blackmoon | 1f3260b75b4c6464c40f58776069ba8390915241c35b705fbc2f8b32175f0979

Sharing

Copy URL Twitter E-mail

General

Target

1f3260b75b4c6464c40f58776069ba8390915241c35b705fbc2f8b32175f0979
Size

100KB
MD5

76e64cfd0c87f1f4124f53f5645576d1
SHA1

71aaa2ae33233148c0021573a10e4d337787671c
SHA256

1f3260b75b4c6464c40f58776069ba8390915241c35b705fbc2f8b32175f0979
SHA512

8070fe309f270eb23b262607c0acdca2c9f38b6d1b3d83c722e54967bb11e678d649e2029d74600e323980fff47b4b24ea31acecf5b23fe430d6720e49a56043
SSDEEP

1536:n5CnDHhKzy5PHODUgVT84ASuze0sWd4mat:onDYgOI7pevmat

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f3260b75b4c6464c40f58776069ba8390915241c35b705fbc2f8b32175f0979

Files

1f3260b75b4c6464c40f58776069ba8390915241c35b705fbc2f8b32175f0979
.exe windows:4 windows x86 arch:x86

c0f3ea3e3628a8dfd7f3e366686ca6da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CreateFileA
DeleteFileA
GetTickCount
CopyFileA
MoveFileA
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
GetEnvironmentVariableA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetCommandLineA
CloseHandle
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetProcessHeap
LCMapStringA
CreateDirectoryA
SetUnhandledExceptionFilter
GetStringTypeW
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
GetVersion
RtlUnwind
InterlockedDecrement
InterlockedIncrement
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
GetProcAddress
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
GetStringTypeA

user32

MessageBoxA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

wininet

InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA

shlwapi

PathFileExistsA

oleaut32

VariantTimeToSystemTime

shell32

SHGetSpecialFolderPathA
ShellExecuteA

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c0f3ea3e3628a8dfd7f3e366686ca6da

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

shlwapi

oleaut32

shell32

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 57KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 57KB