blackmoon | 7593bac9feb061974187734c58938736_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7593bac9feb061974187734c58938736_JaffaCakes118
Size

268KB
MD5

7593bac9feb061974187734c58938736
SHA1

077f64938bad591abb9628b4a4cb56dd64892d2f
SHA256

d3963ad351a4f50bd41bc29710453490b7b2b57c800ec731b98f8dee34ccc333
SHA512

b88e52549d6a11266f9a467af8629783bae198569fe93215dd1a5c717f51e3734b8a3f8cb5bbf98acbb75ce7b096de837a117e7288b75fe9eeb0e092ea3986e9
SSDEEP

6144:XZuJO+7XAEww1wjxdLa7d+kpXjEk8CL/9ACcH:Xkxsw1YxQ+kpXYk8CLyC

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7593bac9feb061974187734c58938736_JaffaCakes118

Files

7593bac9feb061974187734c58938736_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4c5c8d2b96ec5c1107163abc62d4ce30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
GetTickCount
Sleep
GetStartupInfoA
CreateProcessA
WaitForSingleObject
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
SetFileAttributesA
RaiseException
VirtualAlloc
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
InterlockedIncrement
InterlockedDecrement
CreateFileA
WriteFile
DeleteFileA
GetModuleFileNameA
GetCommandLineA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
CreateToolhelp32Snapshot
GetProcessHeap
LoadLibraryA
lstrlenA
ReadProcessMemory
GetCurrentProcess
LocalFree
RtlFillMemory
LocalAlloc
Beep
GetCurrentThread
GetProcAddress
CreateThread
MapViewOfFile
OpenFileMappingA
RtlMoveMemory
lstrcpyn
LocalSize
GetModuleHandleA
Module32First
Process32Next
CloseHandle
Process32First
GetVersion
WideCharToMultiByte
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
MultiByteToWideChar

user32

SystemParametersInfoA
GetKeyboardLayoutList
UnloadKeyboardLayout
RegisterHotKey
UnregisterHotKey
SetWindowPos
SetWindowRgn
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
EqualRect
IntersectRect
SetWindowLongA
GetWindowLongA
PostQuitMessage
CreateWindowExA
SetWindowTextA
GetWindowTextLengthA
IsWindow
EnableWindow
UpdateWindow
ShowWindow
PostMessageA
GetForegroundWindow
GetWindowRect
CallWindowProcA
GetKeyboardLayout
FillRect
GetSysColor
GetDC
DefWindowProcA
TrackMouseEvent
SendMessageA
GetParent
InvalidateRect
EndPaint
BeginPaint
MoveWindow
LoadCursorA
LoadIconA
RegisterClassExA
GetClassInfoExA
GetClassNameA
GetWindowTextA
IsWindowVisible
GetWindow
GetDesktopWindow
GetWindowThreadProcessId
ActivateKeyboardLayout
GetKeyboardLayoutNameA
LoadKeyboardLayoutA
MessageBoxA
wsprintfA
PeekMessageA
ReleaseDC

advapi32

RegSetValueExA
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegCreateKeyA
RegFlushKey
RegEnumValueA
RegDeleteValueA

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateSolidBrush
StretchBlt
CreatePatternBrush
DeleteObject
SetBkColor
TextOutA
SetTextColor
CreateDIBitmap
CreateRectRgn
GetPixel
CombineRgn
CreateFontA
GetObjectA

msimg32

TransparentBlt

shell32

SHGetSpecialFolderPathA
ShellExecuteA

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4c5c8d2b96ec5c1107163abc62d4ce30

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

msimg32

shell32

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 124KB - Virtual size: 214KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 124KB - Virtual size: 214KB