Behavioral task
behavioral1
Sample
8e282ab7126a13a2af4986d8f057016d1839377100dd4a2323cd547a9549f838.exe
Resource
win7-20231023-en
General
-
Target
8e282ab7126a13a2af4986d8f057016d1839377100dd4a2323cd547a9549f838
-
Size
458KB
-
MD5
e3e019272a3915f8645b9fc6e49941af
-
SHA1
0ce7fe296f6bcd3f6c88a982c27c7b99308a3cc3
-
SHA256
8e282ab7126a13a2af4986d8f057016d1839377100dd4a2323cd547a9549f838
-
SHA512
985b0372b891ab3c03063d457afa7e4b901e84ca3610ca2c50f6517cba9a6c52b74da3137804c470dc4d43b1cf5bbdfb5bc8d0863475943b03e196c6e834b93b
-
SSDEEP
6144:6cVZxdbTqvhjWvMMsv/qxkgR8fDudr6SESc6pRzFDudr6SESco:6cVHdbTOJWvfsnqOK5EF0Q5EFo
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8e282ab7126a13a2af4986d8f057016d1839377100dd4a2323cd547a9549f838
Files
-
8e282ab7126a13a2af4986d8f057016d1839377100dd4a2323cd547a9549f838.exe windows:4 windows x86
4067bd4c63c344f75c7bcd3601c1c3ca
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
Sleep
GetTickCount
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
ExitProcess
RtlMoveMemory
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleHandleA
LCMapStringA
GetProcessHeap
RtlZeroMemory
LocalSize
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetOEMCP
GetStartupInfoA
GetVersion
InterlockedDecrement
InterlockedIncrement
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
RaiseException
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
SetFilePointer
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetACP
user32
PeekMessageA
MessageBoxA
wsprintfA
DispatchMessageA
GetMessageA
TranslateMessage
shell32
ShellExecuteA
CommandLineToArgvW
iphlpapi
GetIpForwardTable
advapi32
AdjustTokenPrivileges
CreateProcessAsUserA
ws2_32
WSAStartup
oleaut32
VariantTimeToSystemTime
Sections
.text Size: 140KB - Virtual size: 139KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 64KB - Virtual size: 129KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.!rc! Size: 124KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 121KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ