blackmoon | 2e550f79ddbfbf9d2f6b4a20d41af18101d2053143998436406f0c9dc2aad88b

Sharing

Copy URL Twitter E-mail

General

Target

2e550f79ddbfbf9d2f6b4a20d41af18101d2053143998436406f0c9dc2aad88b
Size

2.1MB
MD5

a3909d7352f414390c96d502a4c42ac9
SHA1

1c1365dbdb15a370498623b4b1f65afb40fd128c
SHA256

2e550f79ddbfbf9d2f6b4a20d41af18101d2053143998436406f0c9dc2aad88b
SHA512

d0a7a6a3b52a08c62efb8857bc7a1e531d3ca4963e3af817a424f471c01d593d4349dc7c5cba12b2b881906a4428127d990d581a6d3438980909fdf94edf2596
SSDEEP

24576:tUYTXjW4CEKal5hW9FO5hFwsn1tb39JWtIobX89uOaDimT1F58VdgsuWjcoijvsO:HCEKEQIvufRoGpRjIf3MtUi

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e550f79ddbfbf9d2f6b4a20d41af18101d2053143998436406f0c9dc2aad88b

Files

2e550f79ddbfbf9d2f6b4a20d41af18101d2053143998436406f0c9dc2aad88b
.exe windows:4 windows x86

dcfec35f4cfb0627cce23cb7078c6460

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
WriteFile
CloseHandle
IsBadReadPtr
GetCommandLineA
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleFileNameA
FreeLibrary
LCMapStringA
LoadLibraryA
GetProcAddress
HeapFree
GetModuleHandleA
GetProcessHeap
lstrcatA
MulDiv
lstrcpyA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
VirtualProtect
Sleep

user32

GetSysColor
LoadBitmapA
RegisterHotKey
ReleaseCapture
ScreenToClient
SendMessageA
SetCapture
SetWindowLongA
UnregisterHotKey
GetDC
GetWindowThreadProcessId
GetClientRect
MessageBoxA
GetCursorPos
CreateWindowExA
CallWindowProcA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
FindWindowA

shlwapi

PathFileExistsA

gdi32

DeleteObject
GetDeviceCaps
TranslateCharsetInfo
CreateFontA

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

msvcrt

calloc
__CxxFrameHandler
strncmp
memmove
??3@YAXPAX@Z
malloc
free
modf
strchr
_ftol
atoi
sprintf
strrchr

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderPathA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcfec35f4cfb0627cce23cb7078c6460

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

gdi32

wininet

msvcrt

shell32

comctl32

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 1024B - Virtual size: 664B

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 1024B - Virtual size: 664B