blackmoon | d80456fb7c7a5e59f4ac96cb980e42cfae2fa85ceea57ddde075e09929d427b4[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

d80456fb7c7a5e59f4ac96cb980e42cfae2fa85ceea57ddde075e09929d427b4.exe
Size

518KB
MD5

1571f884d94db7f07543e38dbc02444b
SHA1

3d00ed31f7612e41c1dec06c8afb7f42663d4d06
SHA256

d80456fb7c7a5e59f4ac96cb980e42cfae2fa85ceea57ddde075e09929d427b4
SHA512

111199883f08a6d3fdab750cbe82eef7a8a27461596d2de73ef4c9e62f4a825eab4aec3495f20ed83a9934786819c3d9b72f6f913fb6099e39c7f794adef8a9f
SSDEEP

6144:n0m2FqgDAuSbAXKfz0c0sUIJHtH/yWyCq:nZ2FBqA0z0cIeHtH/yWyCq

Score

10^/10

upx blackmoon qqpass

Malware Config

Extracted

Family

qqpass

http://lol.qq.com/act/a20141212poroking/index.htm?atm_cl=ctips&atm_pos=1257?ADTAG=media.innerenter.client.jump

Attributes

url
http://i2.tietuku.com/ebdef15df1128b31.png
user_agent
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Qqpass family
qqpass

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d80456fb7c7a5e59f4ac96cb980e42cfae2fa85ceea57ddde075e09929d427b4.exe

Files

d80456fb7c7a5e59f4ac96cb980e42cfae2fa85ceea57ddde075e09929d427b4.exe
.exe windows:4 windows x86 arch:x86

3bb3093a5eeb1047bbdd41c02a894dbe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegOpenKeyA

atl

AtlAxWinInit
AtlAxGetControl
AtlAdvise
AtlUnadvise
AtlUnadvise

gdi32

SelectObject
CreateSolidBrush
DeleteObject
DeleteDC
SetTextColor
SetBkMode
GetStockObject
Rectangle
StretchBlt
SetBkColor
FrameRgn
FillRgn
CreatePatternBrush
CreateRoundRectRgn
CombineRgn
ExtCreateRegion
GetObjectA
GetPixel

kernel32

MulDiv
GlobalUnlock
RtlMoveMemory
GlobalFree
GlobalLock
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
Module32First
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
CancelWaitableTimer
GetTempPathA
TerminateProcess
GetCurrentProcessId
lstrcpyn
GlobalSize
lstrcpyn
SetHandleCount
GetWindowsDirectoryA
LocalSize
SetWaitableTimer
TerminateThread
GetModuleHandleA
GetModuleFileNameA
CreateWaitableTimerA
OpenProcess
lstrlenW
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GetTickCount
WritePrivateProfileStringA
WriteFile
GetPrivateProfileStringA
GetUserDefaultLCID
DeleteFileA
CreateFileA
GetFileSize
ReadFile
IsBadReadPtr
HeapReAlloc
ExitProcess
HeapAlloc
HeapFree
GetModuleHandleA
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess

msimg32

AlphaBlend
TransparentBlt
AlphaBlend

msvcrt

__CxxFrameHandler
malloc
free
modf
memmove
rand
srand
toupper
_CIfmod
floor
_ftol
atoi
strncpy
strrchr
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
tolower
sprintf
strncmp
strtod
_strnicmp
free

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
RegisterTypeLib
VariantChangeType
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromI2
LHashValOfNameSys
LoadTypeLib
OleLoadPicture
OleLoadPicture

shell32

DragAcceptFiles
Shell_NotifyIcon
DragFinish
DragQueryFile
ShellExecuteA
DragFinish

shlwapi

PathFileExistsA
PathFileExistsA

user32

RegisterClassExA
SetActiveWindow
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
DrawTextA
IsIconic
GetSysColor
SetClassLongA
MsgWaitForMultipleObjects
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
IsZoomed
UpdateLayeredWindow
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
SetParent
PostMessageA
SetWindowPos
DrawIcon
DrawIconEx
GetIconInfo
CreateMenu
CreatePopupMenu
GetSystemMenu
LoadMenuA
DestroyMenu
AppendMenuA
GetMenuItemCount
InsertMenuA
SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
SetForegroundWindow
TrackPopupMenu
GetMenuStringA
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
MoveWindow
UpdateWindow
ValidateRect
ScreenToClient
GetWindowRect
GetFocus
SetFocus
GetDlgItem
CreateWindowExA
DestroyIcon
PostQuitMessage
DestroyIcon
TrackMouseEvent
SetCursor
LoadCursorA
DefMDIChildProcA
SendMessageA
GetAsyncKeyState
EndPaint
BeginPaint
GetClassNameA
IsWindow
DispatchMessageA
TranslateMessage
IsDialogMessage
TranslateAccelerator
GetMessageA
KillTimer
SetTimer
CallWindowProcA
FillRect
GetClientRect
InvalidateRect
GetAncestor
GetParent
CopyIcon
CopyImage
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
GetWindowTextA
IsWindowVisible
GetWindowThreadProcessId
GetWindow
GetDesktopWindow
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
LoadCursorA
RegisterClassExA

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA

gdiplus

GdipGetFontStyle
GdipGetFontSize
GdipGetFontUnit
GdipGetFontHeight
GdipCreateStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipGetImageDimension
GdipCreateBitmapFromScan0
GdipDeletePen
GdipDrawLine
GdipCreatePen1
GdipDeleteGraphics
GdipDrawImageRect
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFontFromDC
GdipDrawRectangleI
GdipDrawRectangle
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipSetWorldTransform
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetImageRawFormat
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromStreamICM
GdiplusShutdown
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromStream
GdiplusStartup
GdipCreateFont
GdipDeleteFont
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdipDrawString
GdipDrawImagePointRect
GdipCreateFromHDC
GdipFillRectangle
GdipDrawLine

combase

CoUninitialize
CLSIDFromString
GetHGlobalFromStream
StringFromGUID2
CoCreateInstance
CLSIDFromProgID
CreateStreamOnHGlobal

ole32

CoInitialize
OleRun
OleRun

Sections

UPX0
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

3bb3093a5eeb1047bbdd41c02a894dbe

Headers

File Characteristics

Imports

advapi32

atl

gdi32

kernel32

msimg32

msvcrt

oleaut32

shell32

shlwapi

user32

wininet

gdiplus

combase

ole32

Sections

UPX0 Size: 412KB - Virtual size: 412KB

UPX1 Size: 88KB - Virtual size: 88KB

UPX2 Size: 14KB - Virtual size: 14KB

UPX0
Size: 412KB - Virtual size: 412KB

UPX1
Size: 88KB - Virtual size: 88KB

UPX2
Size: 14KB - Virtual size: 14KB