blackmoon | fc3a6c8886b9c40bae7a6841080acd0e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc3a6c8886b9c40bae7a6841080acd0e_JaffaCakes118
Size

224KB
MD5

fc3a6c8886b9c40bae7a6841080acd0e
SHA1

713e61f4be4996efae5bc6d9beb2df5ad4902bf9
SHA256

d80cfa79a0d80c62fe54e1877018684e056c5066f8340078810da7edccb9d6fd
SHA512

6622341d8aef439ce446c0cd64a90be77d9344a51f6aa10379d860566a9e3c59609e7fd37fb5fd6501b61a4199e4a538885b16f3312b3b1575aa1f28b6c5dd37
SSDEEP

3072:SSy0aue6JagEhXbeQDLbXVT5GOmBjE1W5GlTsdCYtL:SQaueyaNhJDd5GOGN8i

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc3a6c8886b9c40bae7a6841080acd0e_JaffaCakes118

Files

fc3a6c8886b9c40bae7a6841080acd0e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6bcea68e317a3b525f4c77f8d1fae684

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
TerminateProcess
RtlUnwind
GetStartupInfoA
LCMapStringW
IsBadCodePtr
GetOEMCP
IsBadReadPtr
SetStdHandle
LCMapStringA
GetCommandLineA
SetFilePointer
CreateFileA
WriteFile
CloseHandle
CreateDirectoryA
GetModuleFileNameA
GetCPInfo
HeapReAlloc
ExitProcess
LocalSize
HeapAlloc
HeapFree
GetProcessHeap
RtlMoveMemory
GetModuleHandleA
WideCharToMultiByte
GetCurrentThreadId
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
LocalAlloc
LocalFree
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
lstrlenA
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcatA
lstrcpyA
InterlockedIncrement
MultiByteToWideChar
SetLastError
GetProcAddress
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
FreeLibrary
LoadLibraryA
GetProcessVersion
SetErrorMode
GetCurrentProcess
ReadFile
FlushFileBuffers

user32

DefWindowProcA
GetAsyncKeyState
CallWindowProcA
EndPaint
BeginPaint
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
ReleaseDC
GetDC
GetDialogBaseUnits
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CreateDialogParamA
DialogBoxParamA
GetClassInfoExA
RegisterClassExA
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
GetClientRect
EndDialog
DestroyWindow
SendMessageA
DefMDIChildProcA
LoadCursorA
SetCursor
TrackMouseEvent
DestroyIcon
LoadIconA
SetWindowLongA
DestroyCursor
CreateWindowExA
GetWindowLongA
GetDlgItem
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
PtInRect
GetDlgCtrlID
GetWindow
ClientToScreen
UnhookWindowsHookEx
TabbedTextOutA
DrawTextA
GrayStringA
GetWindowPlacement
SystemParametersInfoA
GetForegroundWindow
GetMessagePos
GetMessageTime
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
GetSysColorBrush
LoadStringA
SetMenu
PostQuitMessage
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageA
SetWindowPos
MoveWindow
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
GetParent
GetWindowRect
GetFocus
SetFocus
GetClassNameA
IsWindow
UnregisterClassA

atl

ord42

comctl32

InitCommonControlsEx
ord17

shell32

DragAcceptFiles
DragQueryFileA
DragFinish
Shell_NotifyIconA

gdi32

StretchBlt
CreateRoundRectRgn
CombineRgn
ExtCreateRegion
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
CreateSolidBrush
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
CreateBitmap
CreatePatternBrush
BitBlt
SelectObject
DeleteDC
CreateDIBSection
SetBkColor
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject
SetBkMode
SetTextColor

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shlwapi

PathFileExistsA

wininet

InternetTimeFromSystemTime
InternetTimeToSystemTime

Sections

.text
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6bcea68e317a3b525f4c77f8d1fae684

Headers

File Characteristics

Imports

kernel32

user32

atl

comctl32

shell32

gdi32

winspool.drv

advapi32

shlwapi

wininet

Sections

.text Size: 172KB - Virtual size: 169KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 24KB - Virtual size: 83KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 172KB - Virtual size: 169KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 24KB - Virtual size: 83KB

.rsrc
Size: 4KB - Virtual size: 3KB