blackmoon | 05ac867d8d11a5e0f4731bd69121a3c61cac17e2213b631adf09c477952d3fc2

Sharing

Copy URL

Twitter E-mail

General

Target

05ac867d8d11a5e0f4731bd69121a3c61cac17e2213b631adf09c477952d3fc2
Size

376KB
MD5

a3f49536961a9058dc1169a2c565e19d
SHA1

191f0317f744fbfccfbfe30a8d9da74c1ee7ef21
SHA256

05ac867d8d11a5e0f4731bd69121a3c61cac17e2213b631adf09c477952d3fc2
SHA512

208b7bbf6b3ddcada97cf77ee1ad065121c229ea80c705ebe4c840fc2a0bf68f2549ac7897559edd74b3615c9cdb4e03b98f0b92f3d20cd4ef8984cfb0d3ad98
SSDEEP

6144://P1vxKvHn6UQFOFpJLN9Wqw4Uo0eAtOP8AOQ0w7:3P1vxKPn6UQ2LN9VUoPA8P8DQ0w7

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Files

05ac867d8d11a5e0f4731bd69121a3c61cac17e2213b631adf09c477952d3fc2
.exe windows x86

3636a50e5eb4ac19edb348b5de33d361

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
WriteFile
ReadFile
GetFileSize
GetCommandLineA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
GetTickCount
IsBadWritePtr
VirtualAlloc
RaiseException
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetVersion
GetStartupInfoA
DeleteCriticalSection
GetLocalTime
IsBadReadPtr
HeapReAlloc
ExitProcess
LocalSize
HeapAlloc
HeapFree
GetProcessHeap
RtlMoveMemory
WideCharToMultiByte
SetWaitableTimer
CreateWaitableTimerA
CreateThread
MultiByteToWideChar
lstrcpyn
GetProcAddress
OpenProcess
GetModuleHandleA
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot

user32

GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
GetMenuItemRect
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
CheckMenuItem
SetForegroundWindow
PostQuitMessage
SetTimer
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
ReleaseDC
GetDC
RegisterClassExA
SetActiveWindow
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
CallWindowProcA
MsgWaitForMultipleObjects
GetMessageA
IsIconic
GetSysColor
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageA
SetWindowPos
MoveWindow
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
GetWindowRect
GetFocus
SetFocus
GetDlgItem
GetWindowLongA
CreateWindowExA
DestroyCursor
SetWindowLongA
DestroyIcon
TrackMouseEvent
SetCursor
LoadCursorA
DefMDIChildProcA
SendMessageA
DefWindowProcA
DestroyWindow
GetClientRect
GetAsyncKeyState
EndPaint
BeginPaint
GetClassNameA
IsWindow
DispatchMessageA
TranslateMessage
IsDialogMessageA
TranslateAcceleratorA
GetParent
InsertMenuA

shell32

Shell_NotifyIconA
DragFinish
DragQueryFileA
DragAcceptFiles

ole32

CLSIDFromString

atl

ord47
ord42

comctl32

InitCommonControlsEx

gdi32

DeleteObject
GetObjectA
CreateCompatibleDC
CreateDIBSection
DeleteDC
SelectObject
BitBlt
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
StretchBlt
CreateSolidBrush
CreatePatternBrush
SetTextColor
SetBkMode
SetBkColor
GetStockObject

Sections

.text
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3636a50e5eb4ac19edb348b5de33d361

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

atl

comctl32

gdi32

Sections

.text Size: 248KB - Virtual size: 246KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 28KB - Virtual size: 91KB

.rsrc Size: 88KB - Virtual size: 84KB

.text
Size: 248KB - Virtual size: 246KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 28KB - Virtual size: 91KB

.rsrc
Size: 88KB - Virtual size: 84KB