blackmoon | 1e1aa0ea434f392eb23fcecba1e32b2ee0602aab3aea1b8dd9bd1b8142e52280

Sharing

Copy URL Twitter E-mail

General

Target

1e1aa0ea434f392eb23fcecba1e32b2ee0602aab3aea1b8dd9bd1b8142e52280
Size

640KB
MD5

ec68890b74219aa4eac01bd5ec212715
SHA1

35ff0daf2b919d12c0227ddb9b430dc54d034feb
SHA256

1e1aa0ea434f392eb23fcecba1e32b2ee0602aab3aea1b8dd9bd1b8142e52280
SHA512

a454941341473f9cc229339267d1e68d8f254691c33d54fbf5fe55699c65736567c2c72f1aa7d101ebcbeef2261c5f3d4157f8f28a9ec7814819df8667566aa1
SSDEEP

12288:ACf7duRyH9mwbCJcUsfkJNQ64R57kFJqu2MCj1qBn7Txd02+maNzUYFQ5+2k35aD:ACf7duRydmwasfkJNQ6/v2tJi7Txp+mh

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e1aa0ea434f392eb23fcecba1e32b2ee0602aab3aea1b8dd9bd1b8142e52280

Files

1e1aa0ea434f392eb23fcecba1e32b2ee0602aab3aea1b8dd9bd1b8142e52280
.exe windows x86

ad86e1fc296e8ae035a219720f786b6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
GetStdHandle
HeapReAlloc
ExitProcess
GetModuleHandleA
SetWaitableTimer
CreateWaitableTimerA
WriteFile
GetProcAddress
IsBadReadPtr
CreateThread
GetModuleFileNameA
HeapFree
RtlMoveMemory
lstrcpyA
lstrcatA
MulDiv
GetCurrentProcessId
lstrcpynW
OpenProcess
CloseHandle
GetProcessHeap
HeapAlloc

user32

ScreenToClient
SendMessageA
ReleaseCapture
SetWindowLongA
GetDC
GetSysColor
RegisterHotKey
LoadBitmapA
SetCapture
CallWindowProcA
MessageBoxA
MsgWaitForMultipleObjects
GetInputState
GetCursorPos
UnregisterHotKey
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
CreateWindowExA

gdi32

GetDeviceCaps
CreateFontA
DeleteObject
TranslateCharsetInfo

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

msvcrt

strstr
malloc
realloc
strchr
strrchr
_CIfmod
free
_ftol
atoi
sprintf
_atoi64
_stricmp

oleaut32

VariantTimeToSystemTime

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

comctl32

ImageList_Destroy
ImageList_Create
ImageList_Add
ImageList_BeginDrag
ImageList_DragLeave
ImageList_DragEnter
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 609KB - Virtual size: 674KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad86e1fc296e8ae035a219720f786b6d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

oleaut32

shell32

comctl32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 609KB - Virtual size: 674KB

.rsrc Size: 1024B - Virtual size: 664B

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 609KB - Virtual size: 674KB

.rsrc
Size: 1024B - Virtual size: 664B