blackmoon | a996cad6b535c3d221326ae2effe4eaf418a81e87eee74cb447fd6a4c43899ca[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

a996cad6b535c3d221326ae2effe4eaf418a81e87eee74cb447fd6a4c43899ca.exe.zip
Size

46.1MB
MD5

fa2f785f4376b191957ed9c045d8c48c
SHA1

06f40aca548d22f6eda8651da23c0d3cf6081597
SHA256

0d3cca19e4980341ec3b85257500ceee447e1840b7ecf1088f9859ffb1ef3178
SHA512

3519351af371ed0c280cd4f145c40afd2892ba64de5300e2264b91c180f263f21b0bb254fb490d4981323c40ebbf84eb797ad9597fd27ca194c6405f71f33672
SSDEEP

786432:hpRvmBA2mVwuBrofyoaWL/NgxZ7n19O353evmD4EvEIbJGPGW7bJRRwd6UXE:fRYrI0yfWLCzncOuDhvEEJoGWhRRwd6Z

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/a996cad6b535c3d221326ae2effe4eaf418a81e87eee74cb447fd6a4c43899ca.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a996cad6b535c3d221326ae2effe4eaf418a81e87eee74cb447fd6a4c43899ca.exe

Files

a996cad6b535c3d221326ae2effe4eaf418a81e87eee74cb447fd6a4c43899ca.exe.zip
.zip

Password: infected
a996cad6b535c3d221326ae2effe4eaf418a81e87eee74cb447fd6a4c43899ca.exe
.exe windows:6 windows x86 arch:x86

c7d346a9e7b795cc73dc012652258903

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opencv_world460

??0Mat@cv@@QAE@XZ

lua51

luaL_loadfile

kernel32

GetFileAttributesExW

user32

GetKeyNameTextW

gdi32

DeleteObject

msimg32

AlphaBlend

winspool.drv

DocumentPropertiesW

advapi32

RegDeleteValueW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW

uxtheme

GetWindowTheme

ole32

CoRegisterMessageFilter

oleaut32

VariantCopy

oledlg

OleUIBusyW

gdiplus

GdipGetImageHeight

winmm

timeGetTime

ws2_32

WSACloseEvent

oleacc

LresultFromObject

imm32

ImmGetOpenStatus

iphlpapi

GetAdaptersInfo

Sections

.text
Size: - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.<Ku
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.svmp1
Size: - Virtual size: 13.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.svmp2
Size: 19.0MB - Virtual size: 19.0MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.svmp3
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.svmp4
Size: 26.1MB - Virtual size: 26.1MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

c7d346a9e7b795cc73dc012652258903

Headers

DLL Characteristics

File Characteristics

Imports

opencv_world460

lua51

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

winmm

ws2_32

oleacc

imm32

iphlpapi

Sections

.text Size: - Virtual size: 8.8MB

.rdata Size: - Virtual size: 398KB

.data Size: - Virtual size: 1.0MB

.<Ku Size: - Virtual size: 3.3MB

.rsrc Size: 6.4MB - Virtual size: 6.4MB

.svmp1 Size: - Virtual size: 13.3MB

.svmp2 Size: 19.0MB - Virtual size: 19.0MB

.svmp3 Size: 1.7MB - Virtual size: 1.7MB

.svmp4 Size: 26.1MB - Virtual size: 26.1MB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: - Virtual size: 8.8MB

.rdata
Size: - Virtual size: 398KB

.data
Size: - Virtual size: 1.0MB

.<Ku
Size: - Virtual size: 3.3MB

.rsrc
Size: 6.4MB - Virtual size: 6.4MB

.svmp1
Size: - Virtual size: 13.3MB

.svmp2
Size: 19.0MB - Virtual size: 19.0MB

.svmp3
Size: 1.7MB - Virtual size: 1.7MB

.svmp4
Size: 26.1MB - Virtual size: 26.1MB

.reloc
Size: 22KB - Virtual size: 22KB