blackmoon | 0a920a67c56e5ab59b38c09dde0141c62bc3478f1de2d6056d0aee972001cf60

Sharing

Copy URL Twitter E-mail

General

Target

0a920a67c56e5ab59b38c09dde0141c62bc3478f1de2d6056d0aee972001cf60
Size

636KB
MD5

196ffad7204bf32a801789916ba623e1
SHA1

ada18fa9ec8ac6e9d8675e88c69acdd1fc129a52
SHA256

0a920a67c56e5ab59b38c09dde0141c62bc3478f1de2d6056d0aee972001cf60
SHA512

74cf05b96e032753840d071f0073bbf7ce4ad1a484a9fe12ef42333a9124216ac2e35bb39f437aef6e3e5a1d88f33651e5efdbd0c2b5b9d58f7d8f11396a59be
SSDEEP

12288:LLUI/8OJXq2pTys0/GyeJZbfqi15klydbX+Li:LLUI/8OJXq2pTV0/vOLd5Gydjn

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a920a67c56e5ab59b38c09dde0141c62bc3478f1de2d6056d0aee972001cf60

Files

0a920a67c56e5ab59b38c09dde0141c62bc3478f1de2d6056d0aee972001cf60
.exe windows:4 windows x86 arch:x86

63922f6a7ff9a0c13219a7223168264e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
CloseHandle
WideCharToMultiByte
SetDllDirectoryA
GetComputerNameExA
RtlMoveMemory
lstrcatA
CreateThread
CreateFileA
GetFileSizeEx
ReadFile
GetProcessHeap
HeapAlloc
HeapFree
MultiByteToWideChar
GetDateFormatA
GetTimeFormatA
Process32First
Process32Next
GetLastError
VirtualAlloc
VirtualFree
RtlZeroMemory
lstrlenW
lstrcmpW
HeapCreate
HeapDestroy
lstrcmpiW
lstrlenA
lstrcmpA
WaitForSingleObject
OpenMutexA
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleA
ExitProcess
HeapReAlloc
IsBadReadPtr
GetProcAddress
GetPrivateProfileStringA
GetModuleFileNameA
WritePrivateProfileStringA
GetUserDefaultLCID
Sleep
GetTickCount
SetFilePointer
OpenProcess
GetLocalTime
CreateDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
CopyFileA
GetEnvironmentVariableA
DeleteFileA
GetFileSize
MoveFileA
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
IsBadWritePtr
RaiseException
GetVersionExA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetVersion
GetStartupInfoA
Module32First
WriteFile
CreateToolhelp32Snapshot
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
GetStringTypeW

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowThreadProcessId
GetSystemMetrics

shlwapi

PathFindFileNameA
PathFileExistsA
StrToIntExW
StrToIntW
PathRemoveBackslashA
PathRemoveFileSpecA

ws2_32

WSAStartup
inet_ntoa
inet_addr
gethostname
WSACleanup
WSAGetLastError

ole32

OleRun
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitialize
CLSIDFromString

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SafeArrayGetElemsize

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

winhttp

WinHttpTimeToSystemTime

iphlpapi

SendARP
GetAdaptersInfo

wininet

InternetCloseHandle
HttpQueryInfoA
InternetSetCookieA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionA

Sections

.text
Size: 528KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

63922f6a7ff9a0c13219a7223168264e

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

ws2_32

ole32

oleaut32

shell32

winhttp

iphlpapi

wininet

Sections

.text Size: 528KB - Virtual size: 525KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 88KB - Virtual size: 153KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 528KB - Virtual size: 525KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 88KB - Virtual size: 153KB

.rsrc
Size: 4KB - Virtual size: 1KB