blackmoon | 46b2f516dc41fa52b4c3a251b0af5f713aafd60875494da5a351503f68a3f69b

General

Target

46b2f516dc41fa52b4c3a251b0af5f713aafd60875494da5a351503f68a3f69b
Size

64KB
MD5

d8cff4de7baf67253798daf51be0beff
SHA1

459b5bc022f3e69fcb4ea71c301b964e3fa58627
SHA256

46b2f516dc41fa52b4c3a251b0af5f713aafd60875494da5a351503f68a3f69b
SHA512

763b939507403797a8ab9d7c8199ecd2089c5d7102a2e47763ac1d7c7aff119261b96357ecf1ee9348ca0b8da9e817bac4374601c538dc02e14c2b9deeaa0495
SSDEEP

1536:MY0u1VmBOWAxsUBst5/QkhKLieBsQ4zlKBZ:MY0mvDkhaieBsQ2lKH

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
46b2f516dc41fa52b4c3a251b0af5f713aafd60875494da5a351503f68a3f69b

Files

46b2f516dc41fa52b4c3a251b0af5f713aafd60875494da5a351503f68a3f69b
.dll windows x86

4c1795e9b1005cca1514a0feb3296ac8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
Sleep
CloseHandle
ReadFile
GetProcessHeap
CreateFileA
FindNextFileA
FindFirstFileA
FindClose
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
CreateToolhelp32Snapshot
GetFileSize
ReadProcessMemory

psapi

GetModuleInformation

wininet

InternetCloseHandle
HttpOpenRequestA
InternetSetOptionA
InternetConnectA
InternetOpenA
HttpSendRequestA
InternetReadFile

msvcrt

atoi
_ftol
sprintf
free
malloc
_CIfmod
strrchr
strchr
realloc
??3@YAXPAX@Z
modf
memmove
strncmp
__CxxFrameHandler
_stricmp

user32

PeekMessageA
GetMessageA
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage

Exports

Exports

DriverProc
widMessage
wodMessage

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c1795e9b1005cca1514a0feb3296ac8

Headers

File Characteristics

Imports

kernel32

psapi

wininet

msvcrt

user32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 64KB

.rsrc Size: 4KB - Virtual size: 656B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 64KB

.rsrc
Size: 4KB - Virtual size: 656B

.reloc
Size: 4KB - Virtual size: 1KB