blackmoon | 4276507361dc91eb68c00d6b0675e7f0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4276507361dc91eb68c00d6b0675e7f0_JaffaCakes118
Size

420KB
MD5

4276507361dc91eb68c00d6b0675e7f0
SHA1

e85c569454c929c53166e9054051d9c2440112ae
SHA256

0f4659cc34410e79960a1b3e47b678ace9d239f9e3a4c102cb810077a5ef6cff
SHA512

4de31a4bdcd32a8c27c9a2fa40a4e5bcc0d18b6ab63fd3ddf8eae45259125340cf40b03de72bab9a51225d04df5e786a679397796b94150b60283199e4941738
SSDEEP

6144:wk01TIlSgJiKblurQaPfK2q0HfAI+vYq6rmueJnvryZGPflPFEwJ7rD4mj:wk01TIMgJhUfR+vYfKueJnDQGPdPFFD

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4276507361dc91eb68c00d6b0675e7f0_JaffaCakes118

Files

4276507361dc91eb68c00d6b0675e7f0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1a84b3461e87b052dca759b1466d7a86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetModuleHandleA
GetCurrentThread
Beep
GetCurrentProcess
CreateProcessA
CreateWaitableTimerA
SetWaitableTimer
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
CreateFileMappingA
VirtualFreeEx
UnmapViewOfFile
ReadProcessMemory
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
DeleteFileA
GetCurrentDirectoryA
WriteFile
GetTickCount
GetModuleFileNameA
LCMapStringA
Sleep
GetVersionExA
GetCommandLineA
MapViewOfFile
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetStringTypeW
GetStringTypeA
RaiseException
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
OpenFileMappingA
Process32Next
Process32First
GetProcAddress
LoadLibraryA
FreeLibrary
TerminateProcess
OpenProcess
QueryDosDeviceA
WideCharToMultiByte
GetFileType
GetCurrentProcessId
RtlMoveMemory
DeviceIoControl
lstrcpyn
CreateFileA
CloseHandle
Module32Next
InitializeCriticalSection
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
Module32First
CreateToolhelp32Snapshot
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetLastError
MultiByteToWideChar
VirtualAlloc
VirtualFree
GetVersion
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW

user32

GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
wvsprintfA
MsgWaitForMultipleObjects
GetGUIThreadInfo
LoadKeyboardLayoutA
GetKeyboardLayoutNameA
ActivateKeyboardLayout
GetKeyboardLayout
SystemParametersInfoA
GetKeyboardLayoutList
UnloadKeyboardLayout
PeekMessageA
GetForegroundWindow
MessageBoxTimeoutA
MessageBoxA
GetWindowThreadProcessId
GetWindowTextA
IsWindowVisible
GetWindow
GetDesktopWindow
GetAsyncKeyState
CallWindowProcA
KillTimer
SetTimer
PostMessageA
GetClassNameA

advapi32

RegFlushKey
CryptCreateHash
CryptReleaseContext
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteValueA
RegEnumValueA
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptAcquireContextA

ntdll

ZwClose
ZwQueryObject
ZwQuerySystemInformation

shell32

StrCmpNIA
SHGetSpecialFolderPathA

Exports

Exports

_��ӳ��

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ghfgh0
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ghfgh1
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a84b3461e87b052dca759b1466d7a86

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ntdll

shell32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 138KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 24KB - Virtual size: 114KB

.rsrc Size: 4KB - Virtual size: 664B

.ghfgh0 Size: 12KB - Virtual size: 10KB

.ghfgh1 Size: 208KB - Virtual size: 206KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 140KB - Virtual size: 138KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 24KB - Virtual size: 114KB

.rsrc
Size: 4KB - Virtual size: 664B

.ghfgh0
Size: 12KB - Virtual size: 10KB

.ghfgh1
Size: 208KB - Virtual size: 206KB

.reloc
Size: 8KB - Virtual size: 6KB