blackmoon | bd8a8e8fedbbf6991830f9e90d73eba3168dec38e3bacb4ffc543c631dd6df1b

Sharing

Copy URL

Twitter E-mail

General

Target

bd8a8e8fedbbf6991830f9e90d73eba3168dec38e3bacb4ffc543c631dd6df1b
Size

1.9MB
MD5

be7cce2df094d9fd9c04df1ac41de4db
SHA1

6a7759cdbb717d575a85c0f833777c907c20bbee
SHA256

bd8a8e8fedbbf6991830f9e90d73eba3168dec38e3bacb4ffc543c631dd6df1b
SHA512

22b3438cd31b49b8ccc7e68ce831e619ca0d97090c27df870a81bbec39e589e33279881702aa691c8fc5eddd4b795b742815aca2605c6b3a6cb1df85289a956f
SSDEEP

49152:7bn9dpkLPzjtNVpACuj0MMfArnWE1Lv/U/LZxe3:PnnpkLLjbATqA9CLZ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

bd8a8e8fedbbf6991830f9e90d73eba3168dec38e3bacb4ffc543c631dd6df1b
.dll windows x86

ff8f339e98701d76a6b8a5d4f4027e01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
LCMapStringA
GetCommandLineA
IsBadReadPtr
FreeLibrary
GetProcAddress
LoadLibraryA
HeapFree
HeapReAlloc
GetStartupInfoA
ExitProcess
GetModuleHandleA
GetProcessHeap
MultiByteToWideChar
Sleep
WideCharToMultiByte
Process32Next
CreateProcessA
WaitForSingleObject
SetFileAttributesA
CreateFileA
CloseHandle
Process32First
CreateToolhelp32Snapshot
WriteFile
HeapAlloc
DeleteFileA
GetModuleFileNameA
lstrcpyA
lstrcatA
MulDiv
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread

user32

ReleaseCapture
ScreenToClient
LoadBitmapA
GetDC
SetWindowLongA
UnregisterHotKey
SendMessageA
RegisterHotKey
SetLayeredWindowAttributes
GetCursorPos
CreateWindowExA
SetCapture
GetWindowInfo
GetAsyncKeyState
SetTimer
CallWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetSystemMetrics
wsprintfA
MessageBoxA
GetClientRect
GetSysColor

winmm

timeGetTime

gdi32

CreateFontA
DeleteObject
GetDeviceCaps
TranslateCharsetInfo

msvcrt

_except_handler3
__CxxFrameHandler
sprintf
strncmp
memmove
??3@YAXPAX@Z
realloc
strchr
strrchr
modf
floor
_CIfmod
malloc
free
rand
srand
_ftol
atoi
_CIpow

shlwapi

PathFileExistsA

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderPathA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17

Exports

Exports

��

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff8f339e98701d76a6b8a5d4f4027e01

Headers

File Characteristics

Imports

kernel32

user32

winmm

gdi32

msvcrt

shlwapi

shell32

comctl32

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1.7MB - Virtual size: 1.8MB

.rsrc Size: 4KB - Virtual size: 664B

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1.7MB - Virtual size: 1.8MB

.rsrc
Size: 4KB - Virtual size: 664B

.reloc
Size: 12KB - Virtual size: 9KB