blackmoon | 58834e50fb1daf6508acd7b56dc61a9c85c83577fd7b2aefc188bdfd2602b9bf

General

Target

58834e50fb1daf6508acd7b56dc61a9c85c83577fd7b2aefc188bdfd2602b9bf
Size

128KB
MD5

d9dbd564b741f4223e8011a8e09a7d10
SHA1

26513f27e65792aadb3f98886133cf9681f27b4c
SHA256

58834e50fb1daf6508acd7b56dc61a9c85c83577fd7b2aefc188bdfd2602b9bf
SHA512

e1198c006dc198bd68e2e043d93e84684890d0b000f898f5f1de162988c5fcea3369947a7dc3371a796e1a50a637d53cd0782a026c84e19d51e17428f97c5666
SSDEEP

1536:S6nQHFx5cxnfZ26QTACvZoahLWCsZhxyDXZOEFKnHJsbz1V:FnQH2CvZbhLWLuDXjFwJsVV

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58834e50fb1daf6508acd7b56dc61a9c85c83577fd7b2aefc188bdfd2602b9bf

Files

58834e50fb1daf6508acd7b56dc61a9c85c83577fd7b2aefc188bdfd2602b9bf
.dll windows:4 windows x86 arch:x86

25a6c7da79c3a60dbda1132578d751a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAllocEx
WideCharToMultiByte
GetTempFileNameA
GetSystemDirectoryA
MultiByteToWideChar
GetCurrentThreadId
CreateRemoteThread
ReadProcessMemory
GetCurrentProcessId
GetVersionExA
GetTempPathA
GetLogicalDriveStringsA
QueryDosDeviceA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
CopyFileA
GetFileSize
CreateFileA
DeleteFileA
Sleep
GetTickCount
MulDiv
GetDiskFreeSpaceA
GetCurrentDirectoryA
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
TerminateThread
CloseHandle
DeleteCriticalSection
ReadFile
CreateThread

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
RegisterWindowMessageA
MsgWaitForMultipleObjects
PostThreadMessageA
GetAsyncKeyState
SetTimer
CallWindowProcA

shlwapi

PathFindFileNameA

msvcrt

_stricmp
__CxxFrameHandler
strncmp
memmove
atoi
_ftol
_CIfmod
sprintf
floor
free
malloc
srand
strrchr
strchr
realloc
??3@YAXPAX@Z
modf

Exports

Exports

�ӳ��1

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25a6c7da79c3a60dbda1132578d751a0

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 53KB

.rsrc Size: 4KB - Virtual size: 632B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 53KB

.rsrc
Size: 4KB - Virtual size: 632B

.reloc
Size: 4KB - Virtual size: 2KB