blackmoon | ea855e1edb6e3c4c38619bf208e718c8[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ea855e1edb6e3c4c38619bf208e718c8.exe
Size

589KB
MD5

ea855e1edb6e3c4c38619bf208e718c8
SHA1

87138527e7e656d2a5b09c0d848e3a5382cddb7d
SHA256

c4ead6f02131e3fdefcb24032b2266b2d7d5c14f8fe302ec289efbc47e5db0bd
SHA512

9d34a2f55c52590bc17a6518496281dace239354be378a8f5cb260478254756b91786ba9b79f010b3d05c114d1c12b98a34333d4f3de9806ea6e7a5561b1a4fe
SSDEEP

12288:0WA7gLGoCzuR0HyV1CzoUch5QV957Seg+hrDI/LUwNyz9GRWfM6WMofPUgw8Xg:0WA7gLGoCzuR0HyV1CzoUch5q95+eg+J

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea855e1edb6e3c4c38619bf208e718c8.exe

Files

ea855e1edb6e3c4c38619bf208e718c8.exe
.exe windows:4 windows x86 arch:x86

6159dbba8966af98fd88c084ce0415dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

kernel32

GlobalUnlock
VirtualQueryEx
lstrcpynA
CreateThread
QueryPerformanceCounter
GetModuleHandleA
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
CreateFileA
ResetEvent
WriteFile
CancelIo
ReadFile
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
DeleteFileA
Sleep
GetUserDefaultLCID
GetTickCount
GetPrivateProfileStringA
GetFileSize
LCMapStringA
SetFileAttributesA
CreateProcessA
GetStartupInfoA
GetCommandLineA
FreeLibrary
RtlMoveMemory
SetFileTime
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
UnmapViewOfFile
GlobalLock
SetFilePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetWindowsDirectoryA
GetSystemDirectoryA
GlobalAlloc
lstrcpyn
WideCharToMultiByte
lstrlenW
GetCurrentDirectoryW
WaitForSingleObject
GetTempPathA
OpenEventA
CreateEventA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetCurrentProcessId
GetCurrentProcess
OpenProcess
TerminateProcess
LocalAlloc
LocalFree
MultiByteToWideChar

user32

UnhookWindowsHookEx
OpenClipboard
EmptyClipboard
GetDC
SetClipboardData
CloseClipboard
ReleaseDC
GetMessageA
GetForegroundWindow
GetCursorInfo
GetCursorPos
PeekMessageA
GetSystemMetrics
wsprintfA
MessageBoxA
DispatchMessageA
TranslateMessage
GetIconInfo
SetTimer
MessageBoxTimeoutA
CallNextHookEx
SetWindowsHookExA
SendInput
DrawIcon

advapi32

AllocateAndInitializeSid
GetTokenInformation
EqualSid
FreeSid
OpenProcessToken

shell32

SHGetSpecialFolderPathA
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleRun
CoInitialize

oleaut32

RegisterTypeLi
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SystemTimeToVariantTime
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
LHashValOfNameSys
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim

gdi32

BitBlt
CreateCompatibleBitmap
GetDIBits
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDIBColorTable
StretchBlt
GetBitmapBits
DeleteDC
GetDeviceCaps

winhttp

WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl
WinHttpCheckPlatform
WinHttpSetOption

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

msvcrt

__CxxFrameHandler
strncmp
memmove
realloc
strrchr
atof
modf
_CIpow
floor
strtod
rand
srand
_CIfmod
_stricmp
_except_handler3
calloc
_mbsstr
div
atol
_i64toa
_ftol
atoi
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
malloc
free
sprintf

shlwapi

PathFileExistsA

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6159dbba8966af98fd88c084ce0415dc

Headers

File Characteristics

Imports

winmm

kernel32

user32

advapi32

shell32

ole32

oleaut32

gdi32

winhttp

setupapi

msvcrt

shlwapi

Sections

.text Size: 342KB - Virtual size: 342KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 232KB - Virtual size: 316KB

.text
Size: 342KB - Virtual size: 342KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 232KB - Virtual size: 316KB