blackmoon | 2ad309fd9af6e5be4f11a4ac8cbe7964587e7204be04caa9dec97693bef7bb05

Sharing

Copy URL Twitter E-mail

General

Target

2ad309fd9af6e5be4f11a4ac8cbe7964587e7204be04caa9dec97693bef7bb05
Size

8.6MB
MD5

d5131d0f5761036116f4f3b79c362f4e
SHA1

c863a1b0e062766e398678ac9bff318b8584ca70
SHA256

2ad309fd9af6e5be4f11a4ac8cbe7964587e7204be04caa9dec97693bef7bb05
SHA512

768fd30fcc6dbd4fca511995fd6b5b444598dfc117451fcdca615fe487e7765d41dc95b605c25a5b90e826d06fa826c99659b67aec47149d8e641c292189c6bc
SSDEEP

196608:Fy2AYAGswL7Owe4tv3AIClHrOraNKeCDQ7FwZFdi4qKjAfKx7:ZAk7OwHoIasaCD0FxSB

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/arma3X炸服工具.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/arma3X炸服工具.exe

Files

2ad309fd9af6e5be4f11a4ac8cbe7964587e7204be04caa9dec97693bef7bb05
.zip
arma3X炸服工具.exe
.exe windows:5 windows x86

3e25982a745b6e08826ed5233fcced68

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetForegroundWindow
CharUpperBuffW

gdi32

ExtSelectClipRgn

winmm

waveOutGetNumDevs

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

ole32

CLSIDFromString

oleaut32

UnRegisterTypeLi

comctl32

ord17

ws2_32

WSACleanup

comdlg32

GetFileTitleA

Sections

Size: 808KB - Virtual size: 806KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 100KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 450KB - Virtual size: 450KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e25982a745b6e08826ed5233fcced68

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

Size: 808KB - Virtual size: 806KB

Size: 136KB - Virtual size: 132KB

Size: 100KB - Virtual size: 315KB

Size: 32KB - Virtual size: 29KB

Size: 450KB - Virtual size: 450KB

Size: 5.9MB - Virtual size: 5.9MB

Size: 4KB - Virtual size: 2KB

Size: 2.3MB - Virtual size: 2.3MB

Size: 32KB - Virtual size: 30KB