blackmoon | f3bdbcac96d516f4478c525f309cccac0765b13a5cfcb1f2b094ce352971acba

Sharing

Copy URL Twitter E-mail

General

Target

f3bdbcac96d516f4478c525f309cccac0765b13a5cfcb1f2b094ce352971acba
Size

512KB
MD5

18252ec5f493577163a7551814720045
SHA1

0cc5896f67b8f21ade1047850900d27f49bbf2e7
SHA256

f3bdbcac96d516f4478c525f309cccac0765b13a5cfcb1f2b094ce352971acba
SHA512

f804b31061d5c89be7dc681e4e95aea30200d3c13b1b3d0e9a5db7c155d3f62de3f81ea9859e8bfd896d43f7757ad4b1718ddafd8d2b53487b61e3b633f6fc76
SSDEEP

12288:zToTp71Cnpola/asQJCMmj9bBoUi0HPi0YWnJBFQ9uRy+:zToD7sdvj9bBoJQ60lnC9uRy+

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3bdbcac96d516f4478c525f309cccac0765b13a5cfcb1f2b094ce352971acba

Files

f3bdbcac96d516f4478c525f309cccac0765b13a5cfcb1f2b094ce352971acba
.exe windows:4 windows x86 arch:x86

9e28751475e2815d9aec4f6ee50607e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
WriteFile
GetProcAddress
IsBadReadPtr
HeapReAlloc
ExitProcess
GetModuleHandleA
SetConsoleTitleA
WriteConsoleA
GetStdHandle
AllocConsole
SetWaitableTimer
CreateWaitableTimerA
CreateThread
GetCurrentProcessId
GetModuleFileNameA
HeapFree
lstrcpynW
RtlMoveMemory
HeapAlloc
MulDiv
lstrcpyA
GetProcessHeap
CloseHandle
OpenProcess
lstrcatA

user32

RegisterHotKey
ReleaseCapture
ScreenToClient
SendMessageA
SetCapture
SetWindowLongA
UnregisterHotKey
LoadBitmapA
GetSysColor
GetDC
GetCursorPos
MsgWaitForMultipleObjects
GetInputState
CreateWindowExA
CallWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowThreadProcessId
FindWindowA

gdi32

CreateFontA
DeleteObject
GetDeviceCaps
TranslateCharsetInfo

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

msvcrt

realloc
malloc
strstr
strrchr
_atoi64
_CIfmod
free
_ftol
atoi
sprintf
strchr
_stricmp

oleaut32

VariantTimeToSystemTime

shell32

DragQueryFileA
DragFinish
DragAcceptFiles

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ord17
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 476KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e28751475e2815d9aec4f6ee50607e3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

oleaut32

shell32

comctl32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 476KB - Virtual size: 493KB

.rsrc Size: 1024B - Virtual size: 664B

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 476KB - Virtual size: 493KB

.rsrc
Size: 1024B - Virtual size: 664B