blackmoon | e447158b4d772bfd628efd203f5515e179a9bb18db35cdeef9f0a40a3e752961 | Triage

Sharing

General

Target

e447158b4d772bfd628efd203f5515e179a9bb18db35cdeef9f0a40a3e752961
Size

474KB
MD5

b4b72f5d5689a67d948d7cdadc3d2fac
SHA1

4349ac4e0cf808b6a30ae0ed28421e2258fc2568
SHA256

e447158b4d772bfd628efd203f5515e179a9bb18db35cdeef9f0a40a3e752961
SHA512

7872d1e6ca616f79f77bb4098ba3308ce33d28ad8fda6e869b4368233d3fb46cf15e6ee45975462dd65fe809e64ad9f3b1a4e39e6a90194d92d8e3e220860c7e
SSDEEP

12288:OED6iW4/yOQ70Ev5to9jyEq19/+m+nb7Qb8aZglFsbhE9qbtapClhv8TYTi:OI6iW4/yOQ7045to9jyEq19/4bkb8aez

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e447158b4d772bfd628efd203f5515e179a9bb18db35cdeef9f0a40a3e752961

Files

e447158b4d772bfd628efd203f5515e179a9bb18db35cdeef9f0a40a3e752961
.exe windows x86

ad1b2a00ce393648beb7b7d3755a7752

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
MessageBoxA
GetWindowThreadProcessId

kernel32

CopyFileA
LoadLibraryA
GetProcAddress
FreeLibrary
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA

msvcrt

modf
_ftol
free
malloc
sprintf
strchr
atoi
realloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ