blackmoon | 53b2739b338d74dbcd47af5ae965fb46

Sharing

Copy URL

Twitter E-mail

General

Target

53b2739b338d74dbcd47af5ae965fb46
Size

928KB
MD5

53b2739b338d74dbcd47af5ae965fb46
SHA1

d09479f38fca525d356466599228cf0662616493
SHA256

d18b1b9472e9adad52cdf260422fa4886307f41a4d20ed691f4c11bc375c9022
SHA512

113afefef24dec012b1db26cb23901f4c1f9e4fa78ab7fd995f6df5535f1030501e32019960298fb64866f3f68890b78dd5ae47f11b608131ff3e5e6f58a9f32
SSDEEP

24576:44GDpvBZSbtx+6dEUSmpUmITPKKldb3HE0Z:444dWbrBEZmpUBKKldb3FZ

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/反p2p终结者2012 增强绿色版/反p2p终结者2012增强版.exe	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/反p2p终结者2012 增强绿色版/WinPcap_3_0.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/反p2p终结者2012 增强绿色版/WinPcap_3_0.exe
unpack001/反p2p终结者2012 增强绿色版/反p2p终结者2012增强版.exe

Files

53b2739b338d74dbcd47af5ae965fb46
.rar
反p2p终结者2012 增强绿色版/PC6官方下载.url
反p2p终结者2012 增强绿色版/WinPcap_3_0.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
反p2p终结者2012 增强绿色版/使用说明.txt
反p2p终结者2012 增强绿色版/反p2p终结者2012增强版.exe
.exe windows:4 windows x86 arch:x86

1c63e1e6cef55f7ecb2c22a683b1e152

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

atl

ord42

kernel32

HeapReAlloc
HeapFree
IsBadReadPtr
CloseHandle
WriteFile
CreateFileA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
Sleep
FindNextFileA
FindFirstFileA
FindClose
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
GetTickCount
SetFileAttributesA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
RtlMoveMemory
SetWaitableTimer
CreateWaitableTimerA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateThread
GetCommandLineA
GetVersion
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
LCMapStringW
VirtualAlloc

shlwapi

PathFileExistsA

user32

TranslateMessage
wsprintfA
GetMessageA
GetMenuInfo
SetMenuInfo
TrackMouseEvent
MsgWaitForMultipleObjects
MessageBoxA
PeekMessageA
DispatchMessageA

shell32

DragAcceptFiles
Shell_NotifyIconA
DragFinish
DragQueryFileA

advapi32

RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA
RegEnumKeyA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegEnumValueA
RegCloseKey
RegCreateKeyA

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62.4MB - Virtual size: 62.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 204KB

UPX1 Size: 107KB - Virtual size: 108KB

.rsrc Size: 7KB - Virtual size: 8KB

1c63e1e6cef55f7ecb2c22a683b1e152

Headers

File Characteristics

Imports

atl

kernel32

shlwapi

user32

shell32

advapi32

Sections

.text Size: 128KB - Virtual size: 125KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 62.4MB - Virtual size: 62.5MB

.rsrc Size: 20KB - Virtual size: 20KB

UPX0
Size: - Virtual size: 204KB

UPX1
Size: 107KB - Virtual size: 108KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 62.4MB - Virtual size: 62.5MB

.rsrc
Size: 20KB - Virtual size: 20KB