blackmoon | 540962e0aedb844425dd7f943cfc5dbde83e2b25f834badcacb6c9776bce516b

Sharing

Copy URL Twitter E-mail

General

Target

540962e0aedb844425dd7f943cfc5dbde83e2b25f834badcacb6c9776bce516b
Size

272KB
MD5

319f193de469c5ce24f36106a903351d
SHA1

45c250fee64c8d3c3a1672987eedab549ff57eff
SHA256

540962e0aedb844425dd7f943cfc5dbde83e2b25f834badcacb6c9776bce516b
SHA512

8c3a90d6511cfdde685615baafced6ef56a72b4757d04b6647953e8f7b7dcf93d1c07f82915a19445057e0d91776da6f55c4a3b04fa73879c8bc937ecfa44363
SSDEEP

3072:+UMhOe0KWtf7nv52fBQYCEVehxFQFirfCBOEhtefAP3Sb3Iw4gU:+WetWt7naAxFQ0oSNYN

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
540962e0aedb844425dd7f943cfc5dbde83e2b25f834badcacb6c9776bce516b

Files

540962e0aedb844425dd7f943cfc5dbde83e2b25f834badcacb6c9776bce516b
.exe windows x86

15b91279f1a05f40732880a6755b4521

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
CreateWaitableTimerA
SetWaitableTimer
CloseHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTickCount
Beep
GetCurrentProcess
OpenProcess
Wow64DisableWow64FsRedirection
LoadLibraryA
GetProcAddress
Wow64RevertWow64FsRedirection
CreateDirectoryA
MoveFileA
RtlMoveMemory
FreeLibrary
VirtualProtect
lstrcpynA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
GetPrivateProfileStringA
DeleteFileA
ReadFile
GetFileSize
CreateFileA
WriteFile
WritePrivateProfileStringA
GetUserDefaultLCID
SetFileAttributesA
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
LCMapStringA
GetCommandLineA
GetModuleFileNameA
IsBadCodePtr
IsBadReadPtr
MultiByteToWideChar
LocalFree
FlushFileBuffers
SetStdHandle
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
SetFilePointer
RaiseException
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetLastError
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetVersion
RtlUnwind
InterlockedDecrement
LocalAlloc
lstrlenW
IsDebuggerPresent
InterlockedIncrement
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStartupInfoA

user32

MsgWaitForMultipleObjects
GetAsyncKeyState
FindWindowExA
IsWindowVisible
GetWindowThreadProcessId
GetParent
GetClassNameA
GetWindowTextLengthW
GetWindowTextW
ClientToScreen
GetClientRect
mouse_event
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA

ole32

CLSIDFromProgID
CLSIDFromString
OleRun
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpSetCredentials
WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpQueryHeaders

oleaut32

VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
SysFreeString

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

shlwapi

PathFileExistsA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

15b91279f1a05f40732880a6755b4521

Headers

File Characteristics

Imports

kernel32

user32

ole32

winhttp

oleaut32

wininet

shlwapi

shell32

Sections

.text Size: 180KB - Virtual size: 176KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 76KB - Virtual size: 164KB

.rsrc Size: 4KB - Virtual size: 848B

.text
Size: 180KB - Virtual size: 176KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 76KB - Virtual size: 164KB

.rsrc
Size: 4KB - Virtual size: 848B