blackmoon | 964ef8be83ddaab43cff9bfb266c0a4ea93a10a57090d73b0b2c6062c80ab2be

Sharing

Copy URL

Twitter E-mail

General

Target

964ef8be83ddaab43cff9bfb266c0a4ea93a10a57090d73b0b2c6062c80ab2be
Size

500KB
MD5

15fbaa436c853934fd4e7a266d53061d
SHA1

3250f8e8c03322ecd3d6c51b6460e3af642a72b2
SHA256

964ef8be83ddaab43cff9bfb266c0a4ea93a10a57090d73b0b2c6062c80ab2be
SHA512

13a91a935fd41941358c19b740758b8c056cb6228d9b6d905da42e1e5208c3778e595d509c87c64e5d22deba17f4ab68e83426e655130811959155093bd8c945
SSDEEP

12288:BiuLRa6DFpzAZ0f227yI0TrBU48XCNIGTW2:BiILhp08227yXrB78g/T

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
964ef8be83ddaab43cff9bfb266c0a4ea93a10a57090d73b0b2c6062c80ab2be

Files

964ef8be83ddaab43cff9bfb266c0a4ea93a10a57090d73b0b2c6062c80ab2be
.dll windows:4 windows x86

807a4e92d2b0ebe1d27c6e7464c8348c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
lstrlenW
WideCharToMultiByte
VirtualQueryEx
MultiByteToWideChar
GetLocalTime
VirtualAlloc
RtlMoveMemory
GetProcessHeap
HeapFree
HeapAlloc
VirtualFree
RtlZeroMemory
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
LocalAlloc
LocalFree
lstrcpyn
GetModuleHandleA
ExitProcess
HeapReAlloc
IsBadReadPtr
GetModuleFileNameA
WriteFile
CreateFileA
SetWaitableTimer
GetFileSize
SetFilePointer
GetUserDefaultLCID
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
CreateWaitableTimerA
Process32Next
CloseHandle
Process32First
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
CreateToolhelp32Snapshot
ReadFile
CreateThread
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
RaiseException
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
TerminateProcess
RtlUnwind
InterlockedIncrement
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
GetVersion
InterlockedDecrement

user32

MsgWaitForMultipleObjects
MessageBoxA
wsprintfA
DispatchMessageA
PeekMessageA
GetMessageA
TranslateMessage

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize

wininet

InternetConnectA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
InternetCloseHandle
InternetOpenA

shlwapi

PathFileExistsA

oleaut32

VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

shell32

SHGetSpecialFolderPathA

Exports

Exports

int

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 332KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

807a4e92d2b0ebe1d27c6e7464c8348c

Headers

File Characteristics

Imports

kernel32

user32

ole32

wininet

shlwapi

oleaut32

shell32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 136KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 332KB - Virtual size: 407KB

.rsrc Size: 4KB - Virtual size: 612B

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 140KB - Virtual size: 136KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 332KB - Virtual size: 407KB

.rsrc
Size: 4KB - Virtual size: 612B

.reloc
Size: 12KB - Virtual size: 8KB