Behavioral task
behavioral1
Sample
9674a426da58821b1a356f1927feb7fca51f1a41b0059a8bf970c0ef470b840a.exe
Resource
win7-20240903-en
windows7-x64
General
-
Target
9674a426da58821b1a356f1927feb7fca51f1a41b0059a8bf970c0ef470b840a
-
Size
3.4MB
-
MD5
33d06725feb361eebf2642a397c6496b
-
SHA1
1a7ecbfcf2cb6656efe907e4c51c3def95dc0305
-
SHA256
9674a426da58821b1a356f1927feb7fca51f1a41b0059a8bf970c0ef470b840a
-
SHA512
ff386511e59a2337020b4667793b556f768d81b8be62ed015f7fa7ae72d25c21cd94a168f2ca8cbbb0bf53046e84832d9c88a80f5bda12300dc48058c04a934b
-
SSDEEP
49152:ltI2W5b62TNfiQuHoXUF+cZp3iWcvct3get:TWV62zVUF+cZp3iWcvcnt
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9674a426da58821b1a356f1927feb7fca51f1a41b0059a8bf970c0ef470b840a
Files
-
9674a426da58821b1a356f1927feb7fca51f1a41b0059a8bf970c0ef470b840a.exe windows:4 windows x86 arch:x86
d988f95bfd6d3736e74c929fc378ae66
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LocalFree
LocalAlloc
TerminateProcess
VirtualAlloc
GetVolumeInformationA
LeaveCriticalSection
LoadLibraryW
DebugActiveProcess
SetThreadContext
GetThreadContext
SuspendThread
CreateEventA
Sleep
GetQueuedCompletionStatus
IsDBCSLeadByteEx
OpenMutexA
FileTimeToSystemTime
GetLocalTime
GetProcessTimes
HeapDestroy
GetVersionExA
GetWindowsDirectoryA
GetCurrentThread
VirtualProtectEx
DeviceIoControl
CreateFileA
MapViewOfFile
SetHandleCount
GetSystemDirectoryA
ReleaseMutex
Thread32Next
Thread32First
DeleteFileA
GetLongPathNameA
Module32Next
Module32First
SetEndOfFile
SetFilePointer
GetLastError
GetModuleHandleW
VirtualQueryEx
MoveFileA
SetWaitableTimer
CreateWaitableTimerA
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
SetUnhandledExceptionFilter
GlobalFree
GetStringTypeA
LCMapStringW
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStdHandle
GetFileType
SetStdHandle
HeapSize
GetACP
GetSystemTime
RaiseException
RtlUnwind
IsBadReadPtr
GetThreadTimes
CreatePipe
CreateProcessA
PeekNamedPipe
ReadFile
GetExitCodeProcess
WriteFile
GetModuleFileNameW
CreateMutexA
GetModuleFileNameA
InitializeCriticalSection
TerminateThread
RtlFillMemory
OpenEventA
InterlockedDecrement
OpenFileMappingA
CreateFileMappingA
LoadLibraryA
GetProcAddress
GetCommandLineA
GetFileAttributesA
RemoveDirectoryA
SetLocalTime
WritePrivateProfileStringA
GetStartupInfoA
SetFileAttributesA
CreateDirectoryA
FindClose
FindFirstFileA
FindNextFileA
GetCurrentDirectoryA
GetFileSize
GetOEMCP
GetCPInfo
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
MulDiv
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
DeleteCriticalSection
FreeLibrary
LoadLibraryExA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenThread
IsDebuggerPresent
GetModuleHandleA
HeapFree
GetTimeFormatA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetSystemInfo
CreateIoCompletionPort
GetUserDefaultLCID
HeapCreate
lstrcpynA
InterlockedIncrement
GetShortPathNameA
HeapReAlloc
ExitProcess
VirtualFree
GetComputerNameA
GetVersion
WaitForSingleObject
ResumeThread
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
FlushFileBuffers
lstrcpyA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
SetLastError
GetTimeZoneInformation
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
LCMapStringA
GetTempPathA
EnterCriticalSection
CreateThread
lstrcpyn
VirtualFreeEx
RtlMoveMemory
GetExitCodeThread
CreateRemoteThread
VirtualAllocEx
UnmapViewOfFile
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
ReadProcessMemory
OpenProcess
GetCurrentProcess
HeapAlloc
GetProcessHeap
WriteProcessMemory
lstrlenA
IsBadWritePtr
SetProcessWorkingSetSize
GetTickCount
PostQueuedCompletionStatus
GetStringTypeW
CopyFileA
FormatMessageA
GetLocalTime
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
RaiseException
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
InterlockedIncrement
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
Process32Next
Process32First
CreateToolhelp32Snapshot
SetFilePointer
GetFileSize
GetCurrentProcess
TerminateProcess
GetWindowsDirectoryA
GetSystemDirectoryA
SetLastError
GetTimeZoneInformation
GetVersion
TerminateThread
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedExchange
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
ExitProcess
GlobalSize
MultiByteToWideChar
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
CloseHandle
WaitForSingleObject
CreateProcessA
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
FindClose
FindFirstFileA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
ExpandEnvironmentStringsA
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
WideCharToMultiByte
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapReAlloc
user32
GetForegroundWindow
mouse_event
ShowCursor
WindowFromPoint
FindWindowA
ExitWindowsEx
GetDesktopWindow
GetAsyncKeyState
SendMessageA
PostMessageA
CallWindowProcA
ShowWindowAsync
ClipCursor
EnableWindow
SwapMouseButton
GetKeyboardState
CharUpperA
PostThreadMessageA
DispatchMessageA
TranslateMessage
GetMessageA
ReleaseCapture
CreateWindowStationA
GetKeyState
SendInput
PostQuitMessage
SetCursor
IsWindowEnabled
GetLastActivePopup
ValidateRect
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
MsgWaitForMultipleObjects
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnregisterClassA
PtInRect
GetMenuItemCount
SetCursorPos
TabbedTextOutA
DrawTextA
GrayStringA
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
GetMessagePos
GetMessageTime
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetAncestor
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
SetClassLongA
LoadCursorFromFileA
InvalidateRect
CallWindowProcW
ShowWindow
keybd_event
GetWindowTextA
GetClientRect
SetTimer
GetWindow
wvsprintfA
IsWindowVisible
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowInfo
IsIconic
GetPropA
RemovePropA
DestroyWindow
SetPropA
CreateWindowExA
IsZoomed
UpdateLayeredWindow
SetWindowLongW
GetGUIThreadInfo
SetParent
GetParent
MoveWindow
UpdateWindow
OpenIcon
EnumWindows
SetFocus
GetCursorPos
SetWindowLongA
EnumDisplaySettingsA
ChangeDisplaySettingsA
RegisterWindowMessageA
CharLowerA
EnumChildWindows
MapVirtualKeyA
GetWindowTextLengthA
GetClassNameA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
SendMessageTimeoutA
FindWindowExA
GetDlgItem
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
MessageBoxA
LoadKeyboardLayoutA
GetKeyboardLayoutNameA
ActivateKeyboardLayout
GetKeyboardLayout
SystemParametersInfoA
GetKeyboardLayoutList
UnloadKeyboardLayout
SetWindowPos
SetCapture
GetWindowRect
KillTimer
ClientToScreen
IsWindow
GetDC
PrintWindow
ReleaseDC
GetCapture
GetDoubleClickTime
FlashWindow
GetDlgCtrlID
SetForegroundWindow
SetLayeredWindowAttributes
GetWindowLongA
SetActiveWindow
GetCaretPos
EnumThreadWindows
SetWindowTextA
FlashWindowEx
DefWindowProcA
GetMenuState
PeekMessageA
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
DestroyAcceleratorTable
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
ReleaseCapture
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
PeekMessageA
CloseClipboard
wsprintfA
WaitForInputIdle
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
EnumWindows
IsWindowEnabled
GetWindowThreadProcessId
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
GetWindow
GetActiveWindow
SetFocus
ValidateRect
IsIconic
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA
GetSysColorBrush
GetDesktopWindow
GetClassNameA
GetDlgItem
FindWindowExA
GetWindowTextA
CallWindowProcA
CreateWindowExA
RegisterHotKey
UnregisterHotKey
UnregisterClassA
GetForegroundWindow
GetClipboardData
gdi32
Escape
ExtTextOutA
RectVisible
PtVisible
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
CreateRectRgn
GetObjectA
GetStockObject
GetClipBox
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateDIBSection
TextOutA
SetTextColor
SetBkMode
CreateFontIndirectA
GetTextExtentPointA
DeleteDC
DeleteObject
GetPixel
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetMapMode
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateSolidBrush
CombineRgn
CreateRectRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
FillRgn
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
CreateRectRgnIndirect
SetBkColor
CreateFontA
TranslateCharsetInfo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
CreateFontIndirectA
GetStockObject
GetObjectA
GetTextExtentPoint32A
GetDeviceCaps
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetBkColor
SetStretchBltMode
comdlg32
GetSaveFileNameA
GetFileTitleA
ChooseColorA
GetOpenFileNameA
GetFileTitleA
wsock32
getsockname
WSACleanup
listen
ord1140
ord1141
sendto
ntohs
send
inet_addr
accept
recvfrom
connect
getpeername
ioctlsocket
recv
setsockopt
htons
socket
ord1142
WSAStartup
select
closesocket
bind
wininet
InternetGetConnectedState
InternetTimeFromSystemTime
InternetOpenA
FtpGetFileSize
FtpOpenFileA
InternetTimeToSystemTime
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
InternetCloseHandle
InternetSetCookieA
HttpSendRequestA
shell32
SHChangeNotify
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFileInfoA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHFileOperationA
Shell_NotifyIconA
SHGetSpecialFolderPathA
DragQueryFileA
DragFinish
DragAcceptFiles
ShellExecuteA
ole32
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
CoUninitialize
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoCreateInstance
OleRun
OleUninitialize
CoInitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CLSIDFromProgID
dbghelp
MakeSureDirectoryPathExists
winhttp
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
shlwapi
PathIsSystemFolderA
PathRenameExtensionA
PathFindExtensionA
PathFileExistsA
PathRemoveBlanksA
StrTrimA
PathIsDirectoryEmptyA
PathUnmakeSystemFolderA
PathIsDirectoryA
PathMakeSystemFolderA
PathFindFileNameA
oleaut32
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
VariantClear
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
SafeArrayCreate
SysFreeString
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
VariantChangeType
VariantClear
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopy
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
advapi32
RegOpenKeyA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
RegCreateKeyExA
GetUserNameA
AdjustTokenPrivileges
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
RegDeleteValueA
RegEnumValueA
RegFlushKey
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
CryptDestroyHash
CryptGetHashParam
LookupAccountSidA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegCloseKey
gdiplus
GdipDeletePath
GdipSetClipHrgn
GdiplusStartup
GdipCreatePen1
GdipDrawRectangle
GdipDrawPath
GdipSetSmoothingMode
GdipDeletePen
GdipResetClip
GdipDeleteGraphics
GdipCreateFromHDC
psapi
GetModuleFileNameExA
ws2_32
WSAEventSelect
WSACreateEvent
WSASend
WSAEnumNetworkEvents
WSARecv
WSASocketA
WSACloseEvent
WSAWaitForMultipleEvents
inet_ntoa
accept
getpeername
recv
ioctlsocket
WSACleanup
closesocket
WSAAsyncSelect
recvfrom
oledlg
ord8
rasapi32
RasGetConnectStatusA
RasHangUpA
winspool.drv
DocumentPropertiesA
ClosePrinter
OpenPrinterA
ClosePrinter
OpenPrinterA
DocumentPropertiesA
comctl32
ord17
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
winmm
waveOutOpen
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
waveOutUnprepareHeader
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 756KB - Virtual size: 752KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 528KB - Virtual size: 679KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ