blackmoon | ba37b11b6f583c3d95d84dfc8de35293a50e0fa63ada398efb715af6ba454096

Sharing

Copy URL

Twitter E-mail

General

Target

ba37b11b6f583c3d95d84dfc8de35293a50e0fa63ada398efb715af6ba454096
Size

184KB
MD5

825171c46d63826bf77f12b641c7b8c7
SHA1

171611aec5490a160b22193fed9781ccf2deb530
SHA256

ba37b11b6f583c3d95d84dfc8de35293a50e0fa63ada398efb715af6ba454096
SHA512

87e93561494494a8deb5a085068eb2b7513d704daf92e18cf9a954bae08125af68daca5767fde7894e232f75bb5e379f9be1c495208f93ab92cafb9b80214fe1
SSDEEP

3072:l1rI+H7FqW27f9Yxv50QAPsattWAgtngXSuh:l1rIGFzTUCattBeG

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba37b11b6f583c3d95d84dfc8de35293a50e0fa63ada398efb715af6ba454096

Files

ba37b11b6f583c3d95d84dfc8de35293a50e0fa63ada398efb715af6ba454096
.dll windows:4 windows x86 arch:x86

1eaa50384157009b47aceb2e32211b36

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
IsBadCodePtr
InterlockedExchange
FlushFileBuffers
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetVersion
lstrcatA
SetLastError
GlobalAlloc
MultiByteToWideChar
lstrlenA
lstrcpynA
lstrcpyA
FreeLibrary
Sleep
OpenProcess
TerminateProcess
GetVersionExA
GetCurrentProcess
GetLastError
SetFilePointer
WriteFile
GlobalLock
GlobalUnlock
GlobalFree
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCommandLineA
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetProcAddress
LoadLibraryA
GetModuleHandleA
RtlMoveMemory
VirtualFree
VirtualAlloc

user32

SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
GetMenuItemCount
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PostMessageA
PostQuitMessage
GetParent
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetWindowTextA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
SystemParametersInfoA
GetDC
ReleaseDC
FindWindowA
GetWindowThreadProcessId
GetClassNameA
SendMessageA
GetWindowRect
GetSystemMetrics
SetWindowTextA
GetDlgCtrlID
UnregisterClassA
DestroyWindow
GetMenuCheckMarkDimensions
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA

gdi32

GetStockObject
GetObjectA
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
SelectObject
DeleteDC
SetViewportOrgEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteObject

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

comctl32

ord17

Exports

Exports

DirectXDeviceDriverSetupA
DirectXDeviceDriverSetupW
DirectXLoadString
DirectXRegisterApplicationA
DirectXRegisterApplicationW
DirectXSetupA
DirectXSetupCallback
DirectXSetupGetEULAA
DirectXSetupGetEULAW
DirectXSetupGetFileVersion
DirectXSetupGetVersion
DirectXSetupIsEng
DirectXSetupIsJapan
DirectXSetupIsJapanNec
DirectXSetupSetCallback
DirectXSetupShowEULA
DirectXSetupW
DirectXUnRegisterApplication

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1eaa50384157009b47aceb2e32211b36

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 139KB

.rsrc Size: 20KB - Virtual size: 18KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 139KB

.rsrc
Size: 20KB - Virtual size: 18KB

.reloc
Size: 24KB - Virtual size: 23KB