blackmoon | 31378d34558f0baf43fe7ff06a4358a090a4d73d68e9d7972af417bcff08e06a

Sharing

Copy URL Twitter E-mail

General

Target

31378d34558f0baf43fe7ff06a4358a090a4d73d68e9d7972af417bcff08e06a
Size

636KB
MD5

1edab7ea8daebf6caba10d97f2742840
SHA1

13bb5586e18ba3b9b06f95fde4771de2ce50ffb7
SHA256

31378d34558f0baf43fe7ff06a4358a090a4d73d68e9d7972af417bcff08e06a
SHA512

a318ba9241925ebd577e56040ed06d213122ac0cd4b67c6769660a04d5cf2de9ad8397b4c58fe73e226e28f8ec28183d73124dc3829c85779841b1a05e1004e0
SSDEEP

12288:LLUI/8OJXq2pTys0/GyeJZbfqi15klydbX+Ll:LLUI/8OJXq2pTV0/vOLd5Gydj8

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31378d34558f0baf43fe7ff06a4358a090a4d73d68e9d7972af417bcff08e06a

Files

31378d34558f0baf43fe7ff06a4358a090a4d73d68e9d7972af417bcff08e06a
.exe windows:4 windows x86 arch:x86

63922f6a7ff9a0c13219a7223168264e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
CloseHandle
WideCharToMultiByte
SetDllDirectoryA
GetComputerNameExA
RtlMoveMemory
lstrcatA
CreateThread
CreateFileA
GetFileSizeEx
ReadFile
GetProcessHeap
HeapAlloc
HeapFree
MultiByteToWideChar
GetDateFormatA
GetTimeFormatA
Process32First
Process32Next
GetLastError
VirtualAlloc
VirtualFree
RtlZeroMemory
lstrlenW
lstrcmpW
HeapCreate
HeapDestroy
lstrcmpiW
lstrlenA
lstrcmpA
WaitForSingleObject
OpenMutexA
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleA
ExitProcess
HeapReAlloc
IsBadReadPtr
GetProcAddress
GetPrivateProfileStringA
GetModuleFileNameA
WritePrivateProfileStringA
GetUserDefaultLCID
Sleep
GetTickCount
SetFilePointer
OpenProcess
GetLocalTime
CreateDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
CopyFileA
GetEnvironmentVariableA
DeleteFileA
GetFileSize
MoveFileA
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
IsBadWritePtr
RaiseException
GetVersionExA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetVersion
GetStartupInfoA
Module32First
WriteFile
CreateToolhelp32Snapshot
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
GetStringTypeW

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowThreadProcessId
GetSystemMetrics

shlwapi

PathFindFileNameA
PathFileExistsA
StrToIntExW
StrToIntW
PathRemoveBackslashA
PathRemoveFileSpecA

ws2_32

WSAStartup
inet_ntoa
inet_addr
gethostname
WSACleanup
WSAGetLastError

ole32

OleRun
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitialize
CLSIDFromString

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SafeArrayGetElemsize

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

winhttp

WinHttpTimeToSystemTime

iphlpapi

SendARP
GetAdaptersInfo

wininet

InternetCloseHandle
HttpQueryInfoA
InternetSetCookieA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionA

Sections

.text
Size: 528KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

63922f6a7ff9a0c13219a7223168264e

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

ws2_32

ole32

oleaut32

shell32

winhttp

iphlpapi

wininet

Sections

.text Size: 528KB - Virtual size: 525KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 88KB - Virtual size: 153KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 528KB - Virtual size: 525KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 88KB - Virtual size: 153KB

.rsrc
Size: 4KB - Virtual size: 1KB