Behavioral task
behavioral1
Sample
3dbc4de9574999533f1a135d768aa01f5a101f449feb4d061eefc398bf7b164c.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
3dbc4de9574999533f1a135d768aa01f5a101f449feb4d061eefc398bf7b164c.exe
Resource
win10v2004-20230915-en
General
-
Target
3dbc4de9574999533f1a135d768aa01f5a101f449feb4d061eefc398bf7b164c
-
Size
1.4MB
-
MD5
2bba5b69c56fb750c1de5a04fec8b57c
-
SHA1
e1257d768185872b2c1866aaca84550009f27640
-
SHA256
3dbc4de9574999533f1a135d768aa01f5a101f449feb4d061eefc398bf7b164c
-
SHA512
4c545a7d39ed036346fe4088cb9cdc7213cb35c3aa19611c1f42f71d5a87b2ea54f2186d185ed1463be7e5b2c69c94dff60cc2ad254b446e1c7cdd6802b18abf
-
SSDEEP
24576:hkNnhIKoh4U7aQ/hCAjGaQLfoOYM229g4pZ9gwbcf81O1aPuc6pYInObiLi0:szoh4U7aQ/9jeLftYZ29g4pZ9gY8C56v
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3dbc4de9574999533f1a135d768aa01f5a101f449feb4d061eefc398bf7b164c
Files
-
3dbc4de9574999533f1a135d768aa01f5a101f449feb4d061eefc398bf7b164c.exe windows:4 windows x86
20e1b547dd30eee9e44f963d092bf535
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleFileNameA
VirtualProtectEx
WriteProcessMemory
ResumeThread
GetThreadContext
GetThreadSelectorEntry
ReadProcessMemory
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetProcAddress
CloseHandle
WriteFile
CreateFileA
Sleep
GetStartupInfoA
GetCommandLineA
FreeLibrary
LCMapStringA
LoadLibraryA
DuplicateHandle
GetCurrentProcess
CreateProcessA
GetExitCodeThread
GetTickCount
WaitForSingleObject
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetVersion
RtlUnwind
InterlockedDecrement
InterlockedIncrement
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
SetFilePointer
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
FlushFileBuffers
user32
DispatchMessageA
TranslateMessage
wsprintfA
MessageBoxA
GetWindowThreadProcessId
FindWindowA
GetMessageA
PeekMessageA
shell32
SHGetSpecialFolderPathA
Sections
.text Size: 76KB - Virtual size: 73KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.3MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 652B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ