blackmoon | 0130ea80aa5343514a33045ccd17917fd7b6ec6460ead0034c5d9ad635b05046 | Triage

Sharing

General

Target

0130ea80aa5343514a33045ccd17917fd7b6ec6460ead0034c5d9ad635b05046
Size

10KB
MD5

1e5d68314921306692c139ee24fc4c65
SHA1

fb26e634369545600214b3f379f2b52b612431e6
SHA256

0130ea80aa5343514a33045ccd17917fd7b6ec6460ead0034c5d9ad635b05046
SHA512

88f1f6e04ef5437a1d52790237b37ac7cd5a513f2e92e0ba4d8dc2d7a2f67283bc05d7c158a9682617b29df5355503dc60d688a13cac006d63079e9dc988bba3
SSDEEP

192:0IwUFRs1Qn79OmCImRTrnkghmVwnnnnnnU:KUYin7JCImNrn/hmN

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
0130ea80aa5343514a33045ccd17917fd7b6ec6460ead0034c5d9ad635b05046

Files

0130ea80aa5343514a33045ccd17917fd7b6ec6460ead0034c5d9ad635b05046
.exe windows x86

0b43b72a72270adacba720b524934ff7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
GetCommandLineA
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetProcessHeap
GetModuleHandleA
IsBadReadPtr

user32

TranslateMessage
DispatchMessageA
MessageBoxA
GetMessageA
PeekMessageA
wsprintfA

msvcrt

strrchr
_ftol
modf
sprintf

shlwapi

PathFileExistsA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ