blackmoon | f7f41063afaa3cb88dee2c319ac1da053b47a01174c35657ed3bc29582d945c2 | Triage

Sharing

General

Target

f7f41063afaa3cb88dee2c319ac1da053b47a01174c35657ed3bc29582d945c2
Size

55KB
MD5

66bf06d60c58d6b1dd987b70d68ecda8
SHA1

a3833258ee344e48408230b29c0e21e9b2be98fe
SHA256

f7f41063afaa3cb88dee2c319ac1da053b47a01174c35657ed3bc29582d945c2
SHA512

f362e4ae9d9338dd02d65e57f5fcdd756e3cf0a4a058278542c155483eb6c4d5f2416d3dff55848cecb43afa8cb796c9e4ce050d6bd8e8ac58a38ea7f6d37a94
SSDEEP

768:AkDdkuWHjg4JZGWO/gM8cR+5vYac0RnTTpT69Vo98eXhLhbHsyKQUgIbdLiDGQPa:Ak5B2HpbDWPxTn4kZmg

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

f7f41063afaa3cb88dee2c319ac1da053b47a01174c35657ed3bc29582d945c2
.exe windows x86

0c298a6113aca9a8c328ccea46202aaa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
CloseHandle
CreateFileA
DeviceIoControl
GetProcessHeap
GetModuleHandleA
HeapAlloc
MapViewOfFile
HeapFree
IsBadReadPtr
Sleep
GetModuleFileNameA
GetCommandLineA
LCMapStringA
OpenFileMappingA
HeapReAlloc
ExitProcess

user32

GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowThreadProcessId
FindWindowA
PeekMessageA

msvcrt

__CxxFrameHandler
strncmp
free
malloc
atoi
_ftol
sprintf
strtod
_CIfmod
_CIpow
strrchr
realloc
??3@YAXPAX@Z
modf
memmove

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ