blackmoon | 239971f44ce0323f1401000b86a39ba68370be3c2e92444bdacbf109247b5b66

Sharing

Copy URL Twitter E-mail

General

Target

239971f44ce0323f1401000b86a39ba68370be3c2e92444bdacbf109247b5b66
Size

2.1MB
MD5

98a2b3ad9020fc36dd80a9026c439ec0
SHA1

000f7c87f0cd48a784f54ac42cbb8347a008fae9
SHA256

239971f44ce0323f1401000b86a39ba68370be3c2e92444bdacbf109247b5b66
SHA512

f96b4c2d0c2f3e7581e8bf3462f9ffa0f13e0995ab0cbc759963585c31ae55a46df04a00a8780246fb5228b485623931f410702f69022fa7d4a11913c4d49279
SSDEEP

49152:cXS+eTLjApcADPC/adFr6ZBecmL8YOs4dY6RF1PTBiaS:lpAWoqCFkq8YOX+6RF1LlS

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
239971f44ce0323f1401000b86a39ba68370be3c2e92444bdacbf109247b5b66

Files

239971f44ce0323f1401000b86a39ba68370be3c2e92444bdacbf109247b5b66
.dll windows:4 windows x86 arch:x86

90c501bd94f0c2c65f2dd0855d1c9a4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA

ws2_32

gethostbyname

user32

SetWindowPos

iphlpapi

SendARP

shlwapi

PathFileExistsA

gdi32

ScaleViewportExtEx

advapi32

RegSetValueExA

shell32

DragAcceptFiles

ole32

CoInitialize

psapi

GetProcessImageFileNameW

oleaut32

VariantCopy

wintrust

WinVerifyTrust

winspool.drv

OpenPrinterA

comctl32

ImageList_DragShowNolock

wininet

InternetCanonicalizeUrlA

rasapi32

RasHangUpA

msvcrt

__dllonexit

Exports

Exports

DllCanUnloadNow_m
DllGetClassObject_m
DllRegisterServer_m
DllUnregisterServer_m
OleCreateFontIndirect_m
OleCreatePictureIndirect_m
OleCreatePropertyFrameIndirect_m
OleCreatePropertyFrame_m
OleIconToCursor_m
OleLoadPicture_m
OleTranslateColor_m
��_��CE

Sections

.text
Size: 708KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90c501bd94f0c2c65f2dd0855d1c9a4f

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

iphlpapi

shlwapi

gdi32

advapi32

shell32

ole32

psapi

oleaut32

wintrust

winspool.drv

comctl32

wininet

rasapi32

msvcrt

Exports

Exports

Sections

.text Size: 708KB - Virtual size: 708KB

.sedata Size: 1.4MB - Virtual size: 1.4MB

.idata Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 708KB - Virtual size: 708KB

.sedata
Size: 1.4MB - Virtual size: 1.4MB

.idata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB