blackmoon | 2629f73dfb9ed31fa11519b57e1366842f260ec311b20f615a703769e625afef

Sharing

Copy URL Twitter E-mail

General

Target

2629f73dfb9ed31fa11519b57e1366842f260ec311b20f615a703769e625afef
Size

104KB
MD5

eb436bcc49cbf7493cb13716f4dc1cc5
SHA1

35803e704f142e03fbd74c89684100b907fe4760
SHA256

2629f73dfb9ed31fa11519b57e1366842f260ec311b20f615a703769e625afef
SHA512

e3fcfaffd8c72863d041bcc1e49b8e458fa8f353b2d68478747883b9d9a459507391d17d40f5aa939ec2c69007bcf5dc73171103a56f1b2ddbb626e0aa22d6ff
SSDEEP

3072:pWoRUt2Q4M+s3lCoJFBZ8UBRF8WJOktdJ:pWZlCoJFBZ8UBRka

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2629f73dfb9ed31fa11519b57e1366842f260ec311b20f615a703769e625afef

Files

2629f73dfb9ed31fa11519b57e1366842f260ec311b20f615a703769e625afef
.dll windows:4 windows x86

3176fe0991a975d63753ac15a9dfefb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetProcAddress
GetUserDefaultLCID
lstrlenW
GetCommandLineA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
LCMapStringA
DeleteCriticalSection
CreateThread
CloseHandle
GetTickCount
MultiByteToWideChar
RtlMoveMemory

iphlpapi

SendARP
IcmpCreateFile

ws2_32

WSACleanup
gethostbyname
inet_addr
WSAStartup

ole32

CLSIDFromProgID
CLSIDFromString
CoUninitialize
OleRun
CoCreateInstance
CoInitialize

winhttp

WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest

msvcrt

realloc
malloc
strstr
free
strrchr
_CIfmod
atoi
_ftol
strtod
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
_stricmp

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA

oleaut32

VariantTimeToSystemTime
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

Exports

Exports

SW_GetError
SW_GetIPPort
SW_GetIPPort2
SW_GetIPPower
SW_GetPoePortState
SW_GetPortState
SW_IPGetMac
SW_RestartPoePort
SW_SetConf
SW_help

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3176fe0991a975d63753ac15a9dfefb7

Headers

File Characteristics

Imports

kernel32

iphlpapi

ws2_32

ole32

winhttp

msvcrt

user32

oleaut32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 78KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 68KB

.rsrc Size: 4KB - Virtual size: 716B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 80KB - Virtual size: 78KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 68KB

.rsrc
Size: 4KB - Virtual size: 716B

.reloc
Size: 4KB - Virtual size: 3KB