blackmoon | f75e36fffd7f5b1c8c5f4f8640d66d763e8c531c1c572af5e2b46918a9fe9636

Sharing

Copy URL Twitter E-mail

General

Target

f75e36fffd7f5b1c8c5f4f8640d66d763e8c531c1c572af5e2b46918a9fe9636
Size

636KB
MD5

26f0bdaae4fdbeac31a79883d15568e9
SHA1

737e53aeb6326b2f5543711b672b413a728e8f26
SHA256

f75e36fffd7f5b1c8c5f4f8640d66d763e8c531c1c572af5e2b46918a9fe9636
SHA512

bf296d39f40c6ec5b083881d88123edd7e25a5af7d42fd96f42256c6525c402fde9bd64e7c7f519e4e225e3c40dce1a7407a8c3291ea69d3da6f0864b7bb864e
SSDEEP

12288:LLUI/8OJXq2pTys0/GyeJZbfqi15klydbX+Li:LLUI/8OJXq2pTV0/vOLd5Gydjj

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f75e36fffd7f5b1c8c5f4f8640d66d763e8c531c1c572af5e2b46918a9fe9636

Files

f75e36fffd7f5b1c8c5f4f8640d66d763e8c531c1c572af5e2b46918a9fe9636
.exe windows:4 windows x86

63922f6a7ff9a0c13219a7223168264e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
CloseHandle
WideCharToMultiByte
SetDllDirectoryA
GetComputerNameExA
RtlMoveMemory
lstrcatA
CreateThread
CreateFileA
GetFileSizeEx
ReadFile
GetProcessHeap
HeapAlloc
HeapFree
MultiByteToWideChar
GetDateFormatA
GetTimeFormatA
Process32First
Process32Next
GetLastError
VirtualAlloc
VirtualFree
RtlZeroMemory
lstrlenW
lstrcmpW
HeapCreate
HeapDestroy
lstrcmpiW
lstrlenA
lstrcmpA
WaitForSingleObject
OpenMutexA
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleA
ExitProcess
HeapReAlloc
IsBadReadPtr
GetProcAddress
GetPrivateProfileStringA
GetModuleFileNameA
WritePrivateProfileStringA
GetUserDefaultLCID
Sleep
GetTickCount
SetFilePointer
OpenProcess
GetLocalTime
CreateDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
CopyFileA
GetEnvironmentVariableA
DeleteFileA
GetFileSize
MoveFileA
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
IsBadWritePtr
RaiseException
GetVersionExA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetVersion
GetStartupInfoA
Module32First
WriteFile
CreateToolhelp32Snapshot
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
GetStringTypeW

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowThreadProcessId
GetSystemMetrics

shlwapi

PathFindFileNameA
PathFileExistsA
StrToIntExW
StrToIntW
PathRemoveBackslashA
PathRemoveFileSpecA

ws2_32

WSAStartup
inet_ntoa
inet_addr
gethostname
WSACleanup
WSAGetLastError

ole32

OleRun
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitialize
CLSIDFromString

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SafeArrayGetElemsize

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

winhttp

WinHttpTimeToSystemTime

iphlpapi

SendARP
GetAdaptersInfo

wininet

InternetCloseHandle
HttpQueryInfoA
InternetSetCookieA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionA

Sections

.text
Size: 528KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

63922f6a7ff9a0c13219a7223168264e

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

ws2_32

ole32

oleaut32

shell32

winhttp

iphlpapi

wininet

Sections

.text Size: 528KB - Virtual size: 525KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 88KB - Virtual size: 153KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 528KB - Virtual size: 525KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 88KB - Virtual size: 153KB

.rsrc
Size: 4KB - Virtual size: 1KB