blackmoon | ea72a74a928804c6dccd3fcf50359858

Sharing

Copy URL

Twitter E-mail

General

Target

ea72a74a928804c6dccd3fcf50359858
Size

1.5MB
MD5

ea72a74a928804c6dccd3fcf50359858
SHA1

0ac9576ce126a92318ab2f24da228c2c59cf1bbb
SHA256

32cc32b8cb89d63f0da7b7202cf2613c909d79b38148d2e5c3da3e3b28aecc98
SHA512

f787e57fa78a97c8679ad591fe7d326ab4027360aa654fcd54da63f5678801cf0de138550049fc6c9eb8856058b2f5cd8c60dd6fe4ab4653adc3f945ba38f60c
SSDEEP

6144:EuYlLLblhnZWjUu2seE2fgM1c90tytvSDgIYnluH6fhcwazfgD:EpPPnZWjMREkgMI8QvggIGQaZ7ajgD

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

ea72a74a928804c6dccd3fcf50359858
.exe windows x86

1f3fbb184ee8b78c603dd58637cba100

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
lstrcatA
RtlMoveMemory
GetCommandLineW
LocalFree
WideCharToMultiByte
GetCurrentProcess
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
GetTickCount
WriteFile
CreateFileA
MoveFileA
FindNextFileA
lstrcpyn
FindClose
GetUserDefaultLCID
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
CloseHandle
GetWindowsDirectoryA
GetSystemDirectoryA
SetWaitableTimer
CreateWaitableTimerA
Process32Next
Process32First
GetTempPathA
FindFirstFileA
CreateToolhelp32Snapshot

user32

MessageBoxA
MsgWaitForMultipleObjects
wsprintfA
GetMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
CallWindowProcA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoInitialize
OleRun
CLSIDFromString
CLSIDFromProgID
IIDFromString

ws2_32

inet_addr

iphlpapi

SendARP

oleaut32

SafeArrayDestroy
VariantInit
VariantChangeType
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
VarR8FromCy
VariantCopy
SysFreeString
SysAllocString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantClear

wininet

InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle

psapi

GetModuleFileNameExA

shlwapi

PathFindExtensionA
PathFindFileNameA

msvcrt

_strnicmp
calloc
__CxxFrameHandler
memmove
malloc
free
modf
strchr
strncpy
_CIfmod
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z
strncmp
toupper
_ftol
atoi
tolower
sprintf
rand
srand

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 431KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1f3fbb184ee8b78c603dd58637cba100

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

iphlpapi

oleaut32

wininet

psapi

shlwapi

msvcrt

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 431KB - Virtual size: 505KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 431KB - Virtual size: 505KB