blackmoon | 1f287b1db74af53b29ec572f4106ae773c03bd104ad87099d4de0c4eadb46701

Sharing

Copy URL Twitter E-mail

General

Target

1f287b1db74af53b29ec572f4106ae773c03bd104ad87099d4de0c4eadb46701
Size

33KB
MD5

3c2f99bf3b67add11ed700d50fcdb578
SHA1

d522fe4c8da59ed8663ac1d0a755420dba3733d3
SHA256

1f287b1db74af53b29ec572f4106ae773c03bd104ad87099d4de0c4eadb46701
SHA512

b424d2f1671ebdd00ea695b75389ae6240f94033d1a4c8d89a78e26c8b315d0cfa045447569164772cbafb296575e34c5324ac7712aa560f967e0e7580270f0b
SSDEEP

384:x9bJfiPzz9q6JN9x5Kf5WE07nYa7nXckdTbvgnFneAkMfHN/GRtAefmkYpK8CRhb:YPkyNb5Kf5oXzdoFAaHigaCW9

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

1f287b1db74af53b29ec572f4106ae773c03bd104ad87099d4de0c4eadb46701
.exe windows x86

6e215cf4687a5dba201bd55e492a15dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
Sleep
CloseHandle
WriteFile
CreateFileA
GetTickCount
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
GetProcessHeap
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcessId

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
CallWindowProcA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

ole32

CoUninitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitialize
OleRun

wininet

InternetOpenA
InternetGetConnectedState
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA

msvcrt

malloc
free
memmove
modf
strrchr
strchr
_CIfmod
strncmp
_ftol
atoi
sprintf
tolower
srand
rand
??2@YAPAXI@Z
strncpy
??3@YAXPAX@Z
_strnicmp

shlwapi

PathFileExistsA

oleaut32

VariantChangeType
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi

shell32

ShellExecuteA

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6e215cf4687a5dba201bd55e492a15dd

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

wininet

msvcrt

shlwapi

oleaut32

shell32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 76KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 76KB