blackmoon | 904838c0afc5c7b81cb02cc2096ab593e19ed38c08c7537ec99c6892351100b2

Sharing

Copy URL

Twitter E-mail

General

Target

904838c0afc5c7b81cb02cc2096ab593e19ed38c08c7537ec99c6892351100b2
Size

15.5MB
MD5

2669dd157a02b5f883e009aab49886a6
SHA1

f843456d242284b8029db3e3e66029ce6021284f
SHA256

904838c0afc5c7b81cb02cc2096ab593e19ed38c08c7537ec99c6892351100b2
SHA512

2aff7f9fbf4a63e632ecffc7e645c7cbae0c78da234a971ea577b97ddbf39135f6d0ebeb8c73f4df57c2a2055e7a93da42aa288779b70845261e0d84c22c11fe
SSDEEP

393216:5hRO3CNj7MMm3BpgZ1AJUBQqSllQCNlnt71sz:vRO3Qm3g8UBqlZPnt71sz

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
904838c0afc5c7b81cb02cc2096ab593e19ed38c08c7537ec99c6892351100b2

Files

904838c0afc5c7b81cb02cc2096ab593e19ed38c08c7537ec99c6892351100b2
.exe windows x86

130a39e4b1f603c5507370d0582674f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

socket

rasapi32

RasHangUpA

kernel32

MapViewOfFile

user32

GetWindow

gdi32

LineTo

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

CLSIDFromString

oleaut32

LoadTypeLi

comctl32

ImageList_Add

wininet

InternetCloseHandle

comdlg32

ChooseColorA

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 14.4MB - Virtual size: 18.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

130a39e4b1f603c5507370d0582674f9

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

msvcrt

iphlpapi

psapi

Sections

.text Size: 14.4MB - Virtual size: 18.0MB

.sedata Size: 1.0MB - Virtual size: 1.0MB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 14.4MB - Virtual size: 18.0MB

.sedata
Size: 1.0MB - Virtual size: 1.0MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.sedata
Size: 4KB - Virtual size: 4KB