blackmoon | BH[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

BH.exe
Size

53.9MB
MD5

3a68802e499808460a98c5caa9227d3d
SHA1

166341d22cfd2602f6d48687752b14e91ac14824
SHA256

8cf943617e57235f0662a5611f60afe590b40245e3b5cc74cedd73e0aab39608
SHA512

2629fa83371becac4252a45c0bd87e50d2661d4b6f25c55f18b92a02e975be6c211a3938020c561af9d834aa741b7f92cccd7a057c64b4ae7ff8e8cbd99ef3ed
SSDEEP

1572864:+4bW6NXaBYZIf2bQoC3A9OU8cEVUNL5y:BbBNR1CQ9OUDtA

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BH.exe

Files

BH.exe
.exe windows x86

73398fe5caef1d9a6749e740112d1eb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lua51

luaL_loadfile

kernel32

GetFileTime

user32

GetKeyNameTextW

gdi32

DeleteObject

msimg32

TransparentBlt

winspool.drv

DocumentPropertiesW

advapi32

RegDeleteValueW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW

uxtheme

GetWindowTheme

ole32

CoRegisterMessageFilter

oleaut32

VarBstrFromDate

oledlg

OleUIBusyW

gdiplus

GdipGetImagePalette

winmm

timeGetTime

ws2_32

sendto

oleacc

AccessibleObjectFromWindow

imm32

ImmReleaseContext

iphlpapi

GetAdaptersInfo

Sections

.text
Size: - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.<U6
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.svmp1
Size: - Virtual size: 14.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.svmp2
Size: 20.0MB - Virtual size: 20.0MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.svmp3
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.svmp4
Size: 25.7MB - Virtual size: 25.7MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73398fe5caef1d9a6749e740112d1eb5

Headers

DLL Characteristics

File Characteristics

Imports

lua51

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

winmm

ws2_32

oleacc

imm32

iphlpapi

Sections

.text Size: - Virtual size: 8.8MB

.rdata Size: - Virtual size: 397KB

.data Size: - Virtual size: 1.0MB

.<U6 Size: - Virtual size: 3.3MB

.rsrc Size: 6.4MB - Virtual size: 6.4MB

.svmp1 Size: - Virtual size: 14.8MB

.svmp2 Size: 20.0MB - Virtual size: 20.0MB

.svmp3 Size: 1.7MB - Virtual size: 1.7MB

.svmp4 Size: 25.7MB - Virtual size: 25.7MB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: - Virtual size: 8.8MB

.rdata
Size: - Virtual size: 397KB

.data
Size: - Virtual size: 1.0MB

.<U6
Size: - Virtual size: 3.3MB

.rsrc
Size: 6.4MB - Virtual size: 6.4MB

.svmp1
Size: - Virtual size: 14.8MB

.svmp2
Size: 20.0MB - Virtual size: 20.0MB

.svmp3
Size: 1.7MB - Virtual size: 1.7MB

.svmp4
Size: 25.7MB - Virtual size: 25.7MB

.reloc
Size: 22KB - Virtual size: 21KB