blackmoon | 643349e9455044a438993696280af3b99e1042ea4afee79f7330835d6e74a5c7

Sharing

Copy URL Twitter E-mail

General

Target

643349e9455044a438993696280af3b99e1042ea4afee79f7330835d6e74a5c7
Size

236KB
MD5

850ec4711bc4a5c32bcdec6f86853d7f
SHA1

83b208294d971806366842309ecf479e33a1bf79
SHA256

643349e9455044a438993696280af3b99e1042ea4afee79f7330835d6e74a5c7
SHA512

07075e50ca0452661f20882953700f7717ad2385a73932732c793a76fac8d33fa2458397404ac558145d47f05cc8c36b46ef37087cbde5ed29371132fcc236c9
SSDEEP

3072:OCtSmrGqLpcwet6K5x1Kyg7LI5BAM0neOJrt/zznFAI0n:OCTrGkpcoK5Hu7kBbiFJbO9n

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

643349e9455044a438993696280af3b99e1042ea4afee79f7330835d6e74a5c7
.exe windows x86

b609897e4645c9b58dc50ad5ae441a90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
CloseHandle
CreateProcessA
GetStartupInfoA
GetEnvironmentVariableA
GetLocalTime
GetDiskFreeSpaceExA
GetCurrentDirectoryA
GetModuleFileNameA
CopyFileA
WriteFile
CreateFileA
Sleep
DeleteFileA
GlobalUnlock
GlobalLock
FindNextFileA
FindFirstFileA
FindClose
GetVolumeInformationA
RemoveDirectoryA
MoveFileA
GetFileSize
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
SetFileAttributesA
ReadFile
GetTickCount
GetCommandLineA
FreeLibrary
LCMapStringA
GetModuleHandleA
IsBadCodePtr
SetUnhandledExceptionFilter
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetStringTypeW
GetStringTypeA
VirtualAlloc
LCMapStringW
MultiByteToWideChar
RaiseException
VirtualFree
HeapCreate
HeapDestroy
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GetVersion
TerminateThread
LeaveCriticalSection
GetProcessHeap
GetProcAddress
SetEvent
lstrcpynA
WaitForSingleObject
CreateEventA
LoadLibraryA
RtlMoveMemory
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
GetCurrentProcessId
CreateThread
GetLogicalDriveStringsA
GetVersionExA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RtlUnwind

ws2_32

WSAGetLastError
inet_addr
inet_ntoa
gethostbyname
WSAStartup
gethostname
WSACleanup
send
__WSAFDIsSet
select
closesocket
htons
socket
shutdown
ioctlsocket
connect
recv

user32

ExitWindowsEx
keybd_event
SetCursorPos
mouse_event
FindWindowA
FindWindowExA
ShowWindow
GetDC
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
OpenClipboard
GetClipboardData
CloseClipboard
GetSystemMetrics
wsprintfA
MessageBoxA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
DrawIcon
GetIconInfo
GetCursorInfo
GetDesktopWindow
SetProcessWindowStation
OpenWindowStationA
ReleaseDC
PrintWindow
GetWindowRect
IsWindow
SetWindowLongA

wininet

InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenA

shell32

ShellExecuteA
SHCreateDirectoryExA

psapi

GetModuleFileNameExA

gdi32

GdiFlush
BitBlt
CreateDIBSection
GetDeviceCaps
GetDIBits
GetObjectA
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

gdiplus

GdiplusStartup

shlwapi

PathFileExistsA

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b609897e4645c9b58dc50ad5ae441a90

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

wininet

shell32

psapi

gdi32

advapi32

gdiplus

shlwapi

Sections

.text Size: 168KB - Virtual size: 164KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 32KB - Virtual size: 93KB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 168KB - Virtual size: 164KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 32KB - Virtual size: 93KB

.rsrc
Size: 20KB - Virtual size: 18KB