blackmoon | 6be9712417f8912cf080eeee637ce090N[.]exe

General

Target

6be9712417f8912cf080eeee637ce090N.exe
Size

104KB
MD5

6be9712417f8912cf080eeee637ce090
SHA1

0ce7b169b602c59c625ca05417f9499527eb8bed
SHA256

2f7aa2c168e78b6916d767140738e187783d11b1f90d12ce947fd22caf0e3487
SHA512

4d64d16d178c371a81ce4ef3b30e374b9ad077a0605e40f595d0c032162eb0c8c98df79c1f0ca490b291113a0362f338a79652a8387ff7d4ae6327dbe970f8e7
SSDEEP

1536:+Tjujh/Epzu7MDeFjDfFL3zeg6eSVXeS4Kem6jhJHjHGSiEoza6oM4j/SBmYQAK6:CjeQ0Dg0kqArnpkYVeaZy7We1Hd1tnU

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6be9712417f8912cf080eeee637ce090N.exe

Files

6be9712417f8912cf080eeee637ce090N.exe
.dll windows:4 windows x86 arch:x86

b225bd186322ea072994010fffb1ca31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
WaitForSingleObject
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
WriteFile
CreateFileA
GetPrivateProfileStringA
GetCommandLineA
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
Module32First
CreateToolhelp32Snapshot
GetCurrentProcess
VirtualQueryEx
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
IsBadReadPtr
MultiByteToWideChar
GetModuleFileNameA
DeleteCriticalSection
TerminateThread
CreateThread

user32

MessageBoxA
TranslateMessage
wsprintfA
CallWindowProcA
FindWindowA
SetTimer
GetAsyncKeyState
GetMessageA
PeekMessageA
DispatchMessageA

msvcrt

??2@YAPAXI@Z
_CIfmod
strrchr
strchr
free
malloc
memmove
modf
__CxxFrameHandler
toupper
strtod
??3@YAXPAX@Z
sprintf
_ftol
atoi
strncmp
_strnicmp

shlwapi

PathFileExistsA

shell32

SHGetSpecialFolderPathA

Exports

Exports

SendARP

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b225bd186322ea072994010fffb1ca31

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

shlwapi

shell32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 82KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 89KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 84KB - Virtual size: 82KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 89KB

.reloc
Size: 4KB - Virtual size: 3KB