blackmoon | bc6db5c91a376f95bb67cc9c149e6516_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bc6db5c91a376f95bb67cc9c149e6516_JaffaCakes118
Size

36KB
MD5

bc6db5c91a376f95bb67cc9c149e6516
SHA1

8f7b879d4ec332b673f2d8f00f485707202c1a6c
SHA256

ff79934ed16b28fb4b4a0f58ca9a8dafb4902c5c439336912de400652d134e9e
SHA512

3a3b7015e379a4690f43b5efb1567643b5ab7ee56f99c41e3b6372f329c72d516c59953dde5a07707ac8af4702479a52f2ebd2d7a7bafb6dcc897cd8995cda5f
SSDEEP

384:Wk3/f06bicpcVun5LP+etYTOwWccaWKChQjbmVp9YhbmVp9Yuhy:xH06bicmVun5LPuO7ccaEQqcscl

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc6db5c91a376f95bb67cc9c149e6516_JaffaCakes118

Files

bc6db5c91a376f95bb67cc9c149e6516_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5e8c65665aacda3bb1ca3396552d9fff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PeekMessageA
wsprintfA
DispatchMessageA
TranslateMessage
MessageBoxA
GetMessageA

kernel32

HeapReAlloc
HeapFree
IsBadReadPtr
GetPrivateProfileStringA
CloseHandle
WriteFile
HeapAlloc
GetProcessHeap
GetModuleFileNameA
LCMapStringA
GetCommandLineA
ExitProcess
CreateFileA
GetModuleHandleA

wininet

InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenA

advapi32

RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegEnumKeyA
RegOpenKeyA

msvcrt

_strnicmp
??3@YAXPAX@Z
strrchr
??2@YAPAXI@Z
_atoi64
_ftol
strncmp
sprintf
atoi
free
malloc
modf
memmove
__CxxFrameHandler

Exports

Exports

dll_run

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ