blackmoon | 6057737da3539118d7240979a8637b34dd655f78ccdca02bcbe71c52b6b7702a

Sharing

Copy URL Twitter E-mail

General

Target

6057737da3539118d7240979a8637b34dd655f78ccdca02bcbe71c52b6b7702a
Size

247KB
MD5

0c91014c59df8d05a83b5a95e91f116d
SHA1

6d4614fe978882d84123ebc9846ab1366e7a9a90
SHA256

6057737da3539118d7240979a8637b34dd655f78ccdca02bcbe71c52b6b7702a
SHA512

4f7216f09f4370916046b0ce2bbd2970d996c1f77e98ae9f20d804b052bcfd13065226d1ce7b7f89bc8d8378964f469ed9f09a5b014107dae2c0e8e13d01a188
SSDEEP

3072:2TaNsi6SQPXQDKPp1i1VwpRCbb8L3LpBCVvAcXn7XEhMuuuTaO7VJU+:2TKsYu8EXC/0YVvAcXn7XEhMuuqNV5

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6057737da3539118d7240979a8637b34dd655f78ccdca02bcbe71c52b6b7702a

Files

6057737da3539118d7240979a8637b34dd655f78ccdca02bcbe71c52b6b7702a
.exe windows x86

c6cdf16c70c6a4996b5451bd16878e4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
OpenFileMappingA
CreateFileMappingA
OpenEventA
CreateEventA
VirtualProtect
GetFileAttributesA
CreateToolhelp32Snapshot
Module32Next
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
CreateFileA
Process32First
Process32Next
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
CreateWaitableTimerA
SetWaitableTimer
lstrcpyn
GetProcessHeap
GetModuleHandleA
ExitProcess
VirtualFree
HeapReAlloc
HeapFree
IsBadReadPtr
Sleep
WriteFile
GetStdHandle
ReadConsoleA
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
HeapAlloc
IsDebuggerPresent

user32

GetClassNameA
CreateWindowStationA
GetWindowThreadProcessId
MessageBoxA
GetWindowTextA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
wsprintfA
IsWindowVisible

shell32

ShellExecuteA

wininet

InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle

ws2_32

inet_addr
htons
socket
WSAStartup
connect
gethostbyname
send
recv
getsockname
ntohs
WSAAsyncSelect
select
WSACleanup
closesocket

msvcrt

_getch
memmove
realloc
strchr
strrchr
modf
_atoi64
??2@YAPAXI@Z
strncmp
sprintf
__CxxFrameHandler
??3@YAXPAX@Z
free
malloc
atoi
_ftol
_CIfmod
strtod
strncpy

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6cdf16c70c6a4996b5451bd16878e4e

Headers

File Characteristics

Imports

kernel32

user32

shell32

wininet

ws2_32

msvcrt

Sections

.text Size: 223KB - Virtual size: 223KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 77KB

.rsrc Size: 1024B - Virtual size: 664B

.text
Size: 223KB - Virtual size: 223KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 77KB

.rsrc
Size: 1024B - Virtual size: 664B