blackmoon | 6a4b199477ab4d9a136411d119af21f34e6c35f81dc200e94c6846440f05c2d3

Sharing

Copy URL Twitter E-mail

General

Target

6a4b199477ab4d9a136411d119af21f34e6c35f81dc200e94c6846440f05c2d3
Size

428KB
MD5

31aac1f54e2d4a0d29a4d55264f9cf7f
SHA1

9f35670c4c92e87e014f41b835bb640ceae8a18b
SHA256

6a4b199477ab4d9a136411d119af21f34e6c35f81dc200e94c6846440f05c2d3
SHA512

87dbfbea451b75e936d62353eee80fb006badf8052b22aa55fda66101ffd58a46387cebf732d4d572616c15f24f5cb3310b4a3cff9da31a9a18e80edf9170cac
SSDEEP

12288:C1jpD7K54bDQc2uffs959/ccY/Cusn+bDsRNoSbE:CNpD8S/fO/4DsnBRw

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

6a4b199477ab4d9a136411d119af21f34e6c35f81dc200e94c6846440f05c2d3
.dll windows:4 windows x86 arch:x86

2488de08ef6e3d30219f24c7718b7030

Code Sign

0c:bf:a1:0c:ee:b1:f7:81:48:af:58:92:56:9d:fe:85
Certificate

Issuer

CN=Lbh-ssy-CA v1.01

Not Before

31/12/1999, 16:00

Not After

07/08/8888, 16:00

Subject

CN=Lbh-ssy-CA v1.01

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
SetFileAttributesA
DeleteFileA
GetTickCount
GetPrivateProfileStringA
WritePrivateProfileStringA
Sleep
GetModuleFileNameA
LCMapStringA
GetCommandLineA
IsBadReadPtr
GetProcAddress
LoadLibraryA
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
FreeLibrary
RtlMoveMemory
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetVersion
RtlUnwind
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
SetFilePointer
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter

user32

GetAsyncKeyState
SetTimer
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA

gdi32

DeleteDC
DeleteObject
BitBlt
SelectObject
CreateDIBSection

shlwapi

PathFileExistsA

Exports

Exports

a

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 292KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2488de08ef6e3d30219f24c7718b7030

Code Sign

0c:bf:a1:0c:ee:b1:f7:81:48:af:58:92:56:9d:fe:85Certificate

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shlwapi

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 112KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 292KB - Virtual size: 358KB

.reloc Size: 8KB - Virtual size: 7KB

0c:bf:a1:0c:ee:b1:f7:81:48:af:58:92:56:9d:fe:85
Certificate

.text
Size: 116KB - Virtual size: 112KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 292KB - Virtual size: 358KB

.reloc
Size: 8KB - Virtual size: 7KB