blackmoon | 0d4ef91a9cb07e7e4d20b144394eedb0_JaffaCakes118

General

Target

0d4ef91a9cb07e7e4d20b144394eedb0_JaffaCakes118
Size

444KB
MD5

0d4ef91a9cb07e7e4d20b144394eedb0
SHA1

03b6f2c7866186566a24c0d9efb3bf89de4ead10
SHA256

f2e07b43648d3041174f0b55a51992ee80dfdba00fa81a24ff3ca6dcb01ed7e7
SHA512

6284a03e19aae866e6df5f4a49d637784d1a04e7c6614fe2f513de495c69b2d44eb443be62602873929a67cf9c20e5c6bcfa982113f341b6a3419a3570968ae4
SSDEEP

6144:djsC6Io/Nik3793xYn0w1FS2jWyLrHD6tc9guOCfMv:tbaViA79hY0MFpj/j6tc9XMv

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d4ef91a9cb07e7e4d20b144394eedb0_JaffaCakes118

Files

0d4ef91a9cb07e7e4d20b144394eedb0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9c5c8c0885065b0cd642030c956cd0c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetCommandLineA
GetModuleFileNameA
ExitProcess
CloseHandle
FlushFileBuffers
RaiseException
GetModuleHandleA
GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
GetVersion
RtlUnwind
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
SetStdHandle

user32

GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
PeekMessageA

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 376KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c5c8c0885065b0cd642030c956cd0c6

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 376KB - Virtual size: 380KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 376KB - Virtual size: 380KB

.reloc
Size: 8KB - Virtual size: 7KB