blackmoon | d21ff82d6dc9d42b5e3277e6aa697a45f0a229e1d8ec847adeed45ef91f4056f

General

Target

d21ff82d6dc9d42b5e3277e6aa697a45f0a229e1d8ec847adeed45ef91f4056f
Size

933KB
MD5

86592cfd26486d9179fee6392087554d
SHA1

7f70b904f72959d7387965118f0db6a2548379f5
SHA256

d21ff82d6dc9d42b5e3277e6aa697a45f0a229e1d8ec847adeed45ef91f4056f
SHA512

e070bc2a0a6f97083fb56d4cd480e1c446bb864e956487d9a2fe52dd4fece67425a5099e2080eb283b93b5fb225a5d5879c1ea83ad5e7520f0ee814fc02008a0
SSDEEP

24576:M+NAxbV2oXsn/LkEPHuloxkLC6AmUhw/rkPgbN1:MBpji/R+cuwmUGYy

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/搜狗邮箱无限注册机/Vcode.dll	family_blackmoon

Files

d21ff82d6dc9d42b5e3277e6aa697a45f0a229e1d8ec847adeed45ef91f4056f
.7z
搜狗邮箱无限注册机/SogouRegister.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 1019KB - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
搜狗邮箱无限注册机/Vcode.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

FreeAllCdsFile
GetVarPtr
GetVcodeFromBuffer
GetVcodeFromFile
GetVcodeFromHBitmap
GetVcodeFromHWND
GetVcodeFromIECache
LoadCdsFromBuffer
LoadCdsFromFile
SetTimeOut

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.nsp0 Size: - Virtual size: 1.4MB

.nsp1 Size: 1019KB - Virtual size: 1020KB

.nsp2 Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 207KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 77KB

.rsrc Size: 4KB - Virtual size: 688B

.reloc Size: 8KB - Virtual size: 5KB

.nsp0
Size: - Virtual size: 1.4MB

.nsp1
Size: 1019KB - Virtual size: 1020KB

.nsp2
Size: - Virtual size: 4KB

.text
Size: 208KB - Virtual size: 207KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 77KB

.rsrc
Size: 4KB - Virtual size: 688B

.reloc
Size: 8KB - Virtual size: 5KB