blackmoon | 58a1d49fe1e152f8acebd35ecf04144cdd794cc21169c67cbab7def4cd31123d

Sharing

Copy URL

Twitter E-mail

General

Target

58a1d49fe1e152f8acebd35ecf04144cdd794cc21169c67cbab7def4cd31123d
Size

232KB
MD5

61cd641b7a4feccbbedb828941901fa0
SHA1

bee37f01726ba9faa793058a121caf758867b629
SHA256

58a1d49fe1e152f8acebd35ecf04144cdd794cc21169c67cbab7def4cd31123d
SHA512

a2dd50359643adc9d5cd02dfa171e552b5f5c18a50499cf9ea02a3caa44a93a24d2eadbca4ca138fe722db9773a2d2614285e6070a5145e686624ad080eef94b
SSDEEP

6144:iB8pRFGJSRSs7/62JE4FgORTy2wCB20E/wcFwDKMiD9HR:iCpawD69H

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58a1d49fe1e152f8acebd35ecf04144cdd794cc21169c67cbab7def4cd31123d

Files

58a1d49fe1e152f8acebd35ecf04144cdd794cc21169c67cbab7def4cd31123d
.exe windows x86

cf06f5ca6cface45fea69971d742e72c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlMoveMemory
InterlockedExchangeAdd
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
SetFileTime
WriteFile
InterlockedIncrement
GlobalFree
GetLongPathNameA
GetFileTime
GetFileSizeEx
ReadFile
QueryPerformanceFrequency
GetProcessHeap
CreateTimerQueue
InitializeCriticalSection
lstrlenA
lstrcmpA
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
InterlockedDecrement
VirtualAlloc
VirtualFree
DeleteTimerQueueEx
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GlobalLock
GlobalSize
GlobalUnlock
EnterCriticalSection
CreateIoCompletionPort
LeaveCriticalSection
ReadDirectoryChangesW
GetQueuedCompletionStatus
ExitProcess
HeapReAlloc
IsBadReadPtr
GetModuleFileNameA
GetTickCount
Sleep
CreateDirectoryA
GetEnvironmentVariableA
DeleteFileA
FindNextFileA
FindFirstFileA
FindClose
MultiByteToWideChar
GetUserDefaultLCID
GetModuleHandleA
GetCommandLineA
FreeLibrary
LCMapStringA
FlushFileBuffers
SetStdHandle
LCMapStringW
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
SetFilePointer
GetOEMCP
GetACP
GetCPInfo
RaiseException
IsBadWritePtr
GetVersionExA
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetVersion
CreateThread
CloseHandle
DeviceIoControl
CreateFileA
WideCharToMultiByte
GlobalAlloc
GetStartupInfoA
GetProcAddress
LoadLibraryA

user32

SetWindowPos
PostQuitMessage
SendMessageA
SetWindowTextA
IsClipboardFormatAvailable
RegisterWindowMessageA
GetClientRect
ShowWindow
DefWindowProcA
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
RegisterClipboardFormatA
GetClipboardOwner
SetClipboardViewer
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetSystemMetrics
wsprintfA
MessageBoxA
ChangeClipboardChain

ws2_32

inet_ntoa
WSAStartup
closesocket
htons
socket
bind
recvfrom
inet_addr
sendto

shell32

ExtractIconA
DragQueryFileA
SHChangeNotify
Shell_NotifyIconA

shlwapi

PathIsDirectoryA
PathFileExistsA

psapi

GetProcessMemoryInfo

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegCloseKey

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitialize

oleaut32

OleLoadPicture
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
VarR8FromBool
VarR8FromCy

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf06f5ca6cface45fea69971d742e72c

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

shell32

shlwapi

psapi

advapi32

ole32

oleaut32

Sections

.text Size: 164KB - Virtual size: 161KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 40KB - Virtual size: 94KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 164KB - Virtual size: 161KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 40KB - Virtual size: 94KB

.rsrc
Size: 12KB - Virtual size: 10KB