blackmoon | 2cda59ab9ed57bc20d49d6beac3f211c93ac01058c935f12a63d5a8ebf18824d

Sharing

Copy URL

Twitter E-mail

General

Target

2cda59ab9ed57bc20d49d6beac3f211c93ac01058c935f12a63d5a8ebf18824d
Size

636KB
MD5

33532cf7741d564ce6fa2537c950ec93
SHA1

55f1eb29fdcc2477940d59cbc95753c216c9035f
SHA256

2cda59ab9ed57bc20d49d6beac3f211c93ac01058c935f12a63d5a8ebf18824d
SHA512

4e43c76277faa3684b0a9dd65bd2ffe4bde0a705e774c0a8099e6dad2f505ca1e992e78136d0d5ae3bc1e2b3e576a74c90b5c27067aa6f8965e19258fc5254fc
SSDEEP

12288:LLUI/8OJXq2pTys0/GyeJZbfqi15klydbX+L7:LLUI/8OJXq2pTV0/vOLd5GydjG

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cda59ab9ed57bc20d49d6beac3f211c93ac01058c935f12a63d5a8ebf18824d

Files

2cda59ab9ed57bc20d49d6beac3f211c93ac01058c935f12a63d5a8ebf18824d
.exe windows:4 windows x86 arch:x86

63922f6a7ff9a0c13219a7223168264e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
CloseHandle
WideCharToMultiByte
SetDllDirectoryA
GetComputerNameExA
RtlMoveMemory
lstrcatA
CreateThread
CreateFileA
GetFileSizeEx
ReadFile
GetProcessHeap
HeapAlloc
HeapFree
MultiByteToWideChar
GetDateFormatA
GetTimeFormatA
Process32First
Process32Next
GetLastError
VirtualAlloc
VirtualFree
RtlZeroMemory
lstrlenW
lstrcmpW
HeapCreate
HeapDestroy
lstrcmpiW
lstrlenA
lstrcmpA
WaitForSingleObject
OpenMutexA
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleA
ExitProcess
HeapReAlloc
IsBadReadPtr
GetProcAddress
GetPrivateProfileStringA
GetModuleFileNameA
WritePrivateProfileStringA
GetUserDefaultLCID
Sleep
GetTickCount
SetFilePointer
OpenProcess
GetLocalTime
CreateDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
CopyFileA
GetEnvironmentVariableA
DeleteFileA
GetFileSize
MoveFileA
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
IsBadWritePtr
RaiseException
GetVersionExA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetVersion
GetStartupInfoA
Module32First
WriteFile
CreateToolhelp32Snapshot
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
GetStringTypeW

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowThreadProcessId
GetSystemMetrics

shlwapi

PathFindFileNameA
PathFileExistsA
StrToIntExW
StrToIntW
PathRemoveBackslashA
PathRemoveFileSpecA

ws2_32

WSAStartup
inet_ntoa
inet_addr
gethostname
WSACleanup
WSAGetLastError

ole32

OleRun
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitialize
CLSIDFromString

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SafeArrayGetElemsize

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

winhttp

WinHttpTimeToSystemTime

iphlpapi

SendARP
GetAdaptersInfo

wininet

InternetCloseHandle
HttpQueryInfoA
InternetSetCookieA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionA

Sections

.text
Size: 528KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

63922f6a7ff9a0c13219a7223168264e

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

ws2_32

ole32

oleaut32

shell32

winhttp

iphlpapi

wininet

Sections

.text Size: 528KB - Virtual size: 525KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 88KB - Virtual size: 153KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 528KB - Virtual size: 525KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 88KB - Virtual size: 153KB

.rsrc
Size: 4KB - Virtual size: 1KB