blackmoon | 30acb3a014137a87044baa5a1ec2d2c6639d8c4da52ef6787c8aeb147ec7b4d6

Sharing

Copy URL Twitter E-mail

General

Target

30acb3a014137a87044baa5a1ec2d2c6639d8c4da52ef6787c8aeb147ec7b4d6
Size

378KB
MD5

aece256f39d0db40aae3808c41cc2594
SHA1

d9c44a2d5470219b0c64060f379f8d7a3ab9e60b
SHA256

30acb3a014137a87044baa5a1ec2d2c6639d8c4da52ef6787c8aeb147ec7b4d6
SHA512

64ee866bd56bc180fb418922f648843c7ca664a505f09734f7191058f52a1831056bee0ddc2257a556f8792df4a7be1431d27ef2c8063f9bd1e9f50682ef11dc
SSDEEP

6144:8bj4gavmFyAZx8nMUEdP/C8qyoawtZ8sg5gOin:8bj4gavmFy70aas2TZ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30acb3a014137a87044baa5a1ec2d2c6639d8c4da52ef6787c8aeb147ec7b4d6

Files

30acb3a014137a87044baa5a1ec2d2c6639d8c4da52ef6787c8aeb147ec7b4d6
.dll windows x86

74497d8c7ec7cb9634faeea660e9982d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

Process32First
Process32Next
Module32First
GetProcessHeap
RtlMoveMemory
HeapAlloc
InterlockedIncrement
InterlockedDecrement
RtlZeroMemory
HeapFree
HeapDestroy
MultiByteToWideChar
lstrlenW
lstrcmpW
WideCharToMultiByte
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
GetModuleHandleA
VirtualProtectEx
HeapReAlloc
HeapSize
HeapWalk
HeapLock
HeapUnlock
HeapCompact
CreateToolhelp32Snapshot
CreateWaitableTimerA
CreateProcessW
PeekNamedPipe
ReadFile
GetExitCodeProcess
Sleep
ExitProcess
IsBadReadPtr
GetModuleFileNameA
GetPrivateProfileStringA
GetUserDefaultLCID
FormatMessageA
GetTickCount
GetVersionExA
GetCommandLineA
FreeLibrary
LCMapStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadCodePtr
HeapValidate
SetWaitableTimer
VirtualQueryEx
ReadProcessMemory
lstrcpyn
GetProcAddress
LoadLibraryA
CloseHandle
WriteProcessMemory
OpenProcess
GetCurrentProcess
LocalFree
LocalAlloc
HeapCreate
CreateThread
CreatePipe

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
WaitForInputIdle
GetWindowThreadProcessId
GetClassNameA
EnumDisplayDevicesW
EnumDisplaySettingsW
CallWindowProcA
MsgWaitForMultipleObjects
SetWindowTextA
MessageBoxTimeoutA
EnumWindows
GetWindowTextA
IsWindowVisible

advapi32

RegOpenKeyA
RegEnumKeyA
RegCreateKeyA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegFlushKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey

ole32

CLSIDFromString
CoUninitialize
CoInitialize
CLSIDFromProgID
OleRun
CoCreateInstance

shlwapi

StrToIntW
PathFileExistsA
StrToIntExW

msvcrt

strncmp
_stricmp
memmove
modf
realloc
__CxxFrameHandler
_atoi64
strtod
_CIfmod
??3@YAXPAX@Z
??2@YAPAXI@Z
sprintf
strncpy
atoi
_ftol
strrchr
_CIpow
strchr
free
malloc
srand
rand

oleaut32

VariantCopy
VariantClear
SysAllocString
SafeArrayCreate
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayDestroy

Exports

Exports

_��ӳ��

Sections

.text
Size: 301KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

74497d8c7ec7cb9634faeea660e9982d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shlwapi

msvcrt

oleaut32

Exports

Exports

Sections

.text Size: 301KB - Virtual size: 304KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 51KB - Virtual size: 116KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 11KB - Virtual size: 12KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.text
Size: 301KB - Virtual size: 304KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 51KB - Virtual size: 116KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 11KB - Virtual size: 12KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB