blackmoon | fac7f00a993e24863f1eb945a3a5976e9c487ed0a40241822ceaf46df92f3772

Sharing

Copy URL

Twitter E-mail

General

Target

fac7f00a993e24863f1eb945a3a5976e9c487ed0a40241822ceaf46df92f3772
Size

2.1MB
MD5

a35ce4507356d59d3c30b3221f741e1a
SHA1

8b9cf1d62309064947d66c8d631893811d65ab62
SHA256

fac7f00a993e24863f1eb945a3a5976e9c487ed0a40241822ceaf46df92f3772
SHA512

dd0b7dc91cc59efe71ad131481891063af28910eef98e27aaf1334b2d08d67b5064d49dd35d376db7e0949a01d9a8da318302c0865f2a7739c6c16950aea1720
SSDEEP

24576:mvpH41Cl36RgrO/+yKqkuQwxbpYUsNdQyXMTVlbcEBNno5Tgw2SdKm7pAMWLC5O7:kmOwxbSXMTHbcETOH2CKm7ZWnXow

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fac7f00a993e24863f1eb945a3a5976e9c487ed0a40241822ceaf46df92f3772

Files

fac7f00a993e24863f1eb945a3a5976e9c487ed0a40241822ceaf46df92f3772
.exe windows x86

7ea4d3b4981577bc540bdfb878a962cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
LockResource
LoadResource
GetTempPathW
CreateFileW
FindResourceExW
GetCurrentProcess
GetFileSize
GetModuleHandleW
ExpandEnvironmentStringsW
TerminateProcess
GetWindowsDirectoryW
FindFirstFileW
lstrcmpW
GetCurrentDirectoryW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetFileAttributesW
GetTickCount
CreateDirectoryW
GetLastError
FindNextFileW
SetFilePointer
FindClose
ReadFile
RemoveDirectoryW
WriteFile
CreateProcessW
GetModuleFileNameW
WaitForSingleObject
GetSystemDirectoryW
MultiByteToWideChar
GetCommandLineW
WideCharToMultiByte
UnmapViewOfFile
SetEndOfFile
CreateFileMappingW
MapViewOfFile
EnterCriticalSection
GetCurrentProcessId
WaitForMultipleObjects
VirtualFree
VirtualAlloc
DeleteCriticalSection
SetEvent
InitializeCriticalSection
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
GetStdHandle
GetFileInformationByHandle
CopyFileW
SetFileTime
MoveFileW
GetTempFileNameW
GetSystemInfo
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetLocalTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
CreateFileA
CloseHandle
FindResourceW
GetProcAddress
LoadLibraryW
LeaveCriticalSection
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
HeapCreate
GetStringTypeW
RaiseException
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedIncrement
InterlockedDecrement
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
CreateThread
GetStartupInfoW
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA

user32

UnregisterClassA
CharLowerW
CharUpperW
GetDesktopWindow

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

ole32

CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantCopy

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathIsDirectoryW
PathAppendW
PathFileExistsW

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dkvy
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_MEM_EXECUTE

Sharing

General

Malware Config

Signatures

Files

7ea4d3b4981577bc540bdfb878a962cf

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 384KB - Virtual size: 383KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 24KB - Virtual size: 20KB

.dkvy Size: 196KB - Virtual size: 195KB

.text
Size: 384KB - Virtual size: 383KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 24KB - Virtual size: 20KB

.dkvy
Size: 196KB - Virtual size: 195KB