blackmoon | 1[.]1[.]exe

General

Target

1.1.exe
Size

1.3MB
MD5

325d076e1f35e14ab5a75c2f22b1b1b1
SHA1

6431f5490015810155896a7a47ba070df6f91605
SHA256

15aebd2bfdaeac5b84069faeaa259bcd6c29bc8980a9e1cf94b30c2342355ebf
SHA512

da7cbf09e9c49f573990cbea71c6f44932c0e906229ca379f03d023ebcc95211ea756a2f7e1c0e3c3544efd5ce672d5600555aac9b3ff1cdc982481ea641da38
SSDEEP

24576:VXNyic7rQdO6Id0EduQ7IxJ2yAcdw4rrhdY/pPTU1PrDTJJS:Vzc/QdthEd57H9owSrhdSK9XJJ

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1.1.exe

Files

1.1.exe
.exe windows:4 windows x86 arch:x86

0fcfdcd7b9f93bba9ede86ef3cfeee6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
CreateFileA
WriteFile
CloseHandle
SetFileAttributesA
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
GetVersion
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
GetProcAddress
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadCodePtr
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers

user32

GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
TranslateMessage
PeekMessageA

advapi32

RegFlushKey
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegCloseKey
RegEnumKeyA

oleaut32

VariantTimeToSystemTime

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

0fcfdcd7b9f93bba9ede86ef3cfeee6b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 1.2MB - Virtual size: 1.3MB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 1.2MB - Virtual size: 1.3MB