blackmoon | b3285fdb30295dff53c7cf62d7cb32ce647098b1aa09aab85072c316b9859962

Sharing

Copy URL Twitter E-mail

General

Target

b3285fdb30295dff53c7cf62d7cb32ce647098b1aa09aab85072c316b9859962
Size

6.7MB
MD5

41a3f9ae2e764adcadad320a1156036d
SHA1

8844ca4b6eddf33f63520107ae9a0d7cdf4def9a
SHA256

b3285fdb30295dff53c7cf62d7cb32ce647098b1aa09aab85072c316b9859962
SHA512

ac5da689850e88c04c6d60856e85f4997bf7248c4e6f5d379e65b09925e1b007228b2a0213112cb4974ab550f3244a648a825f81d1b490dc3b15222278ed48ab
SSDEEP

98304:9gFnx/PiM+v+J5a5ewx6CNSYyEMfkRnwUifG5pLe+uQP:yPd+X9BFMf2nOepv

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

b3285fdb30295dff53c7cf62d7cb32ce647098b1aa09aab85072c316b9859962
.exe windows x86

71ec3b61da8b07a2e8cf7c8f8671e2d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetUserDefaultLCID
FormatMessageA
GetCommandLineA
GetModuleFileNameA
IsBadReadPtr
MultiByteToWideChar
LoadLibraryA
LCMapStringA
HeapFree
HeapReAlloc
HeapAlloc
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
WriteFile
GetProcAddress
CloseHandle
ExitProcess
GetModuleHandleA
GetProcessHeap
CreateFileA
SetWaitableTimer
FreeLibrary
CreateWaitableTimerA
GetStringTypeW
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
Sleep
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
RaiseException
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
InterlockedDecrement
GetCurrentThreadId
GetLastError
GetCurrentProcess
HeapSetInformation
GetStartupInfoW
RtlUnwind
SetUnhandledExceptionFilter
GetModuleHandleW
DecodePointer
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
MsgWaitForMultipleObjects

advapi32

CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam

ole32

CoUninitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoInitialize

oleaut32

VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

shell32

ShellExecuteA

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71ec3b61da8b07a2e8cf7c8f8671e2d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shell32

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 6.4MB - Virtual size: 6.4MB

.reloc Size: 23KB - Virtual size: 23KB

.rsrc Size: 139KB - Virtual size: 140KB

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 6.4MB - Virtual size: 6.4MB

.reloc
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 139KB - Virtual size: 140KB