blackmoon | 6c45086807738358e7db1675ea5198bd33fe832734c05aa488f36540a1df0599

Sharing

Copy URL Twitter E-mail

General

Target

6c45086807738358e7db1675ea5198bd33fe832734c05aa488f36540a1df0599
Size

2.1MB
MD5

d33f2ee329580c1b12b09e5067a4d73b
SHA1

4b1264039747a1ea9d26d5224d015efc42284b41
SHA256

6c45086807738358e7db1675ea5198bd33fe832734c05aa488f36540a1df0599
SHA512

dd03277b34972e8d5ba665f6f1de52864dbc8c75de40db0dc2f5391c53240c50444cc8daf9eb0e56001b5a020b640efab4b397f503d5cf7fd3af7ee577238ce6
SSDEEP

49152:6mo8+1fJHxZeKxDBWqPmuj8I/pn/n4VcSrT:n+rHDxDV5/n4Vx

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c45086807738358e7db1675ea5198bd33fe832734c05aa488f36540a1df0599

Files

6c45086807738358e7db1675ea5198bd33fe832734c05aa488f36540a1df0599
.exe windows:4 windows x86 arch:x86

a0e6ad7f2bf2a9573037c941b4db92f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
GetFileSize
WritePrivateProfileStringA
SetFileAttributesA
GetTickCount
FindNextFileA
DeleteFileA
GetProcessHeap
FindFirstFileA
GetLocalTime
CopyFileA
GetEnvironmentVariableA
WriteFile
LCMapStringA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
FreeLibrary
LoadLibraryA
MoveFileExA
GetTempFileNameA
GetTempPathA
MoveFileA
CreateDirectoryA
CreateFileA
HeapAlloc
GetCommandLineA
ExitProcess
DeviceIoControl
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
LocalFree
LocalAlloc
OpenProcess
GetCurrentProcess
CloseHandle
SetWaitableTimer
CreateWaitableTimerA
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
WideCharToMultiByte
lstrlenW
FindClose
FindFirstFileW
RemoveDirectoryA
MultiByteToWideChar
MulDiv
lstrcatA
lstrcpyA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetStartupInfoA
GetVersion
RtlUnwind
InterlockedDecrement
InterlockedIncrement
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
SetFilePointer
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
FlushFileBuffers

user32

RegisterHotKey
ReleaseCapture
ScreenToClient
SendMessageA
SetCapture
SetWindowLongA
UnregisterHotKey
LoadBitmapA
GetDC
GetClientRect
GetCursorPos
CreateWindowExA
CallWindowProcA
FindWindowA
ClientToScreen
GetSysColor
GetWindowThreadProcessId
GetInputState
MsgWaitForMultipleObjects
wvsprintfA
MessageBoxA
GetSystemMetrics
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA

gdi32

CreateFontA
DeleteObject
GetDeviceCaps
TranslateCharsetInfo

advapi32

CloseServiceHandle
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

shlwapi

PathFileExistsA

shell32

DragFinish
SHGetSpecialFolderPathA
DragQueryFileA
DragAcceptFiles

comctl32

ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_Destroy
ImageList_Create
ImageList_Add
ImageList_BeginDrag

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0e6ad7f2bf2a9573037c941b4db92f2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

shlwapi

shell32

comctl32

Sections

.text Size: 176KB - Virtual size: 173KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 1.9MB - Virtual size: 2.0MB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 176KB - Virtual size: 173KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 1.9MB - Virtual size: 2.0MB

.rsrc
Size: 4KB - Virtual size: 664B