blackmoon | c66fb6f8aeef512ddc52f4b1a73d8633b927de4510615f7ba950b08a7f0f7a4b

Sharing

Copy URL Twitter E-mail

General

Target

c66fb6f8aeef512ddc52f4b1a73d8633b927de4510615f7ba950b08a7f0f7a4b
Size

244KB
MD5

03beae1a18bdd17f42b328b3455cf580
SHA1

c03460add419bca34fa4b5589cb4bf590b64e1c9
SHA256

c66fb6f8aeef512ddc52f4b1a73d8633b927de4510615f7ba950b08a7f0f7a4b
SHA512

fcba9cb24089d03c023db6cc00fb352650c98b61e3b55afe67407756317caf3a72349b54fad223ed6254d412398259e45c18d940b2cdb0dc441cdd1a5ba0aedc
SSDEEP

3072:uhe2BNgPZ4K8BRdQF2MgWfXTEYjVOK04JOJ+tIcuvUjW:uhe2BNgPZVGRdQF2Mzjk5D

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c66fb6f8aeef512ddc52f4b1a73d8633b927de4510615f7ba950b08a7f0f7a4b

Files

c66fb6f8aeef512ddc52f4b1a73d8633b927de4510615f7ba950b08a7f0f7a4b
.exe windows:4 windows x86

9e5013ba2582faab8f8f0fe5d59fb225

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
LocalAlloc
LocalFree
lstrcpyn
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GetSystemTimeAsFileTime
HeapFree
lstrlenA
RtlZeroMemory
lstrcmpW
lstrcmpiW
GetModuleHandleA
ExitProcess
HeapReAlloc
IsBadReadPtr
GetProcessHeap
GetModuleFileNameA
GetCommandLineA
FreeLibrary
LCMapStringA
RtlMoveMemory
SetWaitableTimer
CreateWaitableTimerA
lstrcpynA
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc
CloseHandle
VirtualQueryEx
GetTickCount
GetCurrentProcess
FlushFileBuffers
SetStdHandle
GetStartupInfoA
GetVersion
RtlUnwind
InterlockedDecrement
InterlockedIncrement
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
WriteFile
RaiseException
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr

user32

MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA

advapi32

CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptGetKeyParam
CryptAcquireContextA
CryptSetKeyParam
CryptDecrypt
CryptReleaseContext

shlwapi

StrToIntExW
PathFileExistsA
StrToIntW

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e5013ba2582faab8f8f0fe5d59fb225

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

Sections

.text Size: 196KB - Virtual size: 192KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 32KB - Virtual size: 94KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 196KB - Virtual size: 192KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 32KB - Virtual size: 94KB

.rsrc
Size: 4KB - Virtual size: 664B