blackmoon | ed47531f08236a607c2190529b6477ad8494e6de39f6763a6c1c73d347e31b73 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ed47531f08236a607c2190529b6477ad8494e6de39f6763a6c1c73d347e31b73
Size

244KB
MD5

7f37f4a396683fcff0c6976bb63f372e
SHA1

2714c65bba69edb01d63cd5d43519e662158a7b0
SHA256

ed47531f08236a607c2190529b6477ad8494e6de39f6763a6c1c73d347e31b73
SHA512

f02ff36e384d9f6b189fb173b156aeb9e3ae4d0f33136ababc81d6f32d7ebb656dbf5481befb7ce0679775c37d2891235151049265d588031eb15212a813814e
SSDEEP

3072:Ko+YSKv4FMrrslIuP58z63y71yX8N5GPQUZE4BPMzN3hYlIuxU/l9yxFNfCp7pfz:KlkElLYdyxF65ytb

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

ed47531f08236a607c2190529b6477ad8494e6de39f6763a6c1c73d347e31b73
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GetVcodeFromBuffer
GetVcodeFromFile
GetVcodeFromHBitmap
GetVcodeFromHWND
GetVcodeFromIECache
GetVcodeFromURL
LoadCdsFromBuffer
LoadCdsFromFile

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ