blackmoon | fb6f968298dadeaf46e3a73ba5b17605d04a337ff1fb3a3afc2bb2b810458f04 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb6f968298dadeaf46e3a73ba5b17605d04a337ff1fb3a3afc2bb2b810458f04
Size

55KB
MD5

5233eea82475a45d4126f81be327d11b
SHA1

49abe391ce1ed181f7e1b08d5767741660bb8044
SHA256

fb6f968298dadeaf46e3a73ba5b17605d04a337ff1fb3a3afc2bb2b810458f04
SHA512

bbeee16c8ed5218bef34b1c8684ede82366510592ac3f6f7559a934af7f8d526580f091fa39e54ce2d0595de856bdde5897bcfff13529fcfe21ff5cf89a5a6ee
SSDEEP

768:GU+V29cxfsi6QVWOC+uSuD+fJFVEr2tv088PQsiCsu4FcdbmMaZjlggrMLQUM4I2:GU5wUbJdtdUdZa0G

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

fb6f968298dadeaf46e3a73ba5b17605d04a337ff1fb3a3afc2bb2b810458f04
.exe windows x86

3e810af12ba25218a59b5f4a8d47ee4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
CreateFileA
DeviceIoControl
GetProcessHeap
GetModuleHandleA
HeapAlloc
MapViewOfFile
HeapFree
IsBadReadPtr
Sleep
GetModuleFileNameA
GetCommandLineA
LCMapStringA
OpenFileMappingA
HeapReAlloc
ExitProcess

user32

GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowThreadProcessId
FindWindowExA
PeekMessageA

msvcrt

__CxxFrameHandler
strncmp
free
malloc
atoi
_ftol
sprintf
strtod
_CIfmod
_CIpow
strrchr
realloc
??3@YAXPAX@Z
modf
memmove

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ