blackmoon | 局域网复制 xx[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

局域网复制 xx.exe
Size

240KB
MD5

6284fc2948caee174a9f3ef63a3b710b
SHA1

5273f42de4e14b7457754eb868de05e3b821d4fe
SHA256

61ccdf8cdc2229f2c43c8e51bc1be36a67cd7c071f20c30ca525b9a159b606b5
SHA512

590994b4134a5fa329a7f4fecdb6ca4e9770b52409582a68191723d5374715657c1c3a37cc6d949fcc22b901a61a484a98a07d3dc2211851d72e29da011b85b7
SSDEEP

6144:1B8pRFGJSRSs7/62JE4FgORTy2wCB20E/wcFwDKMiD9HRI:1CpawD69Hq

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
局域网复制 xx.exe

Files

局域网复制 xx.exe
.exe windows:4 windows x86 arch:x86

cf06f5ca6cface45fea69971d742e72c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlMoveMemory
InterlockedExchangeAdd
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
SetFileTime
WriteFile
InterlockedIncrement
GlobalFree
GetLongPathNameA
GetFileTime
GetFileSizeEx
ReadFile
QueryPerformanceFrequency
GetProcessHeap
CreateTimerQueue
InitializeCriticalSection
lstrlenA
lstrcmpA
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
InterlockedDecrement
VirtualAlloc
VirtualFree
DeleteTimerQueueEx
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GlobalLock
GlobalSize
GlobalUnlock
EnterCriticalSection
CreateIoCompletionPort
LeaveCriticalSection
ReadDirectoryChangesW
GetQueuedCompletionStatus
ExitProcess
HeapReAlloc
IsBadReadPtr
GetModuleFileNameA
GetTickCount
Sleep
CreateDirectoryA
GetEnvironmentVariableA
DeleteFileA
FindNextFileA
FindFirstFileA
FindClose
MultiByteToWideChar
GetUserDefaultLCID
GetModuleHandleA
GetCommandLineA
FreeLibrary
LCMapStringA
FlushFileBuffers
SetStdHandle
LCMapStringW
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
SetFilePointer
GetOEMCP
GetACP
GetCPInfo
RaiseException
IsBadWritePtr
GetVersionExA
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetVersion
CreateThread
CloseHandle
DeviceIoControl
CreateFileA
WideCharToMultiByte
GlobalAlloc
GetStartupInfoA
GetProcAddress
LoadLibraryA

user32

SetWindowPos
PostQuitMessage
SendMessageA
SetWindowTextA
IsClipboardFormatAvailable
RegisterWindowMessageA
GetClientRect
ShowWindow
DefWindowProcA
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
RegisterClipboardFormatA
GetClipboardOwner
SetClipboardViewer
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetSystemMetrics
wsprintfA
MessageBoxA
ChangeClipboardChain

ws2_32

inet_ntoa
WSAStartup
closesocket
htons
socket
bind
recvfrom
inet_addr
sendto

shell32

ExtractIconA
DragQueryFileA
SHChangeNotify
Shell_NotifyIconA

shlwapi

PathIsDirectoryA
PathFileExistsA

psapi

GetProcessMemoryInfo

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegCloseKey

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitialize

oleaut32

OleLoadPicture
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
VarR8FromBool
VarR8FromCy

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf06f5ca6cface45fea69971d742e72c

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

shell32

shlwapi

psapi

advapi32

ole32

oleaut32

Sections

.text Size: 164KB - Virtual size: 161KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 40KB - Virtual size: 94KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 164KB - Virtual size: 161KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 40KB - Virtual size: 94KB

.rsrc
Size: 20KB - Virtual size: 16KB