blackmoon | 5ac4c4f28b32668b1cd9db72feb02b67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ac4c4f28b32668b1cd9db72feb02b67_JaffaCakes118
Size

28.3MB
MD5

5ac4c4f28b32668b1cd9db72feb02b67
SHA1

e4d1b3de6b377bf83e43c8670686242bdef80a4f
SHA256

c4fb5e4aef8c589cdc97e97e455a3e35b2074466a3491885f190e26dd3103488
SHA512

730e9c6d9bfae6cc21d5dade7e1d760cf0785fc6e922aaa0538e45c91a397b4b87d54912e100db72746fdf0cdb4434160f1984d49477ec21b9e25dd42aa8a7ca
SSDEEP

393216:lQf64kyzPpexiCh4FgRjWSiWLQf64kyzPpexiCh:q1kyTkiChDY1kyTkiCh

Score

10^/10

miner blackmoon xmrig

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ac4c4f28b32668b1cd9db72feb02b67_JaffaCakes118

Files

5ac4c4f28b32668b1cd9db72feb02b67_JaffaCakes118
.exe windows:5 windows x86 arch:x86

64eccf2872e77d35d90985047296b2d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

accwiz.pdb

Imports

msvcrt

_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_controlfp
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
__setusermatherr
_wtoi
_wtol
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
wcschr
swscanf
wcstoul
_ftol
_purecall

advapi32

RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegEnumValueA
RegSetValueExA
RegEnumKeyA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyW

kernel32

GetLastError
CreateMutexW
SetLastError
GetProcAddress
GetModuleHandleW
lstrcmpW
lstrcatW
CloseHandle
WriteFile
MulDiv
Sleep
lstrcmpiW
WriteProfileStringW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
GetCommandLineW
lstrlenW
lstrcpyW
CreateFileW
GetFileSize
ReadFile
GetVersionExW
GetNumberFormatW

gdi32

TextOutW
RestoreDC
PatBlt
GetTextColor
RealizePalette
ExtTextOutW
BitBlt
CreateCompatibleBitmap
SetLayout
SelectObject
DeleteObject
SetBkColor
SelectPalette
SetTextColor
SetBkMode
CreatePalette
CreateBitmap
CreateCompatibleDC
GetTextMetricsW
DeleteDC
SetTextAlign
Rectangle
GetTextExtentPoint32W
SaveDC
CreateSolidBrush
SetPaletteEntries
GetStockObject
GetNearestColor
GetNearestPaletteIndex
GetPaletteEntries
GetDeviceCaps
CreateFontIndirectW

user32

SetTimer
KillTimer
SetCaretBlinkTime
SwapMouseButton
SetSysColors
SetFocus
GetFocus
GetForegroundWindow
DrawCaptionTempW
SetSysColorsTemp
LoadIconW
EnumDisplaySettingsW
ChangeDisplaySettingsW
SendMessageTimeoutW
FindWindowW
GetWindowRect
MapWindowPoints
SetWindowPos
ShowWindow
SetWindowLongW
LoadStringW
SendMessageW
GetDlgItem
SendDlgItemMessageW
SetDlgItemTextW
wsprintfW
GetWindowLongW
MessageBoxW
ReleaseDC
GetDC
GetDesktopWindow
SystemParametersInfoW
GetWindow
GetDlgCtrlID
GetTopWindow
GetClientRect
HiliteMenuItem
EnableMenuItem
LoadMenuW
OffsetRect
InflateRect
GetSystemMetrics
FillRect
DrawFrameControl
DestroyIcon
DrawTextW
DrawEdge
LoadImageW
InvalidateRect
DefWindowProcW
EndPaint
BeginPaint
GetSysColor
RegisterClassW
LoadCursorW
PostMessageW
GetParent
SetWindowTextW
EnableWindow

comctl32

PropertySheetW
ord17

comdlg32

GetSaveFileNameW

shlwapi

StrTrimW

shell32

ShellExecuteW
ord258

ole32

CoInitialize
CoCreateInstance

uxtheme

IsThemeActive
GetCurrentThemeName
ord4
ord65

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64eccf2872e77d35d90985047296b2d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

comctl32

comdlg32

shlwapi

shell32

ole32

uxtheme

Sections

.text Size: 49KB - Virtual size: 48KB

.data Size: 3KB - Virtual size: 38KB

.rsrc Size: 126KB - Virtual size: 126KB

.text
Size: 49KB - Virtual size: 48KB

.data
Size: 3KB - Virtual size: 38KB

.rsrc
Size: 126KB - Virtual size: 126KB