blackmoon | c4c375af2af9496db79124b4268e82a62fdbde8c59f0f25d19152bac00df713c

Sharing

Copy URL

Twitter E-mail

General

Target

c4c375af2af9496db79124b4268e82a62fdbde8c59f0f25d19152bac00df713c
Size

2.3MB
MD5

5a0d7591f5e23e95a0dff68b29366448
SHA1

38e34f0598bc874cb2bdc1009ea19b5e4ef7ae4d
SHA256

c4c375af2af9496db79124b4268e82a62fdbde8c59f0f25d19152bac00df713c
SHA512

8a0852314b2d43bf3e0d47b8c367f1661634569330897d53a2dfdd9ac6037a26079ea83a15c43803ae5446211cfc87b8e679a2389a18687c2f53d9d7feb27419
SSDEEP

49152:m3sbTJZgQpmLCEKEQIvufRoGpTwV9jT37z:isLmLzLYoGpWz

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4c375af2af9496db79124b4268e82a62fdbde8c59f0f25d19152bac00df713c

Files

c4c375af2af9496db79124b4268e82a62fdbde8c59f0f25d19152bac00df713c
.dll windows:4 windows x86 arch:x86

c5418385bb6881d448739e410f453c26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
WriteFile
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
Sleep
GetLocalTime
GetTickCount
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
lstrcpyA
lstrcatA
MulDiv
TerminateThread
DeleteCriticalSection
CreateThread
CreateWaitableTimerA
Beep
RtlMoveMemory
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
SetWaitableTimer
CreateFileA

user32

DestroyWindow
UpdateWindow
CreateDialogIndirectParamA
SetWindowLongA
GetWindowRect
ScreenToClient
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
PeekMessageA
GetMessageA
GetDlgItem
PostQuitMessage
FindWindowA
GetWindowThreadProcessId
UnregisterClassA
CallWindowProcA
CreateWindowExA
GetDC
GetSysColor
LoadBitmapA
RegisterHotKey
ReleaseCapture
SetCapture
UnregisterHotKey
DispatchMessageA
SetWindowTextA
TranslateMessage
ShowWindow
wsprintfA
MessageBoxA
MapVirtualKeyA
EnumChildWindows
SendMessageA
SendMessageTimeoutA
SetWindowPos
GetAsyncKeyState
GetForegroundWindow
GetCursorPos
MsgWaitForMultipleObjects

gdi32

TranslateCharsetInfo
CreateFontA
DeleteObject
GetDeviceCaps

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

shlwapi

PathFileExistsA

msvcrt

sprintf
modf
??3@YAXPAX@Z
strrchr
??2@YAPAXI@Z
atoi
_ftol
strtod
rand
srand
_CIfmod
floor
_CIpow
_atoi64
atof
strncpy
strncmp
strchr
malloc
free
memmove
__CxxFrameHandler

shell32

DragFinish
DragAcceptFiles
DragQueryFileA

comctl32

ImageList_EndDrag
ord17
ImageList_Create
ImageList_Add
ImageList_BeginDrag
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock

Exports

Exports

pubile1
pubile10
pubile2
pubile3
pubile4
pubile5
pubile6
pubile7
pubile8
pubile9
�ֽڼ�ת�ı�

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5418385bb6881d448739e410f453c26

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

msvcrt

shell32

comctl32

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 4KB - Virtual size: 664B

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 4KB - Virtual size: 664B

.reloc
Size: 16KB - Virtual size: 13KB