blackmoon | 1cb9c4eea64ed811eba63b1d17d0865308bd371d3f6c4968447cc8d6fb8cea6f

Sharing

Copy URL Twitter E-mail

General

Target

1cb9c4eea64ed811eba63b1d17d0865308bd371d3f6c4968447cc8d6fb8cea6f
Size

65KB
MD5

ac899482fcaf8638cc2a162550cd49c3
SHA1

8a7777ad7c17e887ef6e38c74916650f4fb87136
SHA256

1cb9c4eea64ed811eba63b1d17d0865308bd371d3f6c4968447cc8d6fb8cea6f
SHA512

4f97f984a26dc1e0a8cdc58f6e29ba1b489ed51f54230970a8518cf368b5e66000be011b03b28ba1841a5b28cf3c5c147b99285735a7e8302f55eaff64c2c774
SSDEEP

768:Nak2GdsiovzTVpmJsWsUzxKI1zQGZ1NJdC+GznEgeeOLQ49L1XPDnyacZBed3a+B:NakPHobTaOWpKW7N7CNTq2naJ68j68H

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

1cb9c4eea64ed811eba63b1d17d0865308bd371d3f6c4968447cc8d6fb8cea6f
.exe windows x86

386a91aaa5dcd31cc78b80bb5a4b4a01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
Sleep
CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
SetFileAttributesA
MoveFileA
GetTickCount
SetFilePointer
ReadFile
GetFileSize
GetUserDefaultLCID
GetProcessHeap
MultiByteToWideChar
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
GetModuleHandleA
WideCharToMultiByte
TerminateProcess
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess

user32

TranslateMessage
DispatchMessageA
IsWindow
PeekMessageA
MessageBoxA
EnumWindows
IsWindowVisible
wsprintfA
IsDialogMessageA
TranslateAcceleratorA
GetParent
GetMessageA
CallWindowProcA
GetClassNameA
GetWindowTextA
GetWindowThreadProcessId

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

ole32

CLSIDFromProgID
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CLSIDFromString

wininet

InternetOpenUrlA
InternetGetConnectedState
InternetSetCookieA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA

atl

ord47
ord42

msvcrt

_stricmp
_strnicmp
memmove
modf
strrchr
strchr
_CIfmod
_ftol
atoi
??3@YAXPAX@Z
strtod
malloc
realloc
free
??2@YAPAXI@Z
toupper
strncmp
strncpy
rand
srand
tolower
sprintf

shlwapi

PathFileExistsA

oleaut32

SafeArrayCreate
LHashValOfNameSys
LoadTypeLi
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
VariantChangeType
RegisterTypeLi
SysAllocString
VariantClear
SafeArrayDestroy

shell32

ShellExecuteA

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

386a91aaa5dcd31cc78b80bb5a4b4a01

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

wininet

atl

msvcrt

shlwapi

oleaut32

shell32

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 77KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 77KB