blackmoon | f7909d2194f660890dab751be89da814_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f7909d2194f660890dab751be89da814_JaffaCakes118
Size

156KB
MD5

f7909d2194f660890dab751be89da814
SHA1

9d5e8ed287d1a3207fafc5ac6f5a49bcb4911711
SHA256

1a7bd60c0159c914edaf4c1b202d55dd37f08f27ee4987dc1db9fb93a937d1d2
SHA512

bc3732b866b30e1e6952d580287996667a93df723208cbcaee3b1a471b3fd77f4401c891460e0c9b5d1972452dbc69a25fae5c11bc7a76f557439f9101254454
SSDEEP

3072:lzCK760OUv7RkkMSs0nJdCDkm8AUgmTtKI:lzXOg7akM7CkoQmUI

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7909d2194f660890dab751be89da814_JaffaCakes118

Files

f7909d2194f660890dab751be89da814_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fb81c64b88378986732ee7b2dcb60e2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
EnterCriticalSection
LocalAlloc
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
ReadFile
SetFilePointer
FlushFileBuffers
GetProcAddress
lstrcmpiA
lstrcmpA
FreeLibrary
GetCurrentThreadId
TlsAlloc
GlobalFree
GlobalHandle
TlsFree
GlobalReAlloc
GlobalAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetVersion
GlobalFlags
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetSystemTime
GetLocalTime
GetACP
HeapSize
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
SetLastError
GetTimeZoneInformation
GetTickCount
Sleep
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
GetCurrentProcess
GetLastError
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
lstrlenA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CopyFileA
CreateFileA
WriteFile
CloseHandle
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCommandLineA

user32

GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
GetSysColorBrush
PostQuitMessage
DestroyMenu
PtInRect
GetWindowLongA
GetClassNameA
GetMenuItemCount
GetSubMenu
GetMenuState
GetMenuItemID
LoadStringA
CopyRect
GetMenu
UnhookWindowsHookEx
SendMessageA
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetSystemMetrics
PostMessageA
GetWindowTextA
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
LoadCursorA
SetWindowTextA
SetForegroundWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
GetDlgItem
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetLastActivePopup
SetFocus
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA

gdi32

CreateBitmap
Escape
GetObjectA
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
GetClipBox
SetTextColor
SetBkColor
DeleteDC
SaveDC
RestoreDC
SelectObject

shell32

SHGetSpecialFolderPathA

rasapi32

RasHangUpA
RasGetConnectStatusA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

wsock32

WSACleanup
select
closesocket
recv
send
WSAStartup

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetConnectA
InternetSetOptionA
InternetCloseHandle
InternetOpenA

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb81c64b88378986732ee7b2dcb60e2e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

rasapi32

winspool.drv

comctl32

wsock32

wininet

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 20KB - Virtual size: 104KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 20KB - Virtual size: 104KB