blackmoon | a04f47dbdfa18399fe3017963b0108de781855ea1fbf966c067cf4972fbab493

Sharing

Copy URL Twitter E-mail

General

Target

a04f47dbdfa18399fe3017963b0108de781855ea1fbf966c067cf4972fbab493
Size

900KB
MD5

b8d31af7c83c18a247456eb2505d10bc
SHA1

ee60cd203b7e7f0c804cfdee235488e2dbe386d7
SHA256

a04f47dbdfa18399fe3017963b0108de781855ea1fbf966c067cf4972fbab493
SHA512

181aa3ec0bf10dfb208b97f68c274f2aba340cfee77bab0f0dd9a5d4627a64e8e79118424271fdcde6a5daef0d868d00bbdb5a4f0fe9db5e6008a494bd5e5058
SSDEEP

24576:kkDcMmMXMa3RygcbUnqtUR8gcACjkv37S66hNL3zjY/:1DcMvJ3ujXtDja

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a04f47dbdfa18399fe3017963b0108de781855ea1fbf966c067cf4972fbab493

Files

a04f47dbdfa18399fe3017963b0108de781855ea1fbf966c067cf4972fbab493
.dll windows:4 windows x86 arch:x86

3c5cc2cc020bd29f9e70a110b3818306

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempFileNameA
GetSystemDirectoryA
MultiByteToWideChar
ReleaseMutex
CreateMutexA
lstrcpynA
CreateThread
GetCurrentProcessId
OutputDebugStringA
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
GetCurrentThreadId
CreateRemoteThread
ReadProcessMemory
OpenProcess
WriteProcessMemory
VirtualFreeEx
ResumeThread
WaitForSingleObject
CloseHandle
RtlMoveMemory
Beep
GetVersionExA
GetTempPathA
GetLogicalDriveStringsA
QueryDosDeviceA
GetProcessHeap
WideCharToMultiByte
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
WriteFile
CreateFileA
GetTickCount
ReadFile
GetFileSize
DeleteFileA
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GetDiskFreeSpaceA
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
LCMapStringA
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualAllocEx
GetProcAddress
CopyFileA
LoadLibraryA
VirtualFree
GetModuleHandleA
VirtualAlloc

user32

OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
SendMessageA
SetWindowLongA
CallWindowProcA
RegisterWindowMessageA
IsWindow
MapVirtualKeyA
PostMessageA
SetCursorPos
GetParent
GetWindowInfo
ScreenToClient
GetWindowThreadProcessId
SetForegroundWindow
SwitchToThisWindow
MessageBoxTimeoutA
MessageBoxA
PostThreadMessageA
CallNextHookEx
SetWindowTextA
GetWindowTextLengthA
MsgWaitForMultipleObjects
GetWindowTextA
GetCursorPos

shlwapi

PathFileExistsA
StrToIntExA
PathFindFileNameA

msvcrt

_except_handler3
_stricmp
__CxxFrameHandler
strncmp
memmove
realloc
strchr
_CIpow
strtod
rand
malloc
modf
floor
_ftol
sprintf
srand
atoi
_CIfmod
??3@YAXPAX@Z
strrchr
??2@YAPAXI@Z
free

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

Exports

Exports

��DLL�ӿ�

Sections

.text
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c5cc2cc020bd29f9e70a110b3818306

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

msvcrt

advapi32

Exports

Exports

Sections

.text Size: 608KB - Virtual size: 607KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 252KB - Virtual size: 313KB

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 608KB - Virtual size: 607KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 252KB - Virtual size: 313KB

.reloc
Size: 28KB - Virtual size: 25KB