blackmoon | 5d96364a09cf93388af71b623530e265af9975be8548ce8a79e1111c2e2804bc

Sharing

Copy URL Twitter E-mail

General

Target

5d96364a09cf93388af71b623530e265af9975be8548ce8a79e1111c2e2804bc
Size

738KB
MD5

9615389b0eceb5e33d0ca5b2db6ad888
SHA1

f5e7e06f12328417a5eb77bf1209ab54f6edeba0
SHA256

5d96364a09cf93388af71b623530e265af9975be8548ce8a79e1111c2e2804bc
SHA512

d3bef4d94a7471a81f0010007df2f2d92462ed0c4056b0bd2bcde530c8a7a7746b7ec8c4bc379e64bbabf95d9e90676bb34802366d9072abee4e59d266f89957
SSDEEP

12288:8G4jj92fx0gF7X6Ki9XUk+IPEnugusUETcDa+ylQW2G3/PfN8Njw:8G4jjMfTFuKiUR5Z3Fqw

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d96364a09cf93388af71b623530e265af9975be8548ce8a79e1111c2e2804bc

Files

5d96364a09cf93388af71b623530e265af9975be8548ce8a79e1111c2e2804bc
.exe windows:4 windows x86 arch:x86

3cd2af9aa706b4f5fb7e7f37a4f05f0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CreateProcessA
GetStartupInfoA
LCMapStringA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetModuleFileNameA
ReadFile
GetFileSize
DeleteFileA
CloseHandle
FindNextFileA
RemoveDirectoryA
FindFirstFileA
SetFileAttributesA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLocalTime
GetStdHandle
WriteFile
GetTickCount
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetCurrentProcessId
GetProcessHeap
GetLastError
DeviceIoControl
CreateFileA
RtlMoveMemory
MoveFileA
CreateDirectoryA
MoveFileExA
GetTempFileNameA
GetTempPathA
VirtualProtect
SetWaitableTimer
CreateWaitableTimerA
Module32Next
Module32First
Sleep
CreateThread
Process32Next
Process32First
CreateToolhelp32Snapshot
FindClose
lstrcpyA
lstrcatA
MulDiv
GetWindowsDirectoryA
GetSystemDirectoryA

user32

GetSysColor
LoadBitmapA
RegisterHotKey
ReleaseCapture
ScreenToClient
SendMessageA
SetCapture
SetWindowLongA
UnregisterHotKey
PeekMessageA
GetMessageA
TranslateMessage
GetDC
wsprintfA
MessageBoxA
MsgWaitForMultipleObjects
SetWindowLongW
GetWindowLongA
UpdateWindow
GetParent
GetWindowRect
GetCursorPos
SetLayeredWindowAttributes
GetWindowThreadProcessId
FindWindowA
CreateWindowExA
CallWindowProcA
DispatchMessageA

gdi32

GetDeviceCaps
DeleteObject
TranslateCharsetInfo
CreateFontA

advapi32

OpenServiceA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
DeleteService
CreateServiceA
StartServiceA
ControlService
CloseServiceHandle
OpenSCManagerA

winmm

timeGetTime

shlwapi

PathFileExistsA
StrToIntExA

msvcrt

malloc
_CIfmod
strtod
??3@YAXPAX@Z
strrchr
??2@YAPAXI@Z
strchr
realloc
memmove
strncmp
__CxxFrameHandler
_ftol
atoi
modf
sprintf
free
srand
rand
_stricmp

comctl32

ImageList_DragMove
ImageList_DragLeave
ImageList_EndDrag
ord17
ImageList_Add
ImageList_DragShowNolock
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderPathA
ShellExecuteA

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 636KB - Virtual size: 725KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cd2af9aa706b4f5fb7e7f37a4f05f0c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

winmm

shlwapi

msvcrt

comctl32

shell32

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 636KB - Virtual size: 725KB

.rsrc Size: 1024B - Virtual size: 692B

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 636KB - Virtual size: 725KB

.rsrc
Size: 1024B - Virtual size: 692B