blackmoon | 7536a222414380d42180901203e1f7e0ac7f62c3261b73974f57e83cff3706e2

Sharing

Copy URL Twitter E-mail

General

Target

7536a222414380d42180901203e1f7e0ac7f62c3261b73974f57e83cff3706e2
Size

260KB
MD5

7407f7953e93d6e8e502f93ed8519062
SHA1

76c6bb0f6886a2f2ff1a0be415d9390b5ecf80ee
SHA256

7536a222414380d42180901203e1f7e0ac7f62c3261b73974f57e83cff3706e2
SHA512

3662f87ba5fb85d71393d3fbac9628cdd8b4a4bef95fa80c44ada3619a204d5bf814d459f319637f37543cc09913661f4678de5d0de38795aa27ab3c475b4b13
SSDEEP

3072:oSyZc3wzrAuyqXcoZ48i4KzLNxAdZkO9z2vrOGskHl+dp+SBAetehzvrvU8:o7Zc3TqXcoZyzxxQvz26uwpS7N

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

7536a222414380d42180901203e1f7e0ac7f62c3261b73974f57e83cff3706e2
.dll windows x86

c3f2ecbfe563e3bb111c329e4590dd0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateWaitableTimerA
SetWaitableTimer
LocalAlloc
WideCharToMultiByte
LocalFree
MultiByteToWideChar
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetTickCount
Sleep
DeleteFileA
Process32Next
CreateFileA
ReadFile
GetFileSize
GetUserDefaultLCID
GetCommandLineA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
LCMapStringA
CloseHandle
Process32First
CreateToolhelp32Snapshot
GetProcAddress
CreateThread
GetModuleHandleA
WriteFile
GetCurrentProcessId
DeleteCriticalSection

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

user32

TranslateMessage
GetMessageA
PeekMessageA
SendInput
GetWindowTextLengthA
wsprintfA
MessageBoxA
GetWindowRect
ClientToScreen
MsgWaitForMultipleObjects
GetWindowTextA
GetWindowThreadProcessId
DispatchMessageA

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize

msvcrt

sprintf
atoi
_ftol
qsort
free
malloc
_CIfmod
_CIpow
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
strrchr
modf
realloc
memmove
strncmp
__CxxFrameHandler
_except_handler3

shlwapi

PathFileExistsA

oleaut32

SafeArrayCreate
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SysAllocString
VariantClear
SafeArrayDestroy

Exports

Exports

�ӳ��1

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3f2ecbfe563e3bb111c329e4590dd0d

Headers

File Characteristics

Imports

kernel32

advapi32

user32

ole32

msvcrt

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 116KB - Virtual size: 174KB

.rsrc Size: 4KB - Virtual size: 608B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 116KB - Virtual size: 174KB

.rsrc
Size: 4KB - Virtual size: 608B

.reloc
Size: 8KB - Virtual size: 4KB