blackmoon | f84a0b2389f4e64d118f15cb954fec90c489e1a9c5c88dcc5c5ab8bdd44bb6fa

General

Target

f84a0b2389f4e64d118f15cb954fec90c489e1a9c5c88dcc5c5ab8bdd44bb6fa
Size

236KB
MD5

286372ed6262d796b4cdc740f3feeb7c
SHA1

800da5882e09d4aa19b7f4a44d9a2e2bc2a3d63d
SHA256

f84a0b2389f4e64d118f15cb954fec90c489e1a9c5c88dcc5c5ab8bdd44bb6fa
SHA512

cfb5058a6f8c5465f0a7dd08572819fdee0e0181e6fa13ce35d2e61b3aeb565c3ea5ee9c6c271b4e45c21d47807a68b230c0414d5d06ce878e9922ae2d10dfd7
SSDEEP

3072:vxumMlp3maSOUw45STDQ8817hJBzP3+SYp2Ijpu:vxu1q5STviBzP3+SYp2Ij

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

f84a0b2389f4e64d118f15cb954fec90c489e1a9c5c88dcc5c5ab8bdd44bb6fa
.exe windows x86

33b5b352d4921f8ba56c41337c7a5595

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetMenuInfo
SetMenuInfo
DialogBoxParamA
PostMessageA
GetForegroundWindow
GetAsyncKeyState
KillTimer
CallWindowProcA
SetTimer

kernel32

CloseHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenFileMappingA
MapViewOfFile
RtlMoveMemory
lstrcpyn
GetModuleHandleA
GetProcAddress
GetCurrentThread
Beep
GetModuleFileNameA
RtlZeroMemory
CreateFileA
CreateThread
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
DeviceIoControl
CreateProcessA
GetStartupInfoA
LCMapStringA
GetTickCount
Sleep
WriteFile
GetCommandLineA
FreeLibrary
LoadLibraryA
WaitForSingleObject

advapi32

CryptCreateHash
DeleteService
ControlService
StartServiceA
CloseServiceHandle
OpenServiceA
CreateServiceA
OpenSCManagerA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptAcquireContextA

shell32

Shell_NotifyIconA

msvcrt

_strnicmp
memmove
modf
strchr
sprintf
atoi
_ftol
tolower
free
malloc
srand
rand
toupper
strncmp
floor
_CIfmod
strncpy
??3@YAXPAX@Z
strtod
strrchr

winmm

PlaySoundA

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

33b5b352d4921f8ba56c41337c7a5595

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shell32

msvcrt

winmm

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 33KB - Virtual size: 93KB

.rsrc Size: 91KB - Virtual size: 90KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 33KB - Virtual size: 93KB

.rsrc
Size: 91KB - Virtual size: 90KB