blackmoon | eeae7565e4b18298754cc0723eea0774798fe667f869d977e78448e8302464f4

Sharing

Copy URL

Twitter E-mail

General

Target

eeae7565e4b18298754cc0723eea0774798fe667f869d977e78448e8302464f4
Size

440KB
MD5

a57bc0f6299614486b61b74d28ff5821
SHA1

43359903adbab69ac1950a2cdbd9c57f57f3e19a
SHA256

eeae7565e4b18298754cc0723eea0774798fe667f869d977e78448e8302464f4
SHA512

9f46e699bdf9069e96c6bee14ddb6348f5339ce1ca6420d77155900a486907c02f426b3ef805c10429b7389e00851e52c98a0bb66b7b32766acf0f3880b3fac2
SSDEEP

6144:9Oaxk4jn12paJcCOXtmAU/Xk+qpy+CuRydo90C:kaxk4jnSaJcCOXZU/U+qpyfuRyih

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eeae7565e4b18298754cc0723eea0774798fe667f869d977e78448e8302464f4

Files

eeae7565e4b18298754cc0723eea0774798fe667f869d977e78448e8302464f4
.dll windows:4 windows x86 arch:x86

943ead950993fac6cdacee25bbe5f058

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
GetProcessVersion
RtlUnwind
GlobalGetAtomNameA
lstrcpynW
GlobalFindAtomA
GetLastError
SetLastError
WritePrivateProfileStringA
GlobalFlags
MulDiv
GetVersion
lstrcpyA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalFree
LocalAlloc
GlobalDeleteAtom
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
TerminateProcess
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
LCMapStringA
FreeLibrary
GetCommandLineA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetStartupInfoA
CreateProcessA
Sleep
GetLocalTime
HeapReAlloc
ExitProcess
RtlZeroMemory
lstrcmpA
lstrlenA
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
LoadResource
SizeofResource
FindResourceA
GetCurrentProcessId
LocalSize
lstrcpyn
GetModuleFileNameA
LockResource
HeapFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
HeapAlloc
GetProcessHeap
WaitForSingleObject
IsWow64Process
CloseHandle
DeviceIoControl
lstrcpynA
CreateFileA
VirtualProtect
GetProcAddress
LoadLibraryA
GetModuleHandleA
RtlMoveMemory
GlobalAddAtomA
CreateEventA
SetThreadContext
GetLastError
SuspendThread
GetCurrentThread
VirtualAlloc
GetModuleHandleA
SetLastError
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
FreeLibrary
GetProcAddress
LoadLibraryA
GetCommandLineA
GetVersion
RtlUnwind
TerminateProcess
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetThreadContext
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
VirtualQuery
InterlockedCompareExchange
GetCurrentProcess
FlushInstructionCache
VirtualProtect
ResumeThread
GetCurrentThreadId
GetModuleFileNameA

user32

DestroyMenu
PostThreadMessageA
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
UpdateWindow
MapWindowPoints
GetSysColor
IsWindow
AdjustWindowRectEx
GetClientRect
CopyRect
CreateDialogIndirectParamA
EndDialog
SetActiveWindow
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
SetTimer
GetAsyncKeyState
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
EnumWindows
GetAncestor
MessageBoxA
wsprintfA

ws2_32

shutdown
inet_addr
gethostbyname
WSASetLastError
htons
connect
select
__WSAFDIsSet
ioctlsocket
htonl
WSAIoctl
send
recv
listen
accept
WSASocketW
socket
sendto
recvfrom
inet_ntoa
getsockname
WSAStartup
WSACleanup
setsockopt
getpeername
closesocket
bind
WSAGetLastError

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap
GetStockObject
GetObjectA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

oledlg

ord8

ole32

OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

Exports

Exports

info
ix
start

Sections

.text
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

943ead950993fac6cdacee25bbe5f058

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

gdi32

winspool.drv

advapi32

comctl32

oledlg

ole32

Exports

Exports

Sections

.text Size: 292KB - Virtual size: 290KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 76KB - Virtual size: 151KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 26KB

.text
Size: 292KB - Virtual size: 290KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 76KB - Virtual size: 151KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 26KB