blackmoon | aa1ff0947aaea9f89d965ac43bcad19a8ba20ba8e705f0e6ac38bcb32176f299 | Triage

Sharing

General

Target

aa1ff0947aaea9f89d965ac43bcad19a8ba20ba8e705f0e6ac38bcb32176f299
Size

13KB
MD5

440cb2112f6db879acf35b115fa719e9
SHA1

56e050d4583484e327bd2eca095064599728f234
SHA256

aa1ff0947aaea9f89d965ac43bcad19a8ba20ba8e705f0e6ac38bcb32176f299
SHA512

f4d4c08f47cfac4120ebadc8216e38c1debe82d13e249786b3dcea243819fd6a29399eff98878d675554e1104dec821cf0bb5fd504352621bad3b627b54b3c38
SSDEEP

192:GDwAUJa3ut5Uq1VGbyZ2H/emCjWMvzRiWLSghKV2unnnnnnh:xUq1uGQnCjJQShKV

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
aa1ff0947aaea9f89d965ac43bcad19a8ba20ba8e705f0e6ac38bcb32176f299

Files

aa1ff0947aaea9f89d965ac43bcad19a8ba20ba8e705f0e6ac38bcb32176f299
.exe windows x86

b78486956af9651ad54b699ad47ec55a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
GetStdHandle
IsBadReadPtr
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
AllocConsole
HeapFree
GetSystemWow64DirectoryA

shlwapi

PathFileExistsA

user32

GetMessageA
TranslateMessage
DispatchMessageA
FindWindowA
PeekMessageA
MessageBoxA
wsprintfA

msvcrt

sprintf
strrchr
strchr
atoi
modf
_ftol

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ