blackmoon | c9f5c92416882bb8e55733a022fd64bbbd6065d7250da06b02162679ca59aa52

Sharing

Copy URL Twitter E-mail

General

Target

c9f5c92416882bb8e55733a022fd64bbbd6065d7250da06b02162679ca59aa52
Size

184KB
MD5

721006bfff29dd2fc5a6aa37dc768a92
SHA1

f9f4108520bfbb4fb26e93773df7dd19e8e7e8a4
SHA256

c9f5c92416882bb8e55733a022fd64bbbd6065d7250da06b02162679ca59aa52
SHA512

4a57da182f813e72a8c4db93941da87deffe0ca702bc4673a4527baa30659ddfc77e84641f16840e438db25836204b100dce4e85ff5e50ec590a81d26e18b2b8
SSDEEP

3072:8OAXu6GPHDMvNyNVX6+kUJrCeWRbNPngPYOG1tPUC:8fCLnXWRNPNF

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9f5c92416882bb8e55733a022fd64bbbd6065d7250da06b02162679ca59aa52

Files

c9f5c92416882bb8e55733a022fd64bbbd6065d7250da06b02162679ca59aa52
.exe windows x86

9aa5e69a5af2ca0342d9296e41445546

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
IsBadReadPtr
IsBadCodePtr
CreateDirectoryA
MoveFileA
RtlMoveMemory
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
CreatePipe
WriteFile
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
PeekNamedPipe
ReadFile
CreateWaitableTimerA
SetWaitableTimer
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
GetTickCount
GetModuleFileNameA
CreateFileA
GetUserDefaultLCID
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
FindFirstFileA
GetCommandLineA
LocalAlloc
GetProcAddress
LoadLibraryA
LCMapStringA
GetCurrentThreadId
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
IsDebuggerPresent
lstrcatA
GetEnvironmentStrings
FreeEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsA
TlsSetValue
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetVersion
GetStartupInfoA
GetCurrentProcess
GetLastError
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetTempPathW
FreeLibrary
lstrlenW
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringW
SetUnhandledExceptionFilter
SetFilePointer
GetStringTypeW
RaiseException
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualAlloc

user32

MsgWaitForMultipleObjects
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CoInitializeSecurity
CoInitialize
CLSIDFromProgID
OleRun
IIDFromString
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CLSIDFromString

ws2_32

inet_addr

iphlpapi

SendARP

oleaut32

VariantCopy
VariantTimeToSystemTime
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayDestroy
SysAllocString
VariantClear
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString

winhttp

WinHttpCloseHandle
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl
WinHttpCheckPlatform
WinHttpSetOption
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA

shlwapi

PathFileExistsA

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9aa5e69a5af2ca0342d9296e41445546

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

ws2_32

iphlpapi

oleaut32

winhttp

wininet

shlwapi

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 98KB

.rsrc Size: 4KB - Virtual size: 696B

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 98KB

.rsrc
Size: 4KB - Virtual size: 696B