blackmoon | f80401d8c35fd54960cc22d3eb4fc3d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f80401d8c35fd54960cc22d3eb4fc3d8_JaffaCakes118
Size

476KB
MD5

f80401d8c35fd54960cc22d3eb4fc3d8
SHA1

f8f9399a01af0af30555488b5d24aa72992b1fee
SHA256

35852b99382d61d5e39058c6bb2d52fb6d9776fbea6aac2418c9b28e6ef4b9aa
SHA512

c50e7f45b6d591d7deec450ca9fdbdaa1b5398db9ee33d4baffa061802104659599e0f6f70a64e370e9fb9eeca4607387c051b8c2ac900eee528905819434dfe
SSDEEP

6144:zQyBkZK3Q9ZVUrrrQnYjj3yrnp3poCAyHvuoa0:zQyBkZK3sOrrfj7oPu

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f80401d8c35fd54960cc22d3eb4fc3d8_JaffaCakes118

Files

f80401d8c35fd54960cc22d3eb4fc3d8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

38074405d99212fca116c48a60d91f4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
GetEnvironmentVariableA
GetPrivateProfileStringA
DeleteFileA
CloseHandle
WriteFile
CreateFileA
Sleep
WritePrivateProfileStringA
GetCommandLineA
LCMapStringA
GetProcessHeap
WideCharToMultiByte
IsBadReadPtr
CreateThread
GetTickCount
TerminateThread
DeleteCriticalSection
VirtualProtect
GetModuleFileNameA
FreeLibrary
GetProcAddress
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
LoadLibraryA
GetModuleHandleA

user32

KillTimer
CallWindowProcA
GetAsyncKeyState
SetTimer
wvsprintfA
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

sprintf
_CIpow
modf
floor
strchr
free
malloc
memmove
__CxxFrameHandler
_CIfmod
toupper
strncpy
atoi
strncmp
_ftol
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z
tolower
_strnicmp

shlwapi

PathFileExistsA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

Exports

Exports

WTSCloseServer
WTSConnectSessionA
WTSConnectSessionW
WTSCreateListenerA
WTSCreateListenerW
WTSDisconnectSession
WTSEnumerateListenersA
WTSEnumerateListenersW
WTSEnumerateProcessesA
WTSEnumerateProcessesExA
WTSEnumerateProcessesExW
WTSEnumerateProcessesW
WTSEnumerateServersA
WTSEnumerateServersW
WTSEnumerateSessionsA
WTSEnumerateSessionsExA
WTSEnumerateSessionsExW
WTSEnumerateSessionsW
WTSFreeMemory
WTSFreeMemoryExA
WTSFreeMemoryExW
WTSGetListenerSecurityA
WTSGetListenerSecurityW
WTSLogoffSession
WTSOpenServerA
WTSOpenServerExA
WTSOpenServerExW
WTSOpenServerW
WTSQueryListenerConfigA
WTSQueryListenerConfigW
WTSQuerySessionInformationA
WTSQuerySessionInformationW
WTSQueryUserConfigA
WTSQueryUserConfigW
WTSQueryUserToken
WTSRegisterSessionNotification
WTSRegisterSessionNotificationEx
WTSSendMessageA
WTSSendMessageW
WTSSetListenerSecurityA
WTSSetListenerSecurityW
WTSSetSessionInformationA
WTSSetSessionInformationW
WTSSetUserConfigA
WTSSetUserConfigW
WTSShutdownSystem
WTSStartRemoteControlSessionA
WTSStartRemoteControlSessionW
WTSStopRemoteControlSession
WTSTerminateProcess
WTSUnRegisterSessionNotification
WTSUnRegisterSessionNotificationEx
WTSVirtualChannelClose
WTSVirtualChannelOpen
WTSVirtualChannelOpenEx
WTSVirtualChannelPurgeInput
WTSVirtualChannelPurgeOutput
WTSVirtualChannelQuery
WTSVirtualChannelRead
WTSVirtualChannelWrite
WTSWaitSystemEvent
_��ӳ��
ѡ��ɫ

Sections

.text
Size: 368KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38074405d99212fca116c48a60d91f4d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

shlwapi

shell32

Exports

Exports

Sections

.text Size: 368KB - Virtual size: 366KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 84KB - Virtual size: 168KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 368KB - Virtual size: 366KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 84KB - Virtual size: 168KB

.reloc
Size: 16KB - Virtual size: 15KB