blackmoon | 9417cc4c366262ea2738214689ecc28c9788f1293e6fe710658bed5a2909a250 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9417cc4c366262ea2738214689ecc28c9788f1293e6fe710658bed5a2909a250
Size

194KB
MD5

55d4baf182ab4c653c2632ae6071ff15
SHA1

b9637a5301345a5dee7a6bcdcad2723c8f9c3a38
SHA256

9417cc4c366262ea2738214689ecc28c9788f1293e6fe710658bed5a2909a250
SHA512

9997f5b6a981cd2bd14bcb5825e73e9f93585cfe9d3b88a8cccb58b94392a055c2ed0096a9860b45823d6675d5b2b344a48ea314dd518ed7021f4876dbbfd48f
SSDEEP

768:h9/sY1EWyGZNuc5zWaknfg/YdrxiWyV5i0l7G8xP8dwsbpLaccccccJwZLw9wGcR:niGpifgALJS597udVbpHiy

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9417cc4c366262ea2738214689ecc28c9788f1293e6fe710658bed5a2909a250

Files

9417cc4c366262ea2738214689ecc28c9788f1293e6fe710658bed5a2909a250
.exe windows:4 windows x86

098048309e69e8ad334793f96c1b1b23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
CloseHandle
WaitForSingleObject
GetModuleHandleA
GetStartupInfoA
WriteFile
CreateFileA
DeleteFileA
GetCommandLineA
GetModuleFileNameA
GetTickCount
GetProcessHeap
CreateProcessA
lstrcpyn

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA

msvcrt

calloc
sprintf
strrchr
_ftol
modf
malloc
free

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ