blackmoon | 2f63dc64af855c679ffe73fb371be5532dec4071d1a1d3c8fb2bafab0fe22fd4

Sharing

Copy URL Twitter E-mail

General

Target

2f63dc64af855c679ffe73fb371be5532dec4071d1a1d3c8fb2bafab0fe22fd4
Size

636KB
MD5

34b2dbfa16f23402f782110e8a1fc18c
SHA1

929942b2b1f92c6c40575b0bf075d927c20c7ef6
SHA256

2f63dc64af855c679ffe73fb371be5532dec4071d1a1d3c8fb2bafab0fe22fd4
SHA512

4b9d0e78c2fb77a336846497a427ac713114dbd881c67d85056732607cfa5191fcf13452cfcafa70371b8b0ecf1a0bb0212ba034a1141df9a2ffc46b8ac94ab3
SSDEEP

12288:LLUI/8OJXq2pTys0/GyeJZbfqi15klydbX+L9:LLUI/8OJXq2pTV0/vOLd5Gydj6

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f63dc64af855c679ffe73fb371be5532dec4071d1a1d3c8fb2bafab0fe22fd4

Files

2f63dc64af855c679ffe73fb371be5532dec4071d1a1d3c8fb2bafab0fe22fd4
.exe windows:4 windows x86 arch:x86

63922f6a7ff9a0c13219a7223168264e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
CloseHandle
WideCharToMultiByte
SetDllDirectoryA
GetComputerNameExA
RtlMoveMemory
lstrcatA
CreateThread
CreateFileA
GetFileSizeEx
ReadFile
GetProcessHeap
HeapAlloc
HeapFree
MultiByteToWideChar
GetDateFormatA
GetTimeFormatA
Process32First
Process32Next
GetLastError
VirtualAlloc
VirtualFree
RtlZeroMemory
lstrlenW
lstrcmpW
HeapCreate
HeapDestroy
lstrcmpiW
lstrlenA
lstrcmpA
WaitForSingleObject
OpenMutexA
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleA
ExitProcess
HeapReAlloc
IsBadReadPtr
GetProcAddress
GetPrivateProfileStringA
GetModuleFileNameA
WritePrivateProfileStringA
GetUserDefaultLCID
Sleep
GetTickCount
SetFilePointer
OpenProcess
GetLocalTime
CreateDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
CopyFileA
GetEnvironmentVariableA
DeleteFileA
GetFileSize
MoveFileA
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
IsBadWritePtr
RaiseException
GetVersionExA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetVersion
GetStartupInfoA
Module32First
WriteFile
CreateToolhelp32Snapshot
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
GetStringTypeW

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowThreadProcessId
GetSystemMetrics

shlwapi

PathFindFileNameA
PathFileExistsA
StrToIntExW
StrToIntW
PathRemoveBackslashA
PathRemoveFileSpecA

ws2_32

WSAStartup
inet_ntoa
inet_addr
gethostname
WSACleanup
WSAGetLastError

ole32

OleRun
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitialize
CLSIDFromString

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SafeArrayGetElemsize

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

winhttp

WinHttpTimeToSystemTime

iphlpapi

SendARP
GetAdaptersInfo

wininet

InternetCloseHandle
HttpQueryInfoA
InternetSetCookieA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionA

Sections

.text
Size: 528KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

63922f6a7ff9a0c13219a7223168264e

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

ws2_32

ole32

oleaut32

shell32

winhttp

iphlpapi

wininet

Sections

.text Size: 528KB - Virtual size: 525KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 88KB - Virtual size: 153KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 528KB - Virtual size: 525KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 88KB - Virtual size: 153KB

.rsrc
Size: 4KB - Virtual size: 1KB