blackmoon | 2019cef539165496204f2050a2d732a41b8e061728b0cda04cc806b679d74eba

Sharing

Copy URL Twitter E-mail

General

Target

2019cef539165496204f2050a2d732a41b8e061728b0cda04cc806b679d74eba
Size

720KB
MD5

1fc6f5198a1ff23e4fe82de88c189c75
SHA1

7e0fd375e662836e14ccd1e82ff205828dc61971
SHA256

2019cef539165496204f2050a2d732a41b8e061728b0cda04cc806b679d74eba
SHA512

4ac3486421cbbd0c98866c33e5a31450c6a2215482b7a953e3a916d86697d67d435c0c8c96255c3df4b10369a5206d83b4b0cb3fb808fa5300d3e8ce16bb2611
SSDEEP

12288:6t5cBxPAjPAiLu25YENfCFTmf5JC872xCqTDZxFnu+zHUH3ILjZmarXIECCrYcxM:6t5PjPAOdK4o87VaZhbokjca3YqmCK

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2019cef539165496204f2050a2d732a41b8e061728b0cda04cc806b679d74eba

Files

2019cef539165496204f2050a2d732a41b8e061728b0cda04cc806b679d74eba
.dll windows:4 windows x86 arch:x86

82a26595bc5a0f23705be94b181f8675

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
WriteFile
CreateFileA
SetFileAttributesA
GetTickCount
Sleep
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetStartupInfoA
LoadLibraryA
LCMapStringA
CreateProcessA
WaitForSingleObject
CloseHandle
GetWindowsDirectoryA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
LocalFree
GetModuleHandleA
GetProcessHeap
GetLastError
WideCharToMultiByte
GetTempPathA
MultiByteToWideChar
LocalAlloc
GetProcAddress
GetSystemDirectoryA

user32

DispatchMessageA
wsprintfA
MessageBoxA
TranslateMessage
GetMessageA
PeekMessageA

advapi32

StartServiceA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
ControlService
CloseServiceHandle
CreateServiceA
OpenServiceA
OpenSCManagerA

msvcrt

strrchr
??2@YAPAXI@Z
strtod
strchr
malloc
free
modf
strncmp
__CxxFrameHandler
memmove
calloc
sprintf
rand
srand
_ftol
atoi
??3@YAXPAX@Z

shell32

SHGetSpecialFolderPathA

Exports

Exports

AddProtectPath
AllocMemory
CreateThread
DelFile
DelProtectPath
FreeMemory
GetFunction
GetModule
GetProtectVirtualMemory
HideProcess
InsDrv
InsFileSystem
KeyboardClick
MouseClick
MouseMove
PassWM
ProtectHWND
ProtectPid
ReadMemory
SetMode
SetProtectVirtualMemory
UniDrv
UniFileSystem
WriteMemory
ж��

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640KB - Virtual size: 722KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82a26595bc5a0f23705be94b181f8675

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

shell32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 640KB - Virtual size: 722KB

.rsrc Size: 4KB - Virtual size: 692B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 640KB - Virtual size: 722KB

.rsrc
Size: 4KB - Virtual size: 692B

.reloc
Size: 8KB - Virtual size: 4KB