blackmoon | tmp

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

1.1MB
MD5

46d4d96080568562d753844bce9da29a
SHA1

8b48f979e9879fc30299899947e7f13dd4547420
SHA256

e9df73ff08db56ccdec79085882758c999131f1f275f7460a93a5cf6b4430758
SHA512

4f20941a101483d92fb7b3bb88612a5c7e5a06b20bddf5912a0eebb15d863707cbecbbe4587eb8698d87ea13aee4ee85df20c1596371267e5d72d90f0def6cdb
SSDEEP

24576:17kZHTKw4ZL4j/kJ5/c+5ozolSHtn2mKgSNe5FOphi0joI19H:17kH/kJqsS0mK9WOzi0v

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

tmp
.exe windows x86

8227c5948e31eedf15cbbc970812f02f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
OpenProcess
CreateProcessA
ResumeThread
IsWow64Process
CreateThread
MultiByteToWideChar
ReadProcessMemory
WriteProcessMemory
GetModuleHandleA
GetProcAddress
lstrcpynA
VirtualAllocEx
VirtualFreeEx
WaitForSingleObject
GetExitCodeThread
CreateRemoteThread
LoadLibraryA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetLocalTime
DeleteFileA
FindClose
SetWaitableTimer
GetStartupInfoA
GetModuleFileNameA
WriteFile
CreateFileA
CreateDirectoryA
SetFilePointer
ReadFile
GetFileSize
GetTickCount
SetFileAttributesA
GetCommandLineA
FreeLibrary
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
CreateWaitableTimerA
FindFirstFileA
GetCurrentProcessId
DeleteCriticalSection
SystemTimeToFileTime
GetFileAttributesA
GetCurrentDirectoryA
LocalFileTimeToFileTime
SetFileTime
GetVersion
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
RaiseException
HeapSize
GetCPInfo
GetACP
GetOEMCP
LCMapStringW

ws2_32

select
WSAStartup
inet_ntoa
WSACleanup
gethostbyname
listen
getsockname
bind
htons
socket
accept
__WSAFDIsSet
closesocket
recv
send
getpeername
ntohs
connect
inet_addr
htonl
recvfrom
sendto
gethostname

user32

MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA

urlmon

URLDownloadToFileA

shlwapi

PathFindFileNameA

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 932KB - Virtual size: 987KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8227c5948e31eedf15cbbc970812f02f

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

urlmon

shlwapi

Sections

.text Size: 192KB - Virtual size: 191KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 932KB - Virtual size: 987KB

.text
Size: 192KB - Virtual size: 191KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 932KB - Virtual size: 987KB