blackmoon | 01582d50b2340b66cc8142763424512ad4bde0bb5f30e81ffb0a0120855f0f26

Sharing

Copy URL

Twitter E-mail

General

Target

01582d50b2340b66cc8142763424512ad4bde0bb5f30e81ffb0a0120855f0f26
Size

120KB
MD5

6abae0e8e075a76638c703cf3e8d170d
SHA1

1aefe2ccd37ce1acff9c2a4c928e42487e958304
SHA256

01582d50b2340b66cc8142763424512ad4bde0bb5f30e81ffb0a0120855f0f26
SHA512

b26b01adc9bfdf4843d12d9321078f626a82615f15d88bdeb71a658ee2c03c49b26a0a11a68d2c74acc9c0654d44bbfce61732e1ec3efc42f8205eaa559ae7b1
SSDEEP

1536:ZVCFqJ2SxVCD4jUSVnBZkNExqBYi3TOaBCP4oQVF2QVIYUMRtyk+IIN7R5:X2qESxVCDInDqBYOt2AIYUMRtyXND5

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
01582d50b2340b66cc8142763424512ad4bde0bb5f30e81ffb0a0120855f0f26

Files

01582d50b2340b66cc8142763424512ad4bde0bb5f30e81ffb0a0120855f0f26
.exe windows x86

61fd47edfa6eec56bccba5aaa29f882e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
WideCharToMultiByte
GetCurrentProcess
OpenProcess
GlobalFree
GlobalAlloc
GlobalLock
RtlMoveMemory
GlobalUnlock
lstrcpyn
lstrcpynA
GlobalSize
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetCommandLineW
WriteFile
GetStdHandle
ReadConsoleA
GetFileSize
CreateFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
lstrlenW
LocalFree
LocalAlloc
CloseHandle
FlushFileBuffers
SetStdHandle
LCMapStringW
IsBadCodePtr
SetFilePointer
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
HeapSize
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
ReadFile
CreateFileW
MultiByteToWideChar
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
SetSystemPowerState
GetVersionExA
GetVersion
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetCurrentThreadId

user32

GetActiveWindow
PeekMessageA
IsWindow
ExitWindowsEx
GetMessageA
TranslateMessage
MessageBoxA
wsprintfA
DispatchMessageA

shell32

SHFileOperationA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetFileInfoW
ShellExecuteA
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromString
CreateStreamOnHGlobal

gdiplus

GdipCreateBitmapFromStream
GdipDisposeImage
GdipLoadImageFromFile
GdipSaveImageToStream
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipFillRectangle
GdipDrawImageRectRect
GdipDeleteGraphics
GdipDeleteBrush
GdipCreateSolidFill
GdiplusStartup

comdlg32

GetSaveFileNameA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61fd47edfa6eec56bccba5aaa29f882e

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

gdiplus

comdlg32

advapi32

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 24KB - Virtual size: 77KB

.rsrc Size: 4KB - Virtual size: 644B

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 24KB - Virtual size: 77KB

.rsrc
Size: 4KB - Virtual size: 644B