blackmoon | bee57cdb0afcae90d444d6e3768472ace2b3a25d7feb205f6cdd73140bf2139f

Sharing

Copy URL Twitter E-mail

General

Target

bee57cdb0afcae90d444d6e3768472ace2b3a25d7feb205f6cdd73140bf2139f
Size

128KB
MD5

6a9cd990df2991ff86f59413f4c6a0bf
SHA1

9e7f75205f4f4e4f07c61167de23aa0ddc4b4282
SHA256

bee57cdb0afcae90d444d6e3768472ace2b3a25d7feb205f6cdd73140bf2139f
SHA512

a07c6600429720aec9acc477820829e968a449871349859ae8ef5696c1d10ce8ca344bba1bf01b732a20443110daef5ef9251351c009395a87befd8a5e3875d3
SSDEEP

1536:mEUc+fLFia7y1Ikii9oHoymkRHJbUR3cnJS+4W9rOPiZBUjK:/+8au1Ik5ynJznJ2W9rOPiLU

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

bee57cdb0afcae90d444d6e3768472ace2b3a25d7feb205f6cdd73140bf2139f
.exe windows x86

15f13647d6fe7e6844b77b1eefe220bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DispatchMessageA
wsprintfA
MessageBoxA
PostMessageA
CallWindowProcA
EndDialog
KillTimer
LoadIconA
SendMessageA
MsgWaitForMultipleObjects
ShowWindow
DialogBoxParamA
GetForegroundWindow
UpdateWindow
MoveWindow
GetParent
GetWindowRect
GetClientRect
ClientToScreen
SetTimer
TranslateMessage
GetMessageA
PeekMessageA
CreateDialogParamA
GetSystemMetrics
IsWindowVisible

kernel32

LoadLibraryA
FreeLibrary
GetCommandLineA
Sleep
GetTickCount
LCMapStringA
GetModuleFileNameA
GetCurrentThread
CreateWaitableTimerA
SetWaitableTimer
CloseHandle
GetVersion
DeviceIoControl
lstrcpyn
RtlMoveMemory
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
GetModuleHandleA
MapViewOfFile
CreateThread
GetProcAddress
OpenFileMappingA
Beep
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetUserDefaultLCID

ws2_32

WSACleanup
WSAStartup
gethostname

advapi32

CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam

comctl32

ord17

ole32

CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CLSIDFromProgID
CLSIDFromString

wininet

InternetSetOptionA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetOpenA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA

atl

ord42

msvcrt

__CxxFrameHandler
sprintf
toupper
strncmp
strncpy
tolower
strtod
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
atoi
_ftol
free
malloc
srand
rand
_CIfmod
strrchr
modf
_strnicmp
_stricmp
memmove

oleaut32

LoadTypeLi
RegisterTypeLi
VariantChangeType
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
LHashValOfNameSys

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

15f13647d6fe7e6844b77b1eefe220bf

Headers

File Characteristics

Imports

user32

kernel32

ws2_32

advapi32

comctl32

ole32

wininet

atl

msvcrt

oleaut32

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 13KB - Virtual size: 62KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 13KB - Virtual size: 62KB

.rsrc
Size: 8KB - Virtual size: 7KB