blackmoon | 633b0cc9dd8f2a8bad177739c7700f1a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

633b0cc9dd8f2a8bad177739c7700f1a_JaffaCakes118
Size

107KB
MD5

633b0cc9dd8f2a8bad177739c7700f1a
SHA1

122695854e94bbf2d626c0b22198b44b3d058e8c
SHA256

7a781f228b0367090d681f4137cf2e07cd8bc1d51169add97c54cfbf43f733e0
SHA512

6195b25e84beaff0433f9c1c335d4a94b08b1b678667b3441eea2dfdb416420b6d9cf61ce81d44e2be75cca5f4750546fc6d7fd3bce329b25b0dcf4d532d396b
SSDEEP

1536:bHKGUiVkvn7vB+4BdTAr1kGcK9LNL2HAN+5F4lekhseBtLhvFrg:TQiOn71cJ9+5ABtLhv+

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

633b0cc9dd8f2a8bad177739c7700f1a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

02fcad3cd68d31129de711c9e2621edb

Code Sign

51:f9:27:f2:61:9b:b0:53:b2:0e:a3:96:3a:1c:0d:37
Certificate

Issuer

CN=ZMPI cop

Not Before

31/12/2010, 16:00

Not After

31/12/2016, 16:00

Subject

CN=ZMPI cop

Extended Key Usages

ExtKeyUsageCodeSigning

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:0e:72:f5:4a:21:47:01:d8:fd:e6:f5:41:ae:6f:53:ca:97:7d:56
Signer

Actual PE Digest

bb:0e:72:f5:4a:21:47:01:d8:fd:e6:f5:41:ae:6f:53:ca:97:7d:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
CloseHandle
ReadFile
GetFileSize
CreateFileA
WriteFile
ExitProcess
GetCommandLineA
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetModuleHandleA
LCMapStringA
GetProcessHeap
GetVersion
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
GetProcAddress
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
MultiByteToWideChar
LCMapStringW
RaiseException
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA

user32

GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
TranslateMessage
PeekMessageA

shlwapi

PathFileExistsA

Exports

Exports

��ʼ��
��ʼ�鶾
�ͷ��
ѧϰ

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02fcad3cd68d31129de711c9e2621edb

Code Sign

51:f9:27:f2:61:9b:b0:53:b2:0e:a3:96:3a:1c:0d:37Certificate

Extended Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

bb:0e:72:f5:4a:21:47:01:d8:fd:e6:f5:41:ae:6f:53:ca:97:7d:56Signer

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 668B

.reloc Size: 8KB - Virtual size: 5KB

51:f9:27:f2:61:9b:b0:53:b2:0e:a3:96:3a:1c:0d:37
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

bb:0e:72:f5:4a:21:47:01:d8:fd:e6:f5:41:ae:6f:53:ca:97:7d:56
Signer

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 668B

.reloc
Size: 8KB - Virtual size: 5KB