blackmoon | 31bb5eef42ee81bb40c3482b3816a68b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31bb5eef42ee81bb40c3482b3816a68b_JaffaCakes118
Size

3.8MB
MD5

31bb5eef42ee81bb40c3482b3816a68b
SHA1

4a5c712780d231ab00e42eb229b9db49f903d7e1
SHA256

872cd44b020516a188d72c0a0550c273935439d0b27fb7b238b8dbb7a3623eaa
SHA512

24d87d78ad511f1000c9c57ca18fb93c7fa5ff6b12a0e98b9b75dabcf9ff7adc25ca3c00c21225bee7d0931e3c85acba7f782c0f15a85447c9f138b88190347c
SSDEEP

98304:NTwl3dweAXe4RjQzH0hugSMDwqza9HAKP7CDvhhVfkmb:NTwl3dw1e45QzH0kw0qgP7ClhVcm

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/蜗游加速器/vpnice.dll	family_blackmoon

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/蜗游加速器/vpnice.dll
unpack001/蜗游加速器/zjvpn.exe
unpack001/蜗游加速器/蜗游加速器.exe

Files

31bb5eef42ee81bb40c3482b3816a68b_JaffaCakes118
.rar
蜗游加速器/Audiovideo/Movies/hysy.wav
蜗游加速器/Audiovideo/Movies/syjbdlqddsm.wav
蜗游加速器/Audiovideo/Movies/代理连接失败.wav
蜗游加速器/Audiovideo/Movies/代理连接成功.wav
蜗游加速器/Audiovideo/Movies/代理连接断开.wav
蜗游加速器/Audiovideo/Movies/使用全局代理.wav
蜗游加速器/Audiovideo/Movies/启动连接.wav
蜗游加速器/Audiovideo/Movies/连接被断开.wav
蜗游加速器/Audiovideo/Tencent/csol.png
.png
蜗游加速器/Audiovideo/Tencent/ppkdc.png
.png
蜗游加速器/vpnice.dll
.dll windows:4 windows x86 arch:x86

248d5752b6a4777f02a021efbea0833a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
VirtualFree
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
PostQueuedCompletionStatus
GetTickCount
TerminateThread
GetExitCodeThread
WaitForSingleObject
VirtualAlloc
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
GetTempPathA
DeleteFileA
CopyFileA
MoveFileA
GetLocalTime
GetCommandLineA
LCMapStringA
FlushFileBuffers
RtlMoveMemory
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
IsBadWritePtr
RaiseException
LCMapStringW
GetQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
SetThreadAffinityMask
CreateThread
CloseHandle
SetWaitableTimer
WriteFile
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
CreateWaitableTimerA
SetStdHandle
GetModuleFileNameA
RtlUnwind
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersion

wininet

HttpQueryInfoA
HttpSendRequestA
InternetReadFile
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle
HttpAddRequestHeadersA

user32

PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
CallWindowProcA

ws2_32

WSASocketA
WSARecv
htons
connect
closesocket
inet_addr
WSASend
WSAStartup

advapi32

CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptAcquireContextA
CryptHashData
CryptReleaseContext

ole32

CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize

oleaut32

VariantClear
SysAllocString
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
SafeArrayDestroy

shlwapi

PathFileExistsA

Exports

Exports

GetDLLEdition
GetdllName
start

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
蜗游加速器/zjvpn.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512B - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
蜗游加速器/使用说明必看.jpg
.jpg
蜗游加速器/欢迎申请合作.txt
蜗游加速器/蜗游加速器.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512B - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 1.7MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
蜗游加速器/蜗游官方网站.url
蜗游加速器/蜗游官方论坛.url
蜗游加速器/蜗游故障说明书.txt

Sharing

General

Malware Config

Signatures

Files

248d5752b6a4777f02a021efbea0833a

Headers

File Characteristics

Imports

kernel32

wininet

user32

ws2_32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 20KB - Virtual size: 82KB

.rsrc Size: 4KB - Virtual size: 820B

.reloc Size: 8KB - Virtual size: 7KB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 2.4MB

.text Size: 1.4MB - Virtual size: 1.4MB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 3.8MB

.text Size: 1.7MB - Virtual size: 1.8MB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 82KB

.rsrc
Size: 4KB - Virtual size: 820B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 512B - Virtual size: 2.4MB

.text
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 512B - Virtual size: 3.8MB

.text
Size: 1.7MB - Virtual size: 1.8MB