blackmoon | b6dc635d4f27db6cd36d8bb22e977f99_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b6dc635d4f27db6cd36d8bb22e977f99_JaffaCakes118
Size

316KB
MD5

b6dc635d4f27db6cd36d8bb22e977f99
SHA1

b98f67172265dfec7f800fc65ab65f9edeac7bac
SHA256

24685d73733e89cb238bfc57af5dbc16df1fe693d81911f12a3ad016727f6bf4
SHA512

c25be7653940f059e6f958581fe93d221bfc27f9c754e1ad230c5430ebfd29c53e18ceccdfe0c1d3a41bd48eeadd6b18fa1d735a7fd025720fcf8080ef342648
SSDEEP

6144:kYcxaVvgwX+pJxEq4x+UCUmIJm122Tw7BnHUrgTBGv+BzUM:kYtVvgwX+pJxtrUCUmIQ12287BHigTsm

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6dc635d4f27db6cd36d8bb22e977f99_JaffaCakes118

Files

b6dc635d4f27db6cd36d8bb22e977f99_JaffaCakes118
.dll windows:4 windows x86 arch:x86

82b1bbe12d7c5a66eb611e1fdb6128c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
ReadFile
GetFileSize
SetFilePointer
GetTickCount
GetLocalTime
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
GetUserDefaultLCID
LocalSize
WriteFile
CreateRemoteThread
TerminateProcess
RtlMoveMemory
GetPrivateProfileStringA
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
FreeLibrary
LoadLibraryExA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
FlushFileBuffers
VirtualFree
GetProcAddress
LoadLibraryA
GetModuleHandleA
VirtualAlloc
WideCharToMultiByte
MultiByteToWideChar
ReadProcessMemory
VirtualQueryEx
LCMapStringA
OpenProcess
CloseHandle
SetWaitableTimer
CreateWaitableTimerA
lstrcpynA
GetCurrentProcessId
GetCommandLineA
SetStdHandle
LCMapStringW
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetACP
GetCPInfo
RaiseException
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
CreateThread
TlsSetValue
GetCurrentThreadId
RtlUnwind
GetVersion
GetCurrentProcess
GetLastError
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
lstrcpyA
lstrcatA
MulDiv

user32

TranslateMessage
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
RegisterWindowMessageA
SetWindowLongA
GetAncestor
EnumWindows
PostMessageA
MsgWaitForMultipleObjects
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
EmptyClipboard
GetClassNameA
OpenClipboard
GetClipboardData
CloseClipboard
GetDC
GetDesktopWindow
GetWindowRect
ReleaseDC
PeekMessageA
CallWindowProcA
CreateWindowExA
GetCursorPos
GetSysColor
SetClipboardData
RegisterHotKey
ReleaseCapture
ScreenToClient
SendMessageA
SetCapture
UnregisterHotKey
ShowWindow
LoadBitmapA

gdi32

DeleteObject
DeleteDC
GetDIBits
GetObjectA
StretchBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
TranslateCharsetInfo
CreateFontA
GetDeviceCaps

advapi32

CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize

shlwapi

PathFileExistsA
StrToInt64ExA

winhttp

WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpSetCredentials
WinHttpSetTimeouts
WinHttpCloseHandle

wininet

InternetTimeToSystemTime

oleaut32

SafeArrayAllocDescriptor
VariantInit
VariantChangeType
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime
LHashValOfNameSys

shell32

DragQueryFileA
DragAcceptFiles
DragFinish
SHGetSpecialFolderPathA

comctl32

ImageList_Add
ord17
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag

Exports

Exports

B_Dll_GetMD5
Func1
Func2
Func3
G_Func1

Sections

.text
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82b1bbe12d7c5a66eb611e1fdb6128c2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

shlwapi

winhttp

wininet

oleaut32

shell32

comctl32

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 204KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 84KB - Virtual size: 164KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 208KB - Virtual size: 204KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 84KB - Virtual size: 164KB

.reloc
Size: 12KB - Virtual size: 10KB