blackmoon | 42b1d6f247c41e52d052634d99315e2d943433461371cafdff4935e4cc58dbef[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

42b1d6f247c41e52d052634d99315e2d943433461371cafdff4935e4cc58dbef.exe
Size

113KB
MD5

27fc645d0204c567c049d0bbd8cae8e8
SHA1

6322b04d43078307c3128aecfe5f305e17f3091a
SHA256

42b1d6f247c41e52d052634d99315e2d943433461371cafdff4935e4cc58dbef
SHA512

6bfc77be9963bfd4bd54601ff221572d3c3e959bcd305c70c65b9d6da2c6bb3b09bad82beca6b40f7ae88c048cb0b360a5862bfcd5281ba0363c7b85a82b60da
SSDEEP

1536:bViMsvI+AQX1OdBaKpVllHG/fdt+fV3JbB5OPnDE5+QDJ4rX27qWrf:bav9OdPx8wJ4rm7qg

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42b1d6f247c41e52d052634d99315e2d943433461371cafdff4935e4cc58dbef.exe

Files

42b1d6f247c41e52d052634d99315e2d943433461371cafdff4935e4cc58dbef.exe
.exe windows:4 windows x86 arch:x86

e5ac0f9205c73a7dd3d8c67873453d3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlMoveMemory
GetComputerNameA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetCurrentProcessId
MultiByteToWideChar
WideCharToMultiByte
CreateThread
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
IsBadReadPtr
CloseHandle
ReadFile
GetFileSize
CreateFileA
WriteFile
lstrcpynA
CreateProcessA
GetStartupInfoA
DeleteFileA
GetTickCount
Sleep
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
SetFileAttributesA
GetUserDefaultLCID
FreeLibrary
LoadLibraryA
LCMapStringA
CreateEventA
OpenEventA
MoveFileA
CreateDirectoryA
GetTempPathA
GetCommandLineA
GetModuleFileNameA
WaitForSingleObject
ExitProcess

user32

wsprintfA
TranslateMessage
GetMessageA
PeekMessageA
GetDC
DispatchMessageA
MessageBoxA
GetDesktopWindow
ReleaseDC

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
CreateProcessAsUserA

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

ws2_32

ntohs
inet_addr
bind
listen
WSACleanup
socket
htons
accept
recv
send
WSASocketA
WSAStartup
closesocket

gdi32

GetDeviceCaps

ole32

CoInitialize
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

msvcrt

malloc
free
modf
memmove
_ftol
atoi
strchr
strncpy
_CIfmod
floor
strrchr
__CxxFrameHandler
_strnicmp
rand
srand
tolower
??2@YAPAXI@Z
sprintf
??3@YAXPAX@Z
strncmp

shlwapi

PathFileExistsA

oleaut32

VariantClear
SysAllocString
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetLBound
VariantChangeType
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantInit
SafeArrayDestroy

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e5ac0f9205c73a7dd3d8c67873453d3c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

iphlpapi

ws2_32

gdi32

ole32

shell32

msvcrt

shlwapi

oleaut32

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 12KB - Virtual size: 73KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 73KB