blackmoon | 29559f464b62b4e0782f2ccef802e28dc29c8a425fbf58416b6c29b955273b77 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29559f464b62b4e0782f2ccef802e28dc29c8a425fbf58416b6c29b955273b77
Size

112KB
MD5

fe25e231090fea10dbb720a7f27adf86
SHA1

3df5510f1dd0ca99564c9249ea7c47ca41990583
SHA256

29559f464b62b4e0782f2ccef802e28dc29c8a425fbf58416b6c29b955273b77
SHA512

3e3b40ba18a2523f8baac28f73825af6c609b65015dac4f3769d855d59c2a46006490b48d031edc79ab7a3e54889920a565accc7727fba10fcb329ab29604a8f
SSDEEP

1536:TITukfG5RXcZtNMRvYRT+iKfbQ1J7bkZ4HkKQqe0bHmIYU3SXIu35:Tydf0XcZtNuvyTQcTXiiCqe0b6x

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29559f464b62b4e0782f2ccef802e28dc29c8a425fbf58416b6c29b955273b77

Files

29559f464b62b4e0782f2ccef802e28dc29c8a425fbf58416b6c29b955273b77
.exe windows x86

511ec6dc5dda0ebd73838dbbc516f14b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
UnmapViewOfFile
HeapFree
IsBadReadPtr
GetCommandLineA
GetModuleFileNameA
MapViewOfFile
HeapReAlloc
CreateFileMappingA

user32

PeekMessageA
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA

msvcrt

??3@YAXPAX@Z
sprintf
strrchr
_ftol
modf
__CxxFrameHandler

shlwapi

PathFileExistsA

ws2_32

gethostname
WSACleanup
WSAStartup

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ