blackmoon | 46304cf382049efea51653c32f232bde952d820bf25aba8787d2c4312d066564 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46304cf382049efea51653c32f232bde952d820bf25aba8787d2c4312d066564
Size

8.6MB
MD5

be9362195409101f71c7277c574e23bd
SHA1

a3b44418111c0f6b98cfad19c61f1a8c8c7f700f
SHA256

46304cf382049efea51653c32f232bde952d820bf25aba8787d2c4312d066564
SHA512

0d31436a61622944ddae5eaa495996992c1e904e242f47d0fe468b40270799ecd4d92682d8c012060a3cfd99001ecf71065f7630b0f648ebc19f5b5a8f3db2c3
SSDEEP

98304:GJ+4EVGt+uxf2vD3b7rr3e5SyVCjCvoXjcMVw0VhyMqaUVYaaCGkLswbA9oeiFro:A+4CckiK0tkxv3c9BDal3L

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46304cf382049efea51653c32f232bde952d820bf25aba8787d2c4312d066564

Files

46304cf382049efea51653c32f232bde952d820bf25aba8787d2c4312d066564
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText
��ҳ_ȡ�ض��ַ
�ļ�_�ļ��Ƿ��_��Ƶ
�߳�_��ʼ��COM��
�߳�_ȡ��COM��
�ӳ��_��ַ��
�ӳ��_��

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 540KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 780KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ