blackmoon | be88135f66f1323086f490539b90fc77b37376542d1971d757617d640f0552c0

Sharing

Copy URL

Twitter E-mail

General

Target

be88135f66f1323086f490539b90fc77b37376542d1971d757617d640f0552c0
Size

2.1MB
MD5

48a433d2ae2e526c56ed26c884bb2f32
SHA1

dfb971ea19d2047909664684b3e11c09f1f7d767
SHA256

be88135f66f1323086f490539b90fc77b37376542d1971d757617d640f0552c0
SHA512

85ed2912f3951bfd19e3c47fe2276b6febb985d974bfa0e315d0ec031af0be5ecc06a9b990325c8ae7ae31dba9d97144446400fbfa344fa4fcd4f5fd87326742
SSDEEP

24576:UsCPyeqfStJJwFOBCgTvBnO912Wn0tEzZeM+r9EywwPoIB9ryxW3gcShh2gozG0Z:Us+TE1D0QeM+rZwwxLr+c6h2Jve+

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be88135f66f1323086f490539b90fc77b37376542d1971d757617d640f0552c0

Files

be88135f66f1323086f490539b90fc77b37376542d1971d757617d640f0552c0
.dll windows:4 windows x86

391df72ec7416269e9bff5e8f7ae3c9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA

ws2_32

inet_ntoa

user32

SetWindowPos

iphlpapi

SendARP

shlwapi

PathFileExistsA

gdi32

TextOutA

advapi32

RegOpenKeyA

ole32

CoSetProxyBlanket

psapi

GetProcessImageFileNameW

oleaut32

VariantCopy

winspool.drv

OpenPrinterA

shell32

SHGetSpecialFolderPathA

comctl32

ord17

wininet

InternetCanonicalizeUrlA

rasapi32

RasHangUpA

msvcrt

__dllonexit

Exports

Exports

DllCanUnloadNow_m
DllGetClassObject_m
DllRegisterServer_m
DllUnregisterServer_m
OleCreateFontIndirect_m
OleCreatePictureIndirect_m
OleCreatePropertyFrameIndirect_m
OleCreatePropertyFrame_m
OleIconToCursor_m
OleLoadPicture_m
OleTranslateColor_m
��_��CE

Sections

.text
Size: 688KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

391df72ec7416269e9bff5e8f7ae3c9f

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

iphlpapi

shlwapi

gdi32

advapi32

ole32

psapi

oleaut32

winspool.drv

shell32

comctl32

wininet

rasapi32

msvcrt

Exports

Exports

Sections

.text Size: 688KB - Virtual size: 688KB

.sedata Size: 1.4MB - Virtual size: 1.4MB

.idata Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 688KB - Virtual size: 688KB

.sedata
Size: 1.4MB - Virtual size: 1.4MB

.idata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB