blackmoon | 88ca647d4b1b3c7342ad2067cc1967d0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

88ca647d4b1b3c7342ad2067cc1967d0_JaffaCakes118
Size

48KB
MD5

88ca647d4b1b3c7342ad2067cc1967d0
SHA1

56c913e0494968743c8d9257981e769f254710c6
SHA256

083d2ceb68659ad78df9b92dd732c3c99212e4e7bbff80070a63d980a9b7f67b
SHA512

095d40be6bfb35352d1eaea8361f07142af2007a682e0f96698137237246c8bb2e6f9190f66d0161d44db6d835ac43c0db69d437fe591a9db916ce9c63c904e7
SSDEEP

768:vDyM7n45/ITJ4oLFlyzsaTK5UuAKilW6N8HGBlNMFnW6fviUhjEMS3wiMT0cG0rV:vDyM7n45/IGoHmBHMFVdS3wLXL7O9U

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88ca647d4b1b3c7342ad2067cc1967d0_JaffaCakes118

Files

88ca647d4b1b3c7342ad2067cc1967d0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d4c9e61eee30c80f7c64b9b10456a8e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

modf
memmove
strrchr
srand
strncmp
sprintf
_ftol
rand
??3@YAXPAX@Z
strncpy
_strnicmp

user32

wsprintfA
MsgWaitForMultipleObjects
MessageBoxTimeoutA
MessageBoxA
PostMessageA
EnumChildWindows
KillTimer
FindWindowExA
FindWindowA
ShowWindow
RedrawWindow
EnableMenuItem
GetSystemMenu
DispatchMessageA
GetClassNameA
GetWindowThreadProcessId
GetWindow
GetDesktopWindow
SetTimer
GetWindowRect
CallWindowProcA
ReleaseDC
FillRect
TranslateMessage
GetMessageA
GetClassInfoExA
RegisterClassExA
LoadIconA
LoadCursorA
MoveWindow
PeekMessageA
GetWindowTextA
GetSysColor
GetDC
DefWindowProcA
TrackMouseEvent
SendMessageA
GetParent
InvalidateRect
EndPaint
BeginPaint

kernel32

GetSystemDirectoryA
GetWindowsDirectoryA
RtlMoveMemory
lstrcpyn
LocalSize
GetModuleHandleA
WriteProcessMemory
ReadProcessMemory
CreateToolhelp32Snapshot
SetProcessWorkingSetSize
CreateWaitableTimerA
SetWaitableTimer
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
Module32First
CloseHandle
OpenProcess
GetCurrentProcess
DuplicateHandle
VirtualFreeEx
GetTempPathA
GetModuleFileNameA
GetCommandLineA
CreateFileA
WriteFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetTickCount
VirtualAllocEx

gdi32

GetObjectA
SelectObject
BitBlt
DeleteDC
CreateSolidBrush
CreateCompatibleDC

shell32

SHGetSpecialFolderPathA

wininet

InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
InternetReadFile

shlwapi

PathFileExistsA

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d4c9e61eee30c80f7c64b9b10456a8e5

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

gdi32

shell32

wininet

shlwapi

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 63KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 63KB

.rsrc
Size: 4KB - Virtual size: 664B