blackmoon | b03ac4a1521564c3a2f25e7d5a2cb70bef76c4be5ad8dc5362784672d501dd95

General

Target

b03ac4a1521564c3a2f25e7d5a2cb70bef76c4be5ad8dc5362784672d501dd95
Size

108KB
MD5

f03980d16d673465a1ec86fe4f7d55a9
SHA1

5c538261ffb5f6a30f2d70378e71cc9fc4a5708d
SHA256

b03ac4a1521564c3a2f25e7d5a2cb70bef76c4be5ad8dc5362784672d501dd95
SHA512

aa07483316c647eeaf26928e90409c3ce0edee093ffc62345c297c1d7f75e70d5faf160ffa4a81941ad5d0f7d81848c0aa61fee392949dbc9c4d7cf122e87712
SSDEEP

1536:Cxj9Ujflu84dTG4akWCX20FMRCwOKUqR8VlEn7pwttJS5973:s9Kl1MakSRNReE7+ttJQ9D

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b03ac4a1521564c3a2f25e7d5a2cb70bef76c4be5ad8dc5362784672d501dd95

Files

b03ac4a1521564c3a2f25e7d5a2cb70bef76c4be5ad8dc5362784672d501dd95
.exe windows:4 windows x86

3aeb39093a2e1921fa60389678915b35

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
CloseHandle
WaitForSingleObject
CreateProcessA
GetStartupInfoA
WriteFile
GetModuleHandleA
DeleteFileA
GetCommandLineA
GetModuleFileNameA
IsBadCodePtr
GetProcessHeap
CreateFileA
lstrcpyn
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetTickCount
GetVersion
InterlockedDecrement
InterlockedIncrement
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
GetProcAddress
RaiseException
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
FlushFileBuffers

user32

MessageBoxA
wsprintfA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3aeb39093a2e1921fa60389678915b35

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 32KB - Virtual size: 49KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 32KB - Virtual size: 49KB

.rsrc
Size: 4KB - Virtual size: 664B