blackmoon | de686456d65ea26c94112f739a26d09debdb55916004b3c3be0175ff37469cee

Sharing

Copy URL

Twitter E-mail

General

Target

de686456d65ea26c94112f739a26d09debdb55916004b3c3be0175ff37469cee
Size

1.6MB
MD5

7e4fe68199ef4eb9510af65a0bc009ab
SHA1

0e4f891b11e7f863e37272c92b27bd89abbffcdd
SHA256

de686456d65ea26c94112f739a26d09debdb55916004b3c3be0175ff37469cee
SHA512

c14929f99abc2b8a75784c9b407bfa23676bbccc7cda0684de815a8e88359bd97abe313adbb8acf48254ebaedd0b3d64d029836520ec4d94b3fc6191bf3122ef
SSDEEP

24576:Yt9fyVFKVSfs4q5IxFxvDjQDNkWgd75+MdZEZGzqaMvTpp/QFIPP5:YAirR5IRrEZk3tBI44vTpp/EIPP5

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
de686456d65ea26c94112f739a26d09debdb55916004b3c3be0175ff37469cee

Files

de686456d65ea26c94112f739a26d09debdb55916004b3c3be0175ff37469cee
.exe windows x86

5670cdd68889fa6fce86b7879f39e7ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
PeekNamedPipe
ReadFile
GetExitCodeProcess
GlobalMemoryStatusEx
MultiByteToWideChar
WideCharToMultiByte
CopyFileA
IsBadCodePtr
FindResourceA
SizeofResource
LoadResource
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
lstrcatA
lstrlenW
RtlZeroMemory
GetProcessHeap
HeapAlloc
lstrcmpW
lstrcmpiW
ExitProcess
HeapReAlloc
HeapFree
IsBadReadPtr
WriteFile
GetStdHandle
ReadConsoleA
GetModuleFileNameA
CloseHandle
GetFileSize
CreateFileA
FindNextFileA
FindFirstFileA
FindClose
GetVersionExA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
GetTickCount
SetFilePointer
GetUserDefaultLCID
GetCommandLineA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
LCMapStringA
CreatePipe
FreeLibrary
GetModuleHandleA
VirtualFree
GetProcAddress
LoadLibraryA
VirtualAlloc
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
FlushFileBuffers
SetStdHandle
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
RaiseException
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetVersion
RtlMoveMemory
lstrcpynA

gdiplus

GdiplusStartup

advapi32

RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA

shlwapi

PathIsDirectoryEmptyA
PathFileExistsA
StrToIntW
StrToIntExW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetGetConnectedState

oleaut32

SysFreeString
SysAllocString
SafeArrayDestroy
VariantClear
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit
SafeArrayGetDim

ole32

CLSIDFromString
CLSIDFromProgID
OleRun
CoInitialize
IIDFromString
CoUninitialize
CoCreateInstance
CoInitializeSecurity

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
wsprintfA

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5670cdd68889fa6fce86b7879f39e7ef

Headers

File Characteristics

Imports

kernel32

gdiplus

advapi32

shlwapi

version

wininet

oleaut32

ole32

user32

Sections

.text Size: 212KB - Virtual size: 211KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 212KB - Virtual size: 211KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 4KB - Virtual size: 664B