blackmoon | 7654dca11ee0642f73b6d68090909503_JaffaCakes118 | Triage

Sharing

General

Target

7654dca11ee0642f73b6d68090909503_JaffaCakes118
Size

2.1MB
MD5

7654dca11ee0642f73b6d68090909503
SHA1

e9e2ca01844b6b275bcc0ddee1fe0f879cfb6686
SHA256

a84d7f83a5b5199669aa33a2a222dddfbf43b3186f7496879c763761b7a8ab90
SHA512

4a1f2caa943e977cbdd17294a325e6819382afb40e0b981c5c4647c6983857ea4fd60e7295c78ab58c30a34f28e824592ea500f2785030be7a5249dee9da518d
SSDEEP

49152:0aO/m89BoER672+mD0byyKiNGs8CYVuJpOoMQFv+oBYay/tl:fe/UEUyDobymGNhgKoBI

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7654dca11ee0642f73b6d68090909503_JaffaCakes118

Files

7654dca11ee0642f73b6d68090909503_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c43694d9b9acd715f1602bd9be00846c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
WritePrivateProfileStringA
CloseHandle
WriteFile
CreateFileA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetTickCount
GetProcessHeap
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
FindFirstFileA
Sleep
GetCommandLineA
GetSystemDirectoryA
GetTempPathA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetWindowsDirectoryA
MoveFileA
SetFileAttributesA
CreateDirectoryA

user32

TranslateMessage
DispatchMessageA
wsprintfA
PeekMessageA
GetMessageA
MessageBoxA

msvcrt

modf
memmove
malloc
free
_ftol
strrchr
??2@YAPAXI@Z
rand
srand
??3@YAXPAX@Z
strncmp
_strnicmp
sprintf

shlwapi

PathFileExistsA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 408KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE