blackmoon | 7689e7b63bb4b190c77ab7727acadede_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7689e7b63bb4b190c77ab7727acadede_JaffaCakes118
Size

272KB
MD5

7689e7b63bb4b190c77ab7727acadede
SHA1

506e3337cc546d46497083cb671e38f12e2db126
SHA256

99cbdc86fa8860a40036c5e45693d34e54636e9ad4aea1cdccb6aff68507b7c3
SHA512

1bce2a9af899e059bbba95497061b111d639b7dd9903320c2514f35d889f7fa697d8c88831a9cd49b0e3899e98f8f229403912fc0ab27311bbc2f7f8cad87b2d
SSDEEP

3072:o6MxrqlL2yB1/4wf25YO9BWddiAWkewQX86jOjKD1EyEq4SaOktxUD:o6MxrS2a1/4j3WddiAWk+X86jOjKKbi

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7689e7b63bb4b190c77ab7727acadede_JaffaCakes118

Files

7689e7b63bb4b190c77ab7727acadede_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a7713a8d7c9fdea890f80fb570ef391

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrTrimW

kernel32

GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
WideCharToMultiByte
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetProcessHeap
VirtualFree
VirtualAlloc
RtlZeroMemory
lstrcmpiW
lstrcmpW
lstrlenW
GetSystemInfo
LocalAlloc
LCMapStringW
LocalFree
IsBadCodePtr
GetStringTypeW
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
HeapSize
GetVersion
GetStartupInfoA
UnmapViewOfFile
CloseHandle
SetWaitableTimer
CreateWaitableTimerA
LocalSize
MulDiv
GetCurrentThreadId
lstrcpynW
RtlMoveMemory
MultiByteToWideChar
GetModuleHandleW
LCMapStringA

user32

PeekMessageA
GetMessageW
IsDialogMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
IsWindow
FindWindowExA
RegisterWindowMessageA
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoW
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuStringW
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuW
GetMenuItemCount
AppendMenuW
DestroyMenu
LoadMenuW
CreatePopupMenu
CreateMenu
CharLowerW
CharUpperW
KillTimer
SetTimer
RegisterClassExW
LoadCursorW
LoadIconW
RegisterWindowMessageW
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
DestroyIcon
EndPaint
FillRect
BeginPaint
DestroyWindow
MsgWaitForMultipleObjects
CloseClipboard
GetClipboardData
OpenClipboard
EmptyClipboard
GetClassNameA
SetClassLongW
ReleaseDC
GetDC
RemovePropW
GetPropW
SetPropW
MessageBoxW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageW
SetWindowPos
MoveWindow
ScreenToClient
GetParent
UpdateWindow
ValidateRect
InvalidateRect
GetWindowRect
GetClientRect
GetFocus
SetFocus
GetClassNameW
GetDlgItem
GetWindowLongW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
SendMessageW
CreateWindowExW
UnhookWindowsHookEx
SetWindowLongW
SetCursor
DefMDIChildProcW
DefWindowProcW
GetAsyncKeyState
CallWindowProcW
SendMessageTimeoutA
CheckMenuItem

gdi32

DeleteObject
GetStockObject
GetDeviceCaps
CreateFontW
GetObjectW
CreateSolidBrush
CreatePatternBrush
CreateDIBitmap

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
Shell_NotifyIconW

ole32

CoUninitialize
CoInitialize

oleacc

ObjectFromLresult

atl

ord42
ord47

oleaut32

VariantClear
VariantInit

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0a7713a8d7c9fdea890f80fb570ef391

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

shell32

ole32

oleacc

atl

oleaut32

Sections

.text Size: 228KB - Virtual size: 226KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 24KB - Virtual size: 71KB

.rsrc Size: 4KB - Virtual size: 16B

.text
Size: 228KB - Virtual size: 226KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 24KB - Virtual size: 71KB

.rsrc
Size: 4KB - Virtual size: 16B