blackmoon | c8c527ed1aba921ea15eb09217a4e490_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8c527ed1aba921ea15eb09217a4e490_JaffaCakes118
Size

20.6MB
MD5

c8c527ed1aba921ea15eb09217a4e490
SHA1

5622c3cc963f02e420dbf82565f4921f06cc8238
SHA256

bff20eabefa8559723ae24902c66f21c6709cf3ec24236782f2e885b98c50696
SHA512

9d2bf06b172ef4fe88b6475b3cf17e56aeeb9ac751cebd1efc4e3d78cad22d03f185411d87018c22f04140b98c8bfa9de02638af49790ac229218f9a7a771131
SSDEEP

98304:fsRXtdOgFSCCsRXtdOgFtCCsRXtdOgFSCCsRXtdOgFolUbYZfgs0QlxVN8f01iuu:mXFFXFgXFFXFOU64sFNwnYBzzXW

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8c527ed1aba921ea15eb09217a4e490_JaffaCakes118

Files

c8c527ed1aba921ea15eb09217a4e490_JaffaCakes118
.exe windows:6 windows x64 arch:x64

cdeee9af86c82ea7231a2ab0918cab50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Mahjong.pdb

Imports

kernel32

IsProcessorFeaturePresent
UnmapViewOfFile
GetModuleHandleA
LoadLibraryA
RegOpenKeyExA
RegQueryValueExA
OutputDebugStringA
InterlockedPushEntrySList
VirtualAlloc
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
DelayLoadFailureHook
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
LoadLibraryW
GetVersionExW
QueryPerformanceFrequency
ExitProcess
CreateMutexW
GetCommandLineW
RegisterApplicationRestart
GetModuleFileNameW
SetCurrentDirectoryW
OutputDebugStringW
SleepEx
MultiByteToWideChar
FlushInstructionCache
MulDiv
GlobalAddAtomW
GlobalDeleteAtom
RaiseException
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetCurrentDirectoryW
GetFileAttributesW
MoveFileExW
CreateDirectoryW
DeleteFileW
GetFileSize
ReadFile
WriteFile
SetFilePointer
FindResourceExW
GetThreadLocale
LoadResource
LockResource
LocalAlloc
FormatMessageW
WideCharToMultiByte
CreateEventW
WaitForSingleObject
LoadLibraryExW
FindResourceW
SizeofResource
GetTickCount64
ExpandEnvironmentStringsW
GlobalAlloc
GlobalFree
GetDateFormatW
FreeResource
RegCloseKey
GetStdHandle
WriteConsoleW
DebugBreak
GetFileType
CreateThread
LoadLibraryExA
GetProcAddress
GetLastError
FreeLibrary
CloseHandle
CreateFileW
HeapSetInformation
LocalFree
GetModuleHandleW

user32

SetRect
GetSystemMetrics
GetDoubleClickTime
GetCursorPos
GetWindowRect
GetClientRect
NotifyWinEvent
UnhookWindowsHookEx
DestroyWindow
ShowCursor
KillTimer
SetTimer
SetWindowPos
IsIconic
FindWindowW
BringWindowToTop
SetForegroundWindow
RegisterRawInputDevices
LoadAcceleratorsW
PeekMessageW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
CreateWindowExW
SetWindowLongPtrW
IsZoomed
GetWindowPlacement
SetWindowPlacement
ScreenToClient
BeginPaint
EndPaint
GetDC
ReleaseDC
IsWindowVisible
RedrawWindow
SetCapture
GetClassInfoExW
LoadCursorW
RegisterClassExW
RegisterWindowMessageW
SetCursor
SetClassLongPtrW
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
SetMenuInfo
CallNextHookEx
TrackPopupMenu
GetSysColorBrush
RegisterClassW
GetDlgItem
MonitorFromWindow
GetSubMenu
LoadMenuW
GetKeyState
GetSysColor
FillRect
DrawFrameControl
GetForegroundWindow
GetRawInputData
IntersectRect
IsRectEmpty
TrackMouseEvent
ReleaseCapture
PtInRect
DefWindowProcW
UnionRect
EqualRect
OffsetRect
EnumDisplayMonitors
MonitorFromRect
SendInput
GetWindowLongPtrW
DrawTextW
CallWindowProcW
GetProcessDefaultLayout
GetParent
AdjustWindowRect
GetWindowLongW
SetWindowLongW
GetIconInfo
GetWindow
GetDlgCtrlID
SetFocus
DialogBoxParamW
CreateDialogIndirectParamW
CreateDialogParamW
GetNextDlgGroupItem
GetNextDlgTabItem
GetClassNameW
IsDialogMessageW
EndDialog
SetWindowRgn
EnumChildWindows
MapWindowPoints
GetWindowTextW
IsWindowEnabled
DrawEdge
CheckDlgButton
SetDlgItemTextW
GetFocus
SetWindowTextW
SendMessageW
GetMenu
SetPropW
InvalidateRect
PostMessageW
MessageBoxW
LoadStringW
EnableMenuItem
SystemParametersInfoW
IsDlgButtonChecked
GetMonitorInfoW
EnableWindow
LoadIconW
PostQuitMessage
ShowWindow
UnregisterClassA
SetWindowsHookExW

msvcrt

_snwprintf_s
strncmp
_vscwprintf
_wcstoui64
wcstod
wcscspn
_errno
memmove
wcsspn
swprintf_s
?_set_new_mode@@YAHH@Z
floorf
ceilf
logf
atanf
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
wcscat_s
_vsnwprintf_s
qsort
__CxxFrameHandler3
_localtime64_s
_wcsnicmp
memmove_s
wcsncat_s
memset
atan2f
cosf
sinf
acosf
memcmp
??1type_info@@UEAA@XZ
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_callnewh
_CxxThrowException
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
srand
malloc
wcsncmp
rand
wcstombs_s
mbstowcs_s
_wcsicmp
_wtof
wcstol
_wtoi
wcsncpy_s
_time64
realloc
free
wcstoul
wcschr
wcscpy_s
time
_purecall
_finite
_strdup
setlocale
iswalpha
iswspace
iswpunct
iswdigit
memcpy
sqrtf

ntdll

WinSqmAddToStream
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIncrementDWORD

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance

shell32

SHSetLocalizedName
CommandLineToArgvW
ShellExecuteW
ShellAboutW
SHGetFolderPathW
SHGetFolderPathEx

advapi32

GetUserNameW

gdi32

GetStockObject
CreateSolidBrush
AddFontResourceW
GetDeviceCaps
CreateFontIndirectW
SelectObject
DeleteObject
RemoveFontResourceW
SetTextColor
CreateRoundRectRgn
GetObjectA
GetTextColor
GetBkColor
Rectangle
CreatePen
DeleteDC
RestoreDC
SaveDC
PatBlt
ExcludeClipRect
BitBlt
CreateBitmap
CreateCompatibleDC
ExtTextOutW
GetTextExtentPoint32W
SetBkMode
MoveToEx
GetTextMetricsW
GetGlyphOutlineA
GetCharacterPlacementW
CreateDIBSection
CreateFontIndirectA
GetFontLanguageInfo
SetMapMode
GetCharacterPlacementA
GetObjectW
GetTextMetricsA
SetTextAlign
ExtTextOutA
CreateFontW
SetBkColor

oleaut32

VariantClear
VariantInit
SysFreeString
SysStringLen
SysAllocString

shlwapi

PathCombineW
PathFileExistsW

comctl32

ImageList_Create
ImageList_Destroy
InitCommonControlsEx
ImageList_Add

gdiplus

GdipImageRotateFlip
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteRegion
GdipCreateRegionHrgn
GdipSetClipRegion
GdipSetClipRectI
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawString
GdipDrawImageRectI
GdipDeleteFont
GdipLoadImageFromStream
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipCreateLineBrushFromRectI
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipSetStringFormatHotkeyPrefix
GdipCreateFromHDC
GdipGetDC
GdipReleaseDC
GdipDrawLineI
GdipDrawRectangle
GdipDrawRectangleI
GdipFillRectangleI
GdipFillRegion
GdipMeasureString

secur32

GetUserNameExW

d3d9

Direct3DCreate9

dsound

ord11

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

oleacc

AccessibleChildren
CreateStdAccessibleProxyW
AccessibleObjectFromWindow
LresultFromObject

xinput9_1_0

XInputGetState

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

slc

SLGetWindowsInformationDWORD

usp10

ScriptBreak
ScriptItemize

Sections

.text
Size: 639KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdeee9af86c82ea7231a2ab0918cab50

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcrt

ntdll

ole32

shell32

advapi32

gdi32

oleaut32

shlwapi

comctl32

gdiplus

secur32

d3d9

dsound

winmm

oleacc

xinput9_1_0

wtsapi32

slc

usp10

Sections

.text Size: 639KB - Virtual size: 638KB

.data Size: 36KB - Virtual size: 52KB

.pdata Size: 19KB - Virtual size: 19KB

.rsrc Size: 95KB - Virtual size: 94KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 639KB - Virtual size: 638KB

.data
Size: 36KB - Virtual size: 52KB

.pdata
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 9KB - Virtual size: 8KB