blackmoon | 9cd80728ddaf8ee48dae78ae4036dad013391c51032443b389288f1b84f85003

Sharing

Copy URL Twitter E-mail

General

Target

9cd80728ddaf8ee48dae78ae4036dad013391c51032443b389288f1b84f85003
Size

4.6MB
MD5

7f76621d3cb7744b714f10ce4f7c279d
SHA1

f78844fea0113bcd18239f9a2d7e675ad7a5d389
SHA256

9cd80728ddaf8ee48dae78ae4036dad013391c51032443b389288f1b84f85003
SHA512

562c413183a362b13d6f5c3d1657c89d1ad400363bc5d404b886b9c094719bb8461b30db5179ceb7297f0318908ce424b14e13b67d0cf5c9ae4f998b5557885e
SSDEEP

98304:piAkTed1DPkD8/13hnTp9Va4tfbXGAEAGMZAw8Y5Is13rrAduYHXfY1U6:pRd1DsD8VBLVk1Q7vGs13rrqHXfY17

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9cd80728ddaf8ee48dae78ae4036dad013391c51032443b389288f1b84f85003

Files

9cd80728ddaf8ee48dae78ae4036dad013391c51032443b389288f1b84f85003
.dll windows:4 windows x86

a7d3d6ad9ad4e544611ab4c8d9e96ba8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

kernel32

CreateThread
TerminateProcess
GetComputerNameA
GlobalMemoryStatusEx
GlobalSize
DeviceIoControl
VirtualProtect
Module32Next
VirtualAlloc
VirtualFree
CreateMutexA
OpenFileMappingA
CreateFileMappingA
OpenEventA
CreateEventA
Sleep
VirtualFreeEx
VirtualAllocEx
CreateWaitableTimerA
SetWaitableTimer
IsDebuggerPresent
GetCurrentProcess
GetVersionExA
GetSystemInfo
IsWow64Process
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
WaitForSingleObject
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetPrivateProfileStringA
GetLocalTime
CreateProcessA
Process32Next
GetTickCount
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
DeleteCriticalSection
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
TerminateThread
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcessId
OpenProcess
CloseHandle
CreateToolhelp32Snapshot
Process32First
GetStartupInfoA

user32

wsprintfA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
CallWindowProcA
GetAsyncKeyState
SetTimer
GetWindowInfo
GetSystemMetrics
SetWindowPos
GetWindowLongA
CreateWindowStationA
GetClassNameA
GetWindowTextA
IsWindowVisible
GetWindowThreadProcessId
MessageBoxA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken

ws2_32

WSAStartup
closesocket
send
recv
getsockname
ntohs
WSAAsyncSelect
select
socket
htons
inet_addr
connect
gethostbyname
WSACleanup

msvcrt

calloc
_stricmp
strncmp
memmove
realloc
strchr
rand
srand
strrchr
modf
_CIfmod
strtod
__CxxFrameHandler
_CIpow
sprintf
atoi
_ftol
??3@YAXPAX@Z
??2@YAPAXI@Z
free
malloc
floor

shell32

ShellExecuteA
SHGetSpecialFolderPathA

Exports

Exports

_��ӳ��
��DLL
��˫��С��
��ȡFPSֵ
ȡ�ӳ��ʵ��ַ
��Ϣѭ��
��ؽ��ģ��RC

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.2MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7d3d6ad9ad4e544611ab4c8d9e96ba8

Headers

File Characteristics

Imports

winmm

kernel32

user32

advapi32

ws2_32

msvcrt

shell32

Exports

Exports

Sections

.text Size: 316KB - Virtual size: 315KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4.2MB - Virtual size: 4.3MB

.rsrc Size: 4KB - Virtual size: 720B

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 316KB - Virtual size: 315KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4.2MB - Virtual size: 4.3MB

.rsrc
Size: 4KB - Virtual size: 720B

.reloc
Size: 20KB - Virtual size: 19KB