blackmoon | 7cd8f14fad02e77a1e1edb5bfed921f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7cd8f14fad02e77a1e1edb5bfed921f3_JaffaCakes118
Size

3.8MB
MD5

7cd8f14fad02e77a1e1edb5bfed921f3
SHA1

915ce63997defe9eefaa3eef3180ba7aeabdad03
SHA256

26ec039609722586c596b3c38bc9ce2761b4b29487f5252f5fad263f1f4185ab
SHA512

d92722faed93dd896fda8eb64dec46d210923b69aeed0035975cc9c94bc935d977821cb4f546832a547c6805481bf1c886ca384146b64568d688160532bf76c3
SSDEEP

49152:Yu5MsxPMNwc1rF8Wtz+0l1m2KySjW1c8+QYmuQ1Dqs:taQWwgmUiW1hxYmZDq

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7cd8f14fad02e77a1e1edb5bfed921f3_JaffaCakes118

Files

7cd8f14fad02e77a1e1edb5bfed921f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b7c04a32e771f3e4d2eb5cb040ebdc59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
PathFindExtensionA
PathFindFileNameA

ws2_32

gethostname
WSACleanup
WSAStartup

kernel32

GetProcessHeap
HeapAlloc
HeapFree
lstrcatA
ExitProcess
HeapReAlloc
IsBadReadPtr
GetModuleFileNameA
WaitForSingleObject
GetStartupInfoA
DeleteFileA
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
WritePrivateProfileStringA
WriteFile
CreateFileA
CreateDirectoryA
SetFileAttributesA
CopyFileA
MultiByteToWideChar
GetUserDefaultLCID
GetTickCount
GlobalFree
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
lstrlenA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
OpenProcess
GetModuleHandleA
GetProcAddress
lstrcpyn
WideCharToMultiByte
Sleep
VirtualQueryEx
TerminateProcess
GetCurrentProcessId
CreateWaitableTimerA
SetWaitableTimer
SetThreadExecutionState
GetVersionExA
GetSystemInfo
IsWow64Process
GlobalAlloc
ReadFile
GetExitCodeProcess
PeekNamedPipe
CreateProcessA
CreatePipe
ReadProcessMemory
GetCurrentProcess
RtlMoveMemory
GetWindowsDirectoryA
GetTempPathA
GetSystemDirectoryA

user32

GetWindowTextA
GetWindowTextLengthA
GetSystemMetrics
MsgWaitForMultipleObjects
MoveWindow
GetWindowRect
GetParent
MapWindowPoints
EnableWindow
IsWindowEnabled
CreateWindowExA
CallWindowProcA
SetFocus
GetInputState
PeekMessageA
SetWindowPos
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA

advapi32

CloseServiceHandle
LookupPrivilegeValueA
EnumDependentServicesA
EnumServicesStatusExA
EnumServicesStatusA
ChangeServiceConfigA
ControlService
DeleteService
GetServiceKeyNameA
GetServiceDisplayNameA
ChangeServiceConfig2A
QueryServiceConfig2A
QueryServiceConfigA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegFlushKey
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyA
StartServiceA
CreateServiceA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetSpecialFolderPathA

comctl32

ord17

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize

psapi

GetModuleFileNameExA
EnumProcessModules

msvcrt

_stricmp
sprintf
atoi
_ftol
??3@YAXPAX@Z
strrchr
??2@YAPAXI@Z
free
malloc
strchr
realloc
modf
memmove
strncmp
__CxxFrameHandler

oleaut32

VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
SafeArrayDestroy

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7c04a32e771f3e4d2eb5cb040ebdc59

Headers

File Characteristics

Imports

shlwapi

ws2_32

kernel32

user32

advapi32

shell32

comctl32

ole32

psapi

msvcrt

oleaut32

Sections

.text Size: 124KB - Virtual size: 124KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 4.3MB - Virtual size: 4.3MB

.rsrc Size: 43KB - Virtual size: 43KB

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4.3MB - Virtual size: 4.3MB

.rsrc
Size: 43KB - Virtual size: 43KB