blackmoon | 68fc269c7dd6479b28b5cd8a34c456f7d8d7ec7fd0f66bb3f85167977b862c8b

Sharing

Copy URL Twitter E-mail

General

Target

68fc269c7dd6479b28b5cd8a34c456f7d8d7ec7fd0f66bb3f85167977b862c8b
Size

2.1MB
MD5

56dd62b0bebd56c51f6ba970de12a721
SHA1

fb5f567535785c910e030bd6db22f752f02d0455
SHA256

68fc269c7dd6479b28b5cd8a34c456f7d8d7ec7fd0f66bb3f85167977b862c8b
SHA512

9ffc09e6fafa10c878b0a9cea8e55e0cefe1fa5ad334dd8eb874d3d1b0ba584a7f7edc60de3e59beabc4ab2515894ece42d5e61ce292b1a13c76edad9ef2fcdd
SSDEEP

24576:+3/Sj8O7HeNoB2YTXjW4CEKal5hW9FO5hFwsn1tb39JWtIobX89uOaDimT1F58Vd:+y7+yBnCEKEQIvufRoGpjwV9jZ3L

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68fc269c7dd6479b28b5cd8a34c456f7d8d7ec7fd0f66bb3f85167977b862c8b

Files

68fc269c7dd6479b28b5cd8a34c456f7d8d7ec7fd0f66bb3f85167977b862c8b
.dll windows:4 windows x86 arch:x86

3704daa2d258905e9df3a5e3b0836572

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
FreeLibrary
LCMapStringA
GetModuleFileNameA
GetCommandLineA
GetLocalTime
Sleep
GetTickCount
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
Process32Next
RtlMoveMemory
Beep
WideCharToMultiByte
LoadLibraryA
lstrcpyA
lstrcatA
MulDiv
TerminateThread
MultiByteToWideChar
DeleteCriticalSection
CreateThread
CloseHandle

user32

RegisterHotKey
ReleaseCapture
ScreenToClient
SendMessageA
SetCapture
SetWindowLongA
UnregisterHotKey
CallWindowProcA
FindWindowA
GetWindowThreadProcessId
GetForegroundWindow
LoadBitmapA
GetSysColor
GetDC
GetCursorPos
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetAsyncKeyState
CreateWindowExA

gdi32

DeleteObject
GetDeviceCaps
CreateFontA
TranslateCharsetInfo

msvcrt

malloc
free
memmove
__CxxFrameHandler
strchr
strrchr
_CIpow
floor
_CIfmod
srand
rand
sprintf
modf
??2@YAPAXI@Z
strncmp
??3@YAXPAX@Z
strncpy
atoi
_ftol

shell32

DragQueryFileA
DragFinish
DragAcceptFiles

comctl32

ImageList_Create
ord17
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_Add
ImageList_BeginDrag
ImageList_Destroy
ImageList_DragEnter

Exports

Exports

Main
pubile1
pubile10
pubile2
pubile3
pubile4
pubile5
pubile6
pubile7
pubile8
pubile9
�ֽڼ�ת�ı�

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3704daa2d258905e9df3a5e3b0836572

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

shell32

comctl32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 132KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 4KB - Virtual size: 664B

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 136KB - Virtual size: 132KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 4KB - Virtual size: 664B

.reloc
Size: 12KB - Virtual size: 10KB