blackmoon | 1677a5b783e3f815b9cad416eb91b0e86daf8cbb0abad351844cee9f175629a2

Sharing

Copy URL Twitter E-mail

General

Target

1677a5b783e3f815b9cad416eb91b0e86daf8cbb0abad351844cee9f175629a2
Size

739KB
MD5

5ca692f42e8fb9ada2c7d1dd8a90d7bd
SHA1

7bbbf129040b71e1fbb1453f5855861db63679a8
SHA256

1677a5b783e3f815b9cad416eb91b0e86daf8cbb0abad351844cee9f175629a2
SHA512

416e76fb2a9ede12e67d526d6ce95cc617c839ab349a922fde56771dfdd4c0b5096aa5c6d9b6562838a8576cc024a1bad3ff3071e50d7458abe61ec96c8d6f40
SSDEEP

12288:I6rLm0E3g6SZlBgMUxMv/dftTAcUHuL2tqdhnQAGDPk11fGZqSqQERd89ZDCxX:drL5b6SZLthvVtXKvtqdhQ3811f2NqQi

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1677a5b783e3f815b9cad416eb91b0e86daf8cbb0abad351844cee9f175629a2

Files

1677a5b783e3f815b9cad416eb91b0e86daf8cbb0abad351844cee9f175629a2
.exe windows:4 windows x86

b2b751f89630d3e1cc043f24f0c43ed0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
ReadProcessMemory
CreateRemoteThread
DebugActiveProcess
WaitForDebugEvent
ContinueDebugEvent
DebugActiveProcessStop
GetLogicalDriveStringsA
QueryDosDeviceA
GetCurrentProcessId
GetVersionExA
GetCurrentProcess
IsWow64Process
GetTempPathA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetProcAddress
GetSystemDirectoryA
WritePrivateProfileStringA
GetModuleFileNameA
CloseHandle
ReadFile
GetFileSize
CreateFileA
DeleteFileA
SetFilePointer
WriteFile
GetTickCount
MulDiv
GetDiskFreeSpaceA
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetTempFileNameA
VirtualAllocEx
CopyFileA
OutputDebugStringA
CreateProcessA
GetWindowsDirectoryA
GetPrivateProfileStringA
GetStartupInfoA

user32

wsprintfA
MessageBoxA
RegisterWindowMessageA
MsgWaitForMultipleObjects
TranslateMessage
GetMessageA
PeekMessageA
DispatchMessageA

shlwapi

PathFindFileNameA
PathFileExistsA

msvcrt

_stricmp
??3@YAXPAX@Z
??2@YAPAXI@Z
sprintf
atoi
_ftol
_CIfmod
floor
free
srand
strrchr
strchr
realloc
malloc
strstr

oleaut32

VariantTimeToSystemTime

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmps0
Size: 623KB - Virtual size: 623KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2b751f89630d3e1cc043f24f0c43ed0

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

msvcrt

oleaut32

shell32

Sections

.text Size: 106KB - Virtual size: 105KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 5KB - Virtual size: 78KB

.vmps0 Size: 623KB - Virtual size: 623KB

.rsrc Size: 1024B - Virtual size: 668B

.text
Size: 106KB - Virtual size: 105KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 78KB

.vmps0
Size: 623KB - Virtual size: 623KB

.rsrc
Size: 1024B - Virtual size: 668B