blackmoon | 95bf81aaf7c937c948a304f5d609260ca2c537bcb472e268202377963dc3121f

Sharing

Copy URL Twitter E-mail

General

Target

95bf81aaf7c937c948a304f5d609260ca2c537bcb472e268202377963dc3121f
Size

2.1MB
MD5

3d651014dfeb022290a3e3f88dcfe9bc
SHA1

b13cee814c6ad8ebfd94605e0eb4adb8045790fc
SHA256

95bf81aaf7c937c948a304f5d609260ca2c537bcb472e268202377963dc3121f
SHA512

2ec5d9066d47d48a0acb9528b9ea505f8613a73485f44ee8b8947ce397c80ee5a8c505fb908764be5836a0508d59a6bbc427d2e7efe135665d6a941810a860d6
SSDEEP

49152:U5dTKC+b6DeWaXAJfNw/7TWLkbjnyIMPwmzgU3nR9x:8MGWAJfK8syZgU3p

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95bf81aaf7c937c948a304f5d609260ca2c537bcb472e268202377963dc3121f

Files

95bf81aaf7c937c948a304f5d609260ca2c537bcb472e268202377963dc3121f
.dll windows:4 windows x86 arch:x86

90c501bd94f0c2c65f2dd0855d1c9a4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA

ws2_32

gethostbyname

user32

SetWindowPos

iphlpapi

SendARP

shlwapi

PathFileExistsA

gdi32

ScaleViewportExtEx

advapi32

RegSetValueExA

shell32

DragAcceptFiles

ole32

CoInitialize

psapi

GetProcessImageFileNameW

oleaut32

VariantCopy

wintrust

WinVerifyTrust

winspool.drv

OpenPrinterA

comctl32

ImageList_DragShowNolock

wininet

InternetCanonicalizeUrlA

rasapi32

RasHangUpA

msvcrt

__dllonexit

Exports

Exports

DllCanUnloadNow_m
DllGetClassObject_m
DllRegisterServer_m
DllUnregisterServer_m
OleCreateFontIndirect_m
OleCreatePictureIndirect_m
OleCreatePropertyFrameIndirect_m
OleCreatePropertyFrame_m
OleIconToCursor_m
OleLoadPicture_m
OleTranslateColor_m
��_��CE

Sections

.text
Size: 708KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90c501bd94f0c2c65f2dd0855d1c9a4f

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

iphlpapi

shlwapi

gdi32

advapi32

shell32

ole32

psapi

oleaut32

wintrust

winspool.drv

comctl32

wininet

rasapi32

msvcrt

Exports

Exports

Sections

.text Size: 708KB - Virtual size: 708KB

.sedata Size: 1.4MB - Virtual size: 1.4MB

.idata Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 708KB - Virtual size: 708KB

.sedata
Size: 1.4MB - Virtual size: 1.4MB

.idata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB