blackmoon | 3985a8325ec0d23342edb5542621ef5d3147bf3a6408532bb4e91d82878e40ac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3985a8325ec0d23342edb5542621ef5d3147bf3a6408532bb4e91d82878e40ac
Size

802KB
MD5

0166e270eb2bbf90cf177c57cc990829
SHA1

82cb3bbdcc3f79e9fa177637ea11c6558caed4c4
SHA256

3985a8325ec0d23342edb5542621ef5d3147bf3a6408532bb4e91d82878e40ac
SHA512

435336d8af6f5d58e2c59f4f976087226ffc25a287af846dc249eaa44f1626a0224519a3bd27a817ecc0292175399fe6b887b29293b5b28bec68013da365f2fe
SSDEEP

12288:fcXV2WNubjEwc9lSAA8Kthn0DjrDoLd+yILnR:Ul9AbjcTS18whnSHELd+ymnR

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3985a8325ec0d23342edb5542621ef5d3147bf3a6408532bb4e91d82878e40ac

Files

3985a8325ec0d23342edb5542621ef5d3147bf3a6408532bb4e91d82878e40ac
.exe windows:4 windows x86

046690072814a1f979f9fc50af3338a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
CloseHandle
WriteFile
CreateFileA
ExitProcess
Sleep
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetTickCount
GetProcessHeap

user32

GetMessageA
TranslateMessage
DispatchMessageA
GetSystemMetrics
wsprintfA
MessageBoxA
SetLayeredWindowAttributes
SetWindowPos
MoveWindow
GetWindowTextA
GetWindowTextLengthA
PeekMessageA

msvcrt

sprintf
strrchr
_ftol
strchr
atoi
modf

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 782KB - Virtual size: 795KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ