blackmoon | c3ab28619d33596efed765d531bea607e266d3f741bca072d41932b65d965997

Sharing

Copy URL Twitter E-mail

General

Target

c3ab28619d33596efed765d531bea607e266d3f741bca072d41932b65d965997
Size

5.5MB
MD5

23e6e7c0b077bb59696bce5a9779ec2d
SHA1

3542ad7b78b73fef131b90933e5b99378dc05713
SHA256

c3ab28619d33596efed765d531bea607e266d3f741bca072d41932b65d965997
SHA512

149a6cc8f017b3c308a8f5f2315f60bffe5390f13ae18b23c5226bf3d0b490e0bb5766a87fcfcf70a52ecc0a182f332c55b1ca4e1fca4dbc79c9b4ce69a45780
SSDEEP

98304:9c3FovEGaty1U8o+HnhhsZWZYuVsNlvlCmxdlif:9gFovE2s+HjvlotlCIbi

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3ab28619d33596efed765d531bea607e266d3f741bca072d41932b65d965997

Files

c3ab28619d33596efed765d531bea607e266d3f741bca072d41932b65d965997
.dll windows x86

b55b228a2af0bcceadb0cd586efe5359

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
FindClose
FindFirstFileA
ReadFile
GetFileSize
CreateFileA
Process32Next
WriteFile
GetTickCount
DeleteFileA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetPrivateProfileStringA
GetLastError
GetCommandLineA
LoadLibraryA
LCMapStringA
Process32First
CreateToolhelp32Snapshot
LocalAlloc
CloseHandle
CreateThread
RtlMoveMemory
WideCharToMultiByte
lstrlenW
IsBadCodePtr
MultiByteToWideChar
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameA
GetModuleHandleW

user32

LoadIconA
SetForegroundWindow
SetTimer
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
CallWindowProcA
GetAsyncKeyState

ws2_32

closesocket
recv
connect
inet_addr
socket
WSAGetLastError
WSAStartup
send
htons

advapi32

RegDeleteValueA
RegCloseKey
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
ControlService
QueryServiceStatus
DeleteService
CloseServiceHandle
RegDeleteKeyA
RegOpenKeyExA

msvcrt

memmove
modf
strchr
atof
strncmp
__CxxFrameHandler
realloc
atoi
_ftol
sprintf
srand
??3@YAXPAX@Z
strrchr
??2@YAPAXI@Z
free
malloc
_CIfmod
rand

shlwapi

PathFileExistsA

Exports

Exports

a

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.3MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 892KB - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b55b228a2af0bcceadb0cd586efe5359

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

advapi32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4.3MB - Virtual size: 4.4MB

.vmp0 Size: 892KB - Virtual size: 888KB

.reloc Size: 8KB - Virtual size: 7KB

.rsrc Size: 100KB - Virtual size: 99KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4.3MB - Virtual size: 4.4MB

.vmp0
Size: 892KB - Virtual size: 888KB

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 100KB - Virtual size: 99KB