blackmoon | BH[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

BH.exe
Size

53.2MB
MD5

52901ba809ccd5428a38032bfdce96c7
SHA1

9da17ece0b2b5f31461c6a97d6cf24802698b4f3
SHA256

a996cad6b535c3d221326ae2effe4eaf418a81e87eee74cb447fd6a4c43899ca
SHA512

8cf5e089c249530ad2c85b6b82685bf8b211fd02cd9aeebb0c23ae0e1f7dd5f5224b43df64e9bb26efcc061e658d9950aa46fbfa148b5bd3304e745d42a64fc1
SSDEEP

1572864:T4UKitw3HnwwZBL+aSbwdzT1HjJDOaxe5:MqwXTDS8xT1HNDRxe5

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BH.exe

Files

BH.exe
.exe windows x86

c7d346a9e7b795cc73dc012652258903

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opencv_world460

??0Mat@cv@@QAE@XZ

lua51

luaL_loadfile

kernel32

GetFileAttributesExW

user32

GetKeyNameTextW

gdi32

DeleteObject

msimg32

AlphaBlend

winspool.drv

DocumentPropertiesW

advapi32

RegDeleteValueW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW

uxtheme

GetWindowTheme

ole32

CoRegisterMessageFilter

oleaut32

VariantCopy

oledlg

OleUIBusyW

gdiplus

GdipGetImageHeight

winmm

timeGetTime

ws2_32

WSACloseEvent

oleacc

LresultFromObject

imm32

ImmGetOpenStatus

iphlpapi

GetAdaptersInfo

Sections

.text
Size: - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.<Ku
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.svmp1
Size: - Virtual size: 13.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.svmp2
Size: 19.0MB - Virtual size: 19.0MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.svmp3
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.svmp4
Size: 26.1MB - Virtual size: 26.1MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7d346a9e7b795cc73dc012652258903

Headers

DLL Characteristics

File Characteristics

Imports

opencv_world460

lua51

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

winmm

ws2_32

oleacc

imm32

iphlpapi

Sections

.text Size: - Virtual size: 8.8MB

.rdata Size: - Virtual size: 398KB

.data Size: - Virtual size: 1.0MB

.<Ku Size: - Virtual size: 3.3MB

.rsrc Size: 6.4MB - Virtual size: 6.4MB

.svmp1 Size: - Virtual size: 13.3MB

.svmp2 Size: 19.0MB - Virtual size: 19.0MB

.svmp3 Size: 1.7MB - Virtual size: 1.7MB

.svmp4 Size: 26.1MB - Virtual size: 26.1MB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: - Virtual size: 8.8MB

.rdata
Size: - Virtual size: 398KB

.data
Size: - Virtual size: 1.0MB

.<Ku
Size: - Virtual size: 3.3MB

.rsrc
Size: 6.4MB - Virtual size: 6.4MB

.svmp1
Size: - Virtual size: 13.3MB

.svmp2
Size: 19.0MB - Virtual size: 19.0MB

.svmp3
Size: 1.7MB - Virtual size: 1.7MB

.svmp4
Size: 26.1MB - Virtual size: 26.1MB

.reloc
Size: 22KB - Virtual size: 22KB