blackmoon | 36147a08e7a76828c8a28e3d729a850703be515ea0d10051aa6a8692eee53bc7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36147a08e7a76828c8a28e3d729a850703be515ea0d10051aa6a8692eee53bc7
Size

315KB
MD5

1cda661ce1b21ddfce4627f2639f5a13
SHA1

cb73ae90a719ca41312d714c85e349acbb6f4fa4
SHA256

36147a08e7a76828c8a28e3d729a850703be515ea0d10051aa6a8692eee53bc7
SHA512

7f88ba1c51ea2ee6ee062bd7600d8648282213501e51953bbda6f3fde8c9c6bc131e4f947bebb6e16db22b95d81aca357c6b44ae4043256361f07e2ab0232481
SSDEEP

6144:5HLEtvSKGkHMnTYxPbLZC4Bwjz1gjHjv9Q/08wPb97fyJ7:5HglSKGkHMnTYxPbLZC4XjT9Q/A97fyN

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36147a08e7a76828c8a28e3d729a850703be515ea0d10051aa6a8692eee53bc7

Files

36147a08e7a76828c8a28e3d729a850703be515ea0d10051aa6a8692eee53bc7
.exe windows:4 windows x86

ad1b2a00ce393648beb7b7d3755a7752

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
MessageBoxA
GetWindowThreadProcessId

kernel32

CopyFileA
LoadLibraryA
GetProcAddress
FreeLibrary
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA

msvcrt

modf
_ftol
free
malloc
sprintf
strchr
atoi
realloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ