blackmoon | 4a06fe85d5fbe851b43b11e7fe6d254f_JaffaCakes118

General

Target

4a06fe85d5fbe851b43b11e7fe6d254f_JaffaCakes118
Size

5.5MB
MD5

4a06fe85d5fbe851b43b11e7fe6d254f
SHA1

8cc99c90c6d0b4a09e08d87c07d894a1b587a818
SHA256

9f7d96294bb61c5853f96b8d292c4e3b5c00dbe45b4a129ab85d12358e2bf731
SHA512

748c7174028098a850d3de5ff866e91496ae33c09456199c1313dd3cc48095244e44e9aa47ed0147806abfe077b5df702446936bf6ad44a759604a8e8e3e5ac7
SSDEEP

98304:+BzVpxa2K6HeHLU3RcMaG+bT9s9NCYXYYhhizQ2giGaTbDvUCoXyjrjQnECNuI:8hpw6HeIRcJ9bT+9hXlhizQravDvksQ5

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a06fe85d5fbe851b43b11e7fe6d254f_JaffaCakes118

Files

4a06fe85d5fbe851b43b11e7fe6d254f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

badaa2130e048cdf5baa7d7c87c21b5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
CreateThread
CreatePipe
CreateProcessA
PeekNamedPipe
ReadFile
GetExitCodeProcess
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
CloseHandle
GetFileSize
CreateFileA
GetModuleFileNameA
GetModuleHandleA
GetTickCount
SetFileAttributesA
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
FindFirstFileA
GetVersionExA
WriteFile
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
MoveFileA
GetWindowsDirectoryA
GetSystemDirectoryA
CreateEventA
OpenEventA
ExitProcess
CreateDirectoryA
Sleep
GetTempPathA

user32

GetMessageA
GetClassNameA
GetWindowTextA
IsWindowVisible
GetDesktopWindow
TranslateMessage
MessageBoxA
wsprintfA
PeekMessageA
DispatchMessageA
EnumChildWindows

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

msvcrt

_strnicmp
sprintf
strncpy
strncmp
??3@YAXPAX@Z
floor
_CIfmod
tolower
atoi
_ftol
srand
rand
??2@YAPAXI@Z
strrchr
strchr
modf
memmove
free
malloc
__CxxFrameHandler

shlwapi

PathFileExistsA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.5MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

badaa2130e048cdf5baa7d7c87c21b5b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

shlwapi

shell32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 5.5MB - Virtual size: 5.6MB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 5.5MB - Virtual size: 5.6MB