blackmoon | 9aa8dad74a5ecfceb453b4146150824f7af58a620c5d8de5f6b028853a5771fd | Triage

Sharing

General

Target

9aa8dad74a5ecfceb453b4146150824f7af58a620c5d8de5f6b028853a5771fd
Size

10KB
MD5

7f12abfa600c9e0caabb2befd1509043
SHA1

4f3aca930f827d10b0f737d31af231074dfd8b64
SHA256

9aa8dad74a5ecfceb453b4146150824f7af58a620c5d8de5f6b028853a5771fd
SHA512

92926363763beebfe01e2d2ff2fa77069d91a6a24c17ed42f4229fcd817ba2d21f1094bb57c042eb3a6d678d9ca41089dd6a426813a314c4fd2114e20451b4b8
SSDEEP

192:PRFlkRK5Hkojn7LUQDA0HQB27RBtgh83nnnnnnO:PDlqKJ7LjtQ+jKh3

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

Files

9aa8dad74a5ecfceb453b4146150824f7af58a620c5d8de5f6b028853a5771fd
.exe windows x86

2630fbfb95c886af5afac6950e54d2b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
ExitProcess
ReadFile
GetFileSize
CreateFileA
GetCommandLineA
GetModuleHandleA
CloseHandle
GetProcessHeap

msvcrt

strrchr
_ftol

user32

GetMessageA
PeekMessageA
DispatchMessageA
wsprintfA
MessageBoxA
TranslateMessage

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ