blackmoon | d3c4b374cc2d93af738a6a607ac253953e0da43519540553039bdb6ef92ce03e

Sharing

Copy URL Twitter E-mail

General

Target

d3c4b374cc2d93af738a6a607ac253953e0da43519540553039bdb6ef92ce03e
Size

1.1MB
MD5

aa566acaa8b6baaa830aff78d45501a1
SHA1

010cc4a0056c88787a48fc51b1d43fea5b0a1554
SHA256

d3c4b374cc2d93af738a6a607ac253953e0da43519540553039bdb6ef92ce03e
SHA512

026d9d89aba4197c617f9a429d749d239f7da1c186bbd3000e9e5fedc0de33e3598867d4bee8b2d1b59a696d50dff89fc0382783127cc7b8a5864728079d0a9c
SSDEEP

24576:YOY2SrHZ2lm/kJWllT2N9/cMxgb6AN3/UdJYZdUasg:YOYN/kJ0+/Eb6uvUgZ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3c4b374cc2d93af738a6a607ac253953e0da43519540553039bdb6ef92ce03e

Files

d3c4b374cc2d93af738a6a607ac253953e0da43519540553039bdb6ef92ce03e
.exe windows:4 windows x86 arch:x86

7f7a540fc87871ac3d69b4fcc6cdb0e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getsockname
gethostname
sendto
recvfrom
htonl
connect
ntohs
getpeername
send
recv
select
__WSAFDIsSet
accept
socket
htons
closesocket
listen
WSAStartup
inet_ntoa
WSACleanup
gethostbyname
bind
inet_addr

kernel32

IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetCurrentProcessId
CreateWaitableTimerA
SetWaitableTimer
CloseHandle
GlobalAlloc
RtlMoveMemory
GlobalFree
CreateProcessA
ResumeThread
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
OpenProcess
IsWow64Process
CreateThread
GetModuleHandleA
GetProcAddress
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
WaitForSingleObject
GetExitCodeThread
CreateRemoteThread
MultiByteToWideChar
ReadProcessMemory
lstrcpynA
LoadLibraryA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
SetStdHandle
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetLocalTime
DeleteFileA
GetFileSize
CreateFileA
GetStartupInfoA
GetTickCount
ReadFile
CreateDirectoryA
WriteFile
GetModuleFileNameA
SetFileAttributesA
GetCommandLineA
FreeLibrary
LCMapStringA
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetLastError
TlsGetValue
SetLastError
FlushFileBuffers
TlsAlloc
TlsSetValue
GetProcessHeap
GetStringTypeA
GetCurrentThreadId
GetOEMCP
GetACP
GetCPInfo
HeapSize
IsBadWritePtr
VirtualAlloc
RaiseException
LCMapStringW
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
SystemTimeToFileTime
GetFileAttributesA
GetCurrentDirectoryA
LocalFileTimeToFileTime
SetFileTime
GetVersion
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapCreate

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
MsgWaitForMultipleObjects

iphlpapi

SendARP
GetAdaptersInfo

urlmon

URLDownloadToFileA

shlwapi

PathFindFileNameA

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 904KB - Virtual size: 959KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7f7a540fc87871ac3d69b4fcc6cdb0e5

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

iphlpapi

urlmon

shlwapi

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 904KB - Virtual size: 959KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 904KB - Virtual size: 959KB