeleteEmbeddedFont12
_TTEmbedFont44
_TTEmbedFontFromFileA52
_TTEnableEmbeddingForFacename8
_TTGetEmbeddedFontInfo28
_TTGetEmbeddingType8
_TTIsEmbeddingEnabled8
_TTIsEmbeddingEnabledForFacename8
_TTLoadEmbeddedFont40
_TTRunValidationTests8
start
��_��ش��

Sections

.text
Size: 316KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 448KB - Virtual size: 603KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ntest0
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a2af51264274b7ed0f60a98c7ca0fe5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

wininet

ole32

psapi

oledlg

oleaut32

shlwapi

rasapi32

winspool.drv

comctl32

wsock32

advapi32

shell32

Exports

Exports

Sections

.text Size: 316KB - Virtual size: 313KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 448KB - Virtual size: 603KB

.ntest0 Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 16KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 612B

.text
Size: 316KB - Virtual size: 313KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 448KB - Virtual size: 603KB

.ntest0
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 16KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 612B