Behavioral task
behavioral1
Sample
f63b681a54a961b71e800b9664f3a54ee03690f94ed803fea86a3d834a308421.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f63b681a54a961b71e800b9664f3a54ee03690f94ed803fea86a3d834a308421.exe
Resource
win10v2004-20230220-en
General
-
Target
f63b681a54a961b71e800b9664f3a54ee03690f94ed803fea86a3d834a308421
-
Size
60KB
-
MD5
fb03e7a28367813a3cdc555ba9f00459
-
SHA1
907ca28f432828b80bcdcd261d6ca0c2c1987a5f
-
SHA256
f63b681a54a961b71e800b9664f3a54ee03690f94ed803fea86a3d834a308421
-
SHA512
904fa21150d0ebaf112d12b317b2a7a1cf30f75751867e5efb9de5b838aef6477a25d40f5d770b54687189084633ced647678869d906f6fea767ac6fee9ace5f
-
SSDEEP
768:yXlHz2Tyw3MjYB5cyXd5RbpiItDRiB9Jm1byNrQFztm9T:2Rz2Tx8y5TdnpttDmRStwT
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f63b681a54a961b71e800b9664f3a54ee03690f94ed803fea86a3d834a308421
Files
-
f63b681a54a961b71e800b9664f3a54ee03690f94ed803fea86a3d834a308421.exe windows x86
422e6575959d594211eadad9ef308086
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
CloseHandle
ReadFile
GetFileSize
ExitProcess
GetCommandLineA
GetStringTypeW
GetModuleHandleA
CreateFileA
GetProcessHeap
GetStringTypeA
GetStartupInfoA
GetVersion
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
GetProcAddress
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
FlushFileBuffers
user32
MessageBoxA
wsprintfA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
Sections
.text Size: 32KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 700B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ