blackmoon | d8b4d22da76c4fad2e58e4766ab245a4120d8b18b7431e43d6fda1f1e1da1761 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d8b4d22da76c4fad2e58e4766ab245a4120d8b18b7431e43d6fda1f1e1da1761
Size

36KB
MD5

9f0e08a643f43f8059d57c62ba442b70
SHA1

668395e4037bffba0113243bca69d7d5289a5e2c
SHA256

d8b4d22da76c4fad2e58e4766ab245a4120d8b18b7431e43d6fda1f1e1da1761
SHA512

527d68cc72e8156ad4be3b3544b39a39181cb4709146ae25479ec4fbe2dfd4c993f9ca1ba490301c924a99b775f75bbc5b6183f4a4cbf5f41ac7d3dd83935407
SSDEEP

384:CIPzDSmFotj84++ApPpIgd5qGZcjshtys:CIPzDhqYpP/Ci

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d8b4d22da76c4fad2e58e4766ab245a4120d8b18b7431e43d6fda1f1e1da1761

Files

d8b4d22da76c4fad2e58e4766ab245a4120d8b18b7431e43d6fda1f1e1da1761
.dll windows x86

53937d953bb00d984f258e0b7803eed5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
Sleep
GetProcAddress
GetCommandLineA
DeleteCriticalSection
CreateThread
CloseHandle
LoadLibraryA
GetEnvironmentVariableA
FreeLibrary

msvcrt

strrchr
_ftol
free

user32

wsprintfA
DispatchMessageA
TranslateMessage
PeekMessageA
GetMessageA
MessageBoxA

Exports

Exports

KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ