blackmoon | tmp

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

2.2MB
MD5

545f771eabae38604df6f9058194cb83
SHA1

17b998c9c4858450dfc163b4b13a2e315dabfa27
SHA256

6298486bda02ea4cbf573cf1fe0dd1e0a373ad0264359c22bd9cc3031ed1e39e
SHA512

02e18f99f906d0ad04b1c74cf78f2feb18282f89f56f3805b5cfd1dce088a601be137ad3337e27a68326d6553a20ce5c4a82604a5b32a4f4b8b9bb973e742e4c
SSDEEP

49152:LBgpu7xl84o3pIAyYPYlca+75G1rsa63:9RP84PZcRqYa

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:4 windows x86 arch:x86

be644c024b1fb4d79faf1b6fc26737db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetModuleHandleA
LoadLibraryA
VirtualProtect
lstrcpynA
FreeLibrary
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
CloseHandle
ReadFile
GetFileSize
DeleteFileA
WriteFile
GetModuleFileNameA
GetTickCount
FindClose
FindNextFileA
CreateEventA
MoveFileExA
SetFileAttributesA
GetCommandLineA
LCMapStringA
OpenEventA
CreateFileMappingA
TerminateProcess
GetTempFileNameA
GetTempPathA
MoveFileA
CreateDirectoryA
SetWaitableTimer
CreateWaitableTimerA
IsDebuggerPresent
GetCurrentProcessId
VirtualFree
VirtualAlloc
DeviceIoControl
GlobalSize
GlobalMemoryStatusEx
GetLogicalProcessorInformation
GetProcAddress
GetWindowsDirectoryA
GetSystemDirectoryA
lstrcpyA
lstrcatA
MulDiv
LeaveCriticalSection
EnterCriticalSection
GetVersion
FindFirstFileA
GetComputerNameA
OpenFileMappingA
RemoveDirectoryA
CreateMutexA
DeleteCriticalSection
InitializeCriticalSection

user32

GetClassInfoExA
RegisterClassExA
PeekMessageA
CreateDialogIndirectParamA
UpdateWindow
GetMessageA
SendMessageA
BringWindowToTop
DispatchMessageA
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
ShowWindow
SetWindowLongA
GetWindowRect
TranslateMessage
CallWindowProcA
GetCursorPos
GetDC
GetSysColor
LoadBitmapA
RegisterHotKey
ReleaseCapture
SetCapture
UnregisterHotKey
CreateWindowExA
IsWindow
MessageBoxA
wsprintfA
SetWindowPos
MoveWindow
ClientToScreen
GetClientRect
FindWindowA
GetWindowLongA
GetClassNameA
GetWindowTextA
IsWindowVisible
ScreenToClient
GetWindowTextLengthA
GetWindowThreadProcessId

gdi32

CreateFontA
DeleteObject
GetDeviceCaps
TranslateCharsetInfo

advapi32

CreateServiceA
StartServiceA

ws2_32

WSAStartup
closesocket
send
recv
ntohs
socket
htons
inet_addr
connect
gethostbyname
WSACleanup
getsockname

msvcrt

sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
_atoi64
atof
atoi
__CxxFrameHandler
free
malloc
_ftol
strtod
_CIfmod
srand
rand
floor
_CIpow
strrchr
strchr
modf
realloc
memmove
strncmp

shlwapi

PathFileExistsA

shell32

SHGetSpecialFolderPathA
DragQueryFileA
DragFinish
DragAcceptFiles

comctl32

ImageList_DragEnter
ord17
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag

Sections

.text
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

be644c024b1fb4d79faf1b6fc26737db

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

msvcrt

shlwapi

shell32

comctl32

Sections

.text Size: 187KB - Virtual size: 187KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2.1MB - Virtual size: 2.1MB

.text
Size: 187KB - Virtual size: 187KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2.1MB - Virtual size: 2.1MB