blackmoon | c37546f01d7a42440c6c92a00d4c861a8665144821316d1c8b131c1214c371df

Sharing

Copy URL Twitter E-mail

General

Target

c37546f01d7a42440c6c92a00d4c861a8665144821316d1c8b131c1214c371df
Size

184KB
MD5

4683dd466437fe631256c9973b256ed0
SHA1

fc88ea63c8e82b15895752aca0365a6fdc8a6764
SHA256

c37546f01d7a42440c6c92a00d4c861a8665144821316d1c8b131c1214c371df
SHA512

b3c64d4aada82816033e3e612b6b6acb33c3100edf9eb2461095b0b5786524a58f21bc7a774be93a309c3ee574a144eafccbef478ea0d883ef84f350a9f2a703
SSDEEP

3072:8OAXu6GPHDMvNyNVX6+kUJrCeWRbNPngPYOG1tkUC:8fCLnXWRNPN6

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c37546f01d7a42440c6c92a00d4c861a8665144821316d1c8b131c1214c371df

Files

c37546f01d7a42440c6c92a00d4c861a8665144821316d1c8b131c1214c371df
.exe windows x86

9aa5e69a5af2ca0342d9296e41445546

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
IsBadReadPtr
IsBadCodePtr
CreateDirectoryA
MoveFileA
RtlMoveMemory
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
CreatePipe
WriteFile
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
PeekNamedPipe
ReadFile
CreateWaitableTimerA
SetWaitableTimer
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
GetTickCount
GetModuleFileNameA
CreateFileA
GetUserDefaultLCID
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
FindFirstFileA
GetCommandLineA
LocalAlloc
GetProcAddress
LoadLibraryA
LCMapStringA
GetCurrentThreadId
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
IsDebuggerPresent
lstrcatA
GetEnvironmentStrings
FreeEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsA
TlsSetValue
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetVersion
GetStartupInfoA
GetCurrentProcess
GetLastError
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetTempPathW
FreeLibrary
lstrlenW
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringW
SetUnhandledExceptionFilter
SetFilePointer
GetStringTypeW
RaiseException
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualAlloc

user32

MsgWaitForMultipleObjects
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CoInitializeSecurity
CoInitialize
CLSIDFromProgID
OleRun
IIDFromString
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CLSIDFromString

ws2_32

inet_addr

iphlpapi

SendARP

oleaut32

VariantCopy
VariantTimeToSystemTime
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayDestroy
SysAllocString
VariantClear
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString

winhttp

WinHttpCloseHandle
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl
WinHttpCheckPlatform
WinHttpSetOption
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA

shlwapi

PathFileExistsA

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9aa5e69a5af2ca0342d9296e41445546

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

ws2_32

iphlpapi

oleaut32

winhttp

wininet

shlwapi

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 98KB

.rsrc Size: 4KB - Virtual size: 696B

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 98KB

.rsrc
Size: 4KB - Virtual size: 696B