Behavioral task
behavioral1
Sample
0ede57076d0b4bf585735fd5fa4a73990c1b8b997cf6dc7078e59b7e4bbbafdc.exe
Resource
win7-20240221-en
General
-
Target
0ede57076d0b4bf585735fd5fa4a73990c1b8b997cf6dc7078e59b7e4bbbafdc
-
Size
368KB
-
MD5
18ba039fd417c47065fdcab902963fa5
-
SHA1
ee82b387a9ab24af822394172b17ce4ff2185228
-
SHA256
0ede57076d0b4bf585735fd5fa4a73990c1b8b997cf6dc7078e59b7e4bbbafdc
-
SHA512
ff34db815b3a160e69c567a8e4df7725e8b653c99d8f3bae2752efba19cf8217b92ba27ceabb6a9d7fd7ccf77a07900248035af7c9bdc0c922edb66d90835a52
-
SSDEEP
6144:GbWFntZUFZMUUWCyZvF1If3aqsTXc3onctXkCM:GbWFntZUFOUUqZvF1IGTXJnct0
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0ede57076d0b4bf585735fd5fa4a73990c1b8b997cf6dc7078e59b7e4bbbafdc
Files
-
0ede57076d0b4bf585735fd5fa4a73990c1b8b997cf6dc7078e59b7e4bbbafdc.exe windows:4 windows x86 arch:x86
b06996b30f734eafd3eded3c137cad53
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetCurrentProcess
OpenProcess
QueryDosDeviceW
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
ResumeThread
GetEnvironmentVariableA
TerminateProcess
GetTempPathA
GetTempFileNameA
MoveFileExA
lstrcpynA
RtlZeroMemory
VirtualQueryEx
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
LocalAlloc
LocalFree
GetProcessHeap
GetModuleHandleA
GetTempPathW
SetWaitableTimer
HeapReAlloc
HeapFree
IsBadReadPtr
ReadFile
GetFileSize
CreateFileA
GetTickCount
GetCommandLineA
GetModuleFileNameA
LCMapStringA
IsBadCodePtr
SetUnhandledExceptionFilter
lstrlenW
ExitProcess
Module32First
CreateWaitableTimerA
CopyFileA
lstrcpyn
WideCharToMultiByte
RtlMoveMemory
GetCommandLineW
CloseHandle
CreateToolhelp32Snapshot
FreeLibrary
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
HeapAlloc
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
MultiByteToWideChar
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
GetStartupInfoA
GetVersion
InterlockedDecrement
InterlockedIncrement
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetVersionExA
HeapDestroy
HeapCreate
WriteFile
RaiseException
InitializeCriticalSection
user32
PeekMessageA
MessageBoxA
TranslateMessage
DispatchMessageA
wsprintfA
MsgWaitForMultipleObjects
GetMessageA
shell32
SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteA
advapi32
AdjustTokenPrivileges
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
LookupPrivilegeValueA
OpenProcessToken
ChangeServiceConfig2A
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
iphlpapi
GetIpForwardTable
psapi
GetProcessImageFileNameW
wtsapi32
WTSQueryUserToken
userenv
CreateEnvironmentBlock
ws2_32
WSAStartup
oleaut32
VariantTimeToSystemTime
Sections
.text Size: 140KB - Virtual size: 136KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 64KB - Virtual size: 129KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 148KB - Virtual size: 148KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE