blackmoon | 3fcf5c88555cbc16d2585e0eed762304_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3fcf5c88555cbc16d2585e0eed762304_JaffaCakes118
Size

320KB
MD5

3fcf5c88555cbc16d2585e0eed762304
SHA1

52d9a8a6f4582ea460db7e72241f778886af8cb7
SHA256

dc72bf232dbe6dc3ccbd3e1b4ac9a0c6db2a9eb7f458e2a0b603f8f93b8ef08d
SHA512

3161c2129ad8ab0e6f940058e6be89bbd595109a58e9b28f731bbd22d3a8e2c757d7d9a18341a00091c579fbee566d0b1f4b89245f7debb69f026efaaecc4582
SSDEEP

6144:2TiVSIllyI/bi13ow+gidXrTcoj64LZYrTcoj64L/S:2TiVPrJ/Vw+giBgoj63goj6/

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fcf5c88555cbc16d2585e0eed762304_JaffaCakes118

Files

3fcf5c88555cbc16d2585e0eed762304_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8496a2b6c2c34c25fa1b98e929fd1485

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalSize
LocalFree
LocalAlloc
GetSystemInfo
lstrlenW
lstrcmpW
lstrcmpiW
RtlZeroMemory
VirtualAlloc
VirtualFree
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
CopyFileA
ReadFile
GetFileSize
CreateFileA
WriteFile
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetCommandLineA
LCMapStringA
MulDiv
GetCurrentThreadId
lstrcpynW
RtlMoveMemory
GetModuleHandleW
TerminateProcess
OpenProcess
Process32Next
CloseHandle
lstrlenA
Process32First
FlushFileBuffers
SetStdHandle
LCMapStringW
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
SetFilePointer
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RaiseException
GetProcAddress
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
RtlUnwind
GetVersion
WideCharToMultiByte
GetCurrentProcess
GetLastError
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
CreateToolhelp32Snapshot
MultiByteToWideChar

user32

PeekMessageA
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuState
GetMenuItemRect
GetMessageA
GetMenuStringW
TrackPopupMenu
SetForegroundWindow
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuW
GetMenuItemCount
DispatchMessageA
wsprintfA
MessageBoxA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoW
GetMenuItemInfoW
CheckMenuItem
AppendMenuW
DestroyMenu
LoadMenuW
CreatePopupMenu
CreateMenu
CharLowerW
CharUpperW
RegisterClassExW
LoadCursorW
LoadIconW
RegisterWindowMessageW
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
DestroyIcon
EndPaint
FillRect
BeginPaint
DestroyWindow
SetClassLongW
ReleaseDC
GetDC
RemovePropW
GetPropW
SetPropW
MessageBoxW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageW
SetWindowPos
MoveWindow
ScreenToClient
GetParent
UpdateWindow
ValidateRect
InvalidateRect
GetWindowRect
GetClientRect
GetFocus
SetFocus
GetClassNameW
GetDlgItem
GetWindowLongW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
SendMessageW
CreateWindowExW
UnhookWindowsHookEx
SetWindowLongW
SetCursor
DefMDIChildProcW
DefWindowProcW
GetAsyncKeyState
CallWindowProcW
IsWindow
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsDialogMessageW
GetMessageW
CheckMenuRadioItem

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconW
DragAcceptFiles
DragFinish
DragQueryFileW
StrStrW
StrCmpNIA
StrStrIW
StrRStrW
StrRStrIW

gdi32

DeleteObject
CreatePatternBrush
CreateSolidBrush
GetObjectW
CreateFontW
GetDeviceCaps
GetStockObject

shlwapi

StrTrimW

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8496a2b6c2c34c25fa1b98e929fd1485

Headers

File Characteristics

Imports

kernel32

user32

shell32

gdi32

shlwapi

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 94KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 94KB