blackmoon | 03e0564d7c08b8b96a6ff9d90205b8e3f013c2be75f35004c34a767694415644 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03e0564d7c08b8b96a6ff9d90205b8e3f013c2be75f35004c34a767694415644
Size

118KB
MD5

c4114fc99905863d82dae02e1d00d5cb
SHA1

1458e29e8460ee080088e00bf91c9ea12af21806
SHA256

03e0564d7c08b8b96a6ff9d90205b8e3f013c2be75f35004c34a767694415644
SHA512

c615511d4355c810071ea455718b306e3567b5da04e55bc341c2978a86991e805081d6d40562b8863fad3cc1117f7d83a3027dfa33f71845ba689c27c7daa32a
SSDEEP

3072:4QyksdsiOnnU/FvqCtTU620w4mxqShT/nvCyxiyaSCY:6TdsiOnnU/FvvtTU620lmxqSMST

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03e0564d7c08b8b96a6ff9d90205b8e3f013c2be75f35004c34a767694415644

Files

03e0564d7c08b8b96a6ff9d90205b8e3f013c2be75f35004c34a767694415644
.exe windows x86

b4320538936128b29b4dbc4844eea760

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
CopyFileA
GetModuleFileNameA
GetLocalTime
GetCommandLineA
FreeLibrary
GetProcessHeap
LoadLibraryA
LCMapStringA
RtlMoveMemory
IsBadReadPtr
VirtualProtect
WideCharToMultiByte
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
lstrlenW
GetProcAddress
MultiByteToWideChar

shlwapi

PathFileExistsA

user32

MessageBoxA
ShowWindow
wsprintfA
GetSystemMetrics
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA

msvcrt

atof
strrchr
_ftol
strchr
atoi
modf
free
malloc
??3@YAXPAX@Z
memmove
strncmp
__CxxFrameHandler
sprintf

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ