blackmoon | e34bf7e9584228c0652ee67fcbecba07b391bf9382c0d50cbbae00b9f83657fe

Sharing

Copy URL Twitter E-mail

General

Target

e34bf7e9584228c0652ee67fcbecba07b391bf9382c0d50cbbae00b9f83657fe
Size

1.6MB
MD5

71e338aa4d8338d525809a9efa165edd
SHA1

1b03f7ef744e3d491f2c0d41f84e2c9615511e44
SHA256

e34bf7e9584228c0652ee67fcbecba07b391bf9382c0d50cbbae00b9f83657fe
SHA512

3b235bb9bde859be10c68654f1e8283c1dd4e1bd4ebb766e8d90a83f655610e874b2cdf3adf14f233edee59c0e4efa0eb007aa90173ef59b871ba0f4288ac5f4
SSDEEP

49152:xCqPCJmNZ+QdFtp3vJEDm6Hk5go2851KR5:gJmNZb7xJ6E5gopg5

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

e34bf7e9584228c0652ee67fcbecba07b391bf9382c0d50cbbae00b9f83657fe
.dll windows x86

23ea093a98e0a7e35f8c8655dae1debb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
VirtualQueryEx
ReadProcessMemory
lstrlenA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStructA
GetPrivateProfileStructA
WriteProfileSectionA
GetProfileSectionA
GetProfileStringA
WriteProfileStringA
GetProfileIntA
GetCurrentProcessId
VirtualAllocEx
VirtualFreeEx
CloseHandle
GetProcessHeap
ExitProcess
HeapAlloc
OpenEventA
HeapFree
IsBadReadPtr
GetModuleFileNameA
FindClose
FindFirstFileA
Sleep
GetCommandLineA
LCMapStringA
RtlMoveMemory
QueryDosDeviceA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleHandleA
HeapReAlloc
VirtualAlloc
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersion
RtlUnwind
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
IsBadWritePtr
RaiseException
SetFilePointer
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW

shlwapi

PathFindFileNameA
PathFileExistsA

advapi32

LookupPrivilegeValueA

user32

TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
CallWindowProcA
GetMessageA
SetWindowLongA
IsWindowVisible
GetAncestor
GetWindowThreadProcessId
EnumWindows
PeekMessageA
RegisterWindowMessageA

Exports

Exports

OpenProces

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23ea093a98e0a7e35f8c8655dae1debb

Headers

File Characteristics

Imports

kernel32

shlwapi

advapi32

user32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 20KB - Virtual size: 84KB

.vmp0 Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 20KB - Virtual size: 84KB

.vmp0
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 664B