blackmoon | a506be227f6496c641b4ea6a62d06c52db23ecc23e58666d015ff94684b78755

Sharing

Copy URL

Twitter E-mail

General

Target

a506be227f6496c641b4ea6a62d06c52db23ecc23e58666d015ff94684b78755
Size

936KB
MD5

9ed496deb4ada6abc07fddcb3722c303
SHA1

0df5f6aab79751db8b3f2b911a1b04242a077833
SHA256

a506be227f6496c641b4ea6a62d06c52db23ecc23e58666d015ff94684b78755
SHA512

57151e2b9b0133c018f7d7bee028572760a0690bc05718f04b84d8c4b03f2323c8c08d0a49cbdbde6cb51288cc4fefb1956c1acdf02246c8b0394430248a2d1b
SSDEEP

12288:SXhuPC7HTXV2WNubjEwc9lSAA8Kthn0DjrDoLd+yILn:EhuPC7zl9AbjcTS18whnSHELd+ymn

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Files

a506be227f6496c641b4ea6a62d06c52db23ecc23e58666d015ff94684b78755
.dll windows x86

7dd6efe2251f51baede28cc9f8d2c5c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetWaitableTimer
CloseHandle
GetCurrentProcessId
LocalAlloc
WideCharToMultiByte
LocalFree
CreateThread
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetTickCount
Sleep
DeleteFileA
WriteFile
CreateFileA
CreateWaitableTimerA
GetFileSize
MultiByteToWideChar
GetUserDefaultLCID
GetCommandLineA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
LCMapStringA
DeleteCriticalSection
GetProcAddress
ReadFile
GetModuleHandleA

shlwapi

PathFileExistsA

user32

wsprintfA
MessageBoxA
GetWindowRect
ClientToScreen
PeekMessageA
GetMessageA
SendInput
SetLayeredWindowAttributes
SetWindowPos
MoveWindow
GetWindowThreadProcessId
TranslateMessage
MsgWaitForMultipleObjects
GetWindowTextLengthA
GetWindowTextA
DispatchMessageA
GetSystemMetrics

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize

msvcrt

??3@YAXPAX@Z
_except_handler3
__CxxFrameHandler
strncmp
memmove
realloc
modf
strrchr
strchr
??2@YAPAXI@Z
_CIpow
_CIfmod
malloc
free
qsort
_ftol
atoi
sprintf

oleaut32

LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

Exports

Exports

�ӳ��1

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 792KB - Virtual size: 840KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dd6efe2251f51baede28cc9f8d2c5c3

Headers

File Characteristics

Imports

kernel32

shlwapi

user32

ole32

msvcrt

oleaut32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 792KB - Virtual size: 840KB

.rsrc Size: 4KB - Virtual size: 612B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 792KB - Virtual size: 840KB

.rsrc
Size: 4KB - Virtual size: 612B

.reloc
Size: 8KB - Virtual size: 6KB