blackmoon | cf84c085ce3e1fd6ed466a6a304925b00b6cdc39726496951edc9a32a022c69f

Sharing

Copy URL

Twitter E-mail

General

Target

cf84c085ce3e1fd6ed466a6a304925b00b6cdc39726496951edc9a32a022c69f
Size

88KB
MD5

057bbf911537293c023c0028f5afbf7f
SHA1

92a8aedc34c74e111cd4c5e7deeb9ab59d40195d
SHA256

cf84c085ce3e1fd6ed466a6a304925b00b6cdc39726496951edc9a32a022c69f
SHA512

3adb1afcddc68ad4425ddcfecb34859e386ca1df5db6ce67212ae2bc2f66f0be76669ad2177fea36d8e016729fc0f75a25fb3596039279387b4e0a32cd15ae89
SSDEEP

1536:kzvU3JEW4UcBWdLbfe5Jhv5yT6k4Gey+WYCkYb9zW7oOC:kzvgEW4JRNWS2b9zMo7

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf84c085ce3e1fd6ed466a6a304925b00b6cdc39726496951edc9a32a022c69f

Files

cf84c085ce3e1fd6ed466a6a304925b00b6cdc39726496951edc9a32a022c69f
.exe windows:4 windows x86

c965acf7e6c3f781ec345954e5d967e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
CopyFileA
GetModuleHandleA
GetFileSize
CreateFileA
GetTickCount
WriteFile
GetCommandLineA
GetProcessHeap
LocalSize
Process32Next
CloseHandle
Process32First
ReadFile
CreateToolhelp32Snapshot
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
GetStartupInfoA
GetVersion
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
GetProcAddress
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadCodePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers

user32

TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetMessageA
PeekMessageA

shell32

SHGetSpecialFolderPathA
ShellExecuteEx

gdiplus

GdiplusStartup

shlwapi

PathFileExistsA

Sections

bacdi
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

1h1I8g
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

5Ke4f
Size: 16KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6LE19
Size: 4KB - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c965acf7e6c3f781ec345954e5d967e2

Headers

File Characteristics

Imports

kernel32

user32

shell32

gdiplus

shlwapi

Sections

bacdi Size: 56KB - Virtual size: 53KB

1h1I8g Size: 8KB - Virtual size: 4KB

5Ke4f Size: 16KB - Virtual size: 93KB

6LE19 Size: 4KB - Virtual size: 732B

bacdi
Size: 56KB - Virtual size: 53KB

1h1I8g
Size: 8KB - Virtual size: 4KB

5Ke4f
Size: 16KB - Virtual size: 93KB

6LE19
Size: 4KB - Virtual size: 732B