blackmoon | b6dc397467fa584eebd1da33f4bbde20c68655415a8f6276a7b677590382a3c5

Sharing

Copy URL Twitter E-mail

General

Target

b6dc397467fa584eebd1da33f4bbde20c68655415a8f6276a7b677590382a3c5
Size

3.0MB
MD5

3d75bd02c4d09dd107d77f33c9c3f34f
SHA1

802147770c8aeb1b63daef1ea6453195bf4e3dc0
SHA256

b6dc397467fa584eebd1da33f4bbde20c68655415a8f6276a7b677590382a3c5
SHA512

46fe85b9d8e078b5e84cdc3a6cf86fb41db46a95efbb174beb04a1de76589ce4a994079b3f5172ea2efa20c6b6df10c4fd5144b92681fa8369a2232737b09b53
SSDEEP

49152:j5aBrSw4QxFI532TbEsbxhGKJ/5klOSGT6+VZIy6GJTtILPwYgyyjsHcjO:UtSWxGl2pxhGKJ/4OQ+VS0fMgJIYO

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6dc397467fa584eebd1da33f4bbde20c68655415a8f6276a7b677590382a3c5

Files

b6dc397467fa584eebd1da33f4bbde20c68655415a8f6276a7b677590382a3c5
.exe windows x86

28c13e8103e1fa5df002f405e5147005

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
LocalAlloc
RtlMoveMemory
LocalFree
IsBadReadPtr
IsBadCodePtr
BeginUpdateResourceA
lstrcpynW
UpdateResourceA
EndUpdateResourceA
CreateWaitableTimerA
SetWaitableTimer
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
GetProcAddress
CreateDirectoryA
CreateFileA
WritePrivateProfileStringA
WriteFile
SetFilePointer
DeleteFileA
CopyFileA
MoveFileA
SetFileAttributesA
GetUserDefaultLCID
CreateProcessA
GetModuleFileNameA
ReadFile
GetFileSize
FindNextFileA
FindFirstFileA
FindClose
GetCommandLineA
FreeLibrary
LoadLibraryA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
LCMapStringA
CreateFileW
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
GetConsoleMode
GetConsoleCP
HeapSize
Sleep
TerminateProcess
OpenProcess
GetCurrentProcess
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
lstrcpyn
WideCharToMultiByte
GetTempPathW
lstrlenW
LoadLibraryW
FlushFileBuffers
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
HeapSetInformation
GetStartupInfoW
GetLastError
RtlUnwind
SetUnhandledExceptionFilter
GetModuleHandleW
DecodePointer
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount

user32

TranslateMessage
FillRect
DrawIconEx
ReleaseDC
PeekMessageA
GetDC
DispatchMessageA
GetMessageA
wsprintfA
MessageBoxA
GetInputState
MsgWaitForMultipleObjects

gdi32

GdiFlush
BitBlt
CreateDIBSection
DeleteObject
DeleteDC
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

shell32

SHGetSpecialFolderPathW
ExtractAssociatedIconA

ole32

CoUninitialize
CoCreateInstance
OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize

shlwapi

PathFindFileNameA
PathFileExistsA
PathFindExtensionA

oleaut32

VariantTimeToSystemTime
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28c13e8103e1fa5df002f405e5147005

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

shlwapi

oleaut32

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 32KB - Virtual size: 89KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 32KB - Virtual size: 89KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 6KB - Virtual size: 5KB