blackmoon | 417ddb873ce9a7ac197bb21569e34ef0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

417ddb873ce9a7ac197bb21569e34ef0N.exe
Size

24KB
MD5

417ddb873ce9a7ac197bb21569e34ef0
SHA1

e62fc8ac2968deaa757f8fa74523bf7ca5e95150
SHA256

5a60307b55011ac2854f2680567c6f4e96ac0a7f1a4c738794b2a5490af08acb
SHA512

d6fcbcececcae7f3f6357d87b09c3792c4520b0d4546323dad2c406d5b61d4cd6e09299273bc9f7dde49f5e3a566f0ff5c48f1fcb8d217fa64a91835554777ea
SSDEEP

384:lB4YA1ybxtCDob2fZd3Sh+XnZaZ8iaRwluhl1U8P34qh02:klEIob2Rd3pngZ8zR51f3v02

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
417ddb873ce9a7ac197bb21569e34ef0N.exe

Files

417ddb873ce9a7ac197bb21569e34ef0N.exe
.exe windows:4 windows x86 arch:x86

80db5803d52d98d29af81034d3fb8982

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
FindFirstFileA
CreateDirectoryA
GetModuleFileNameA
CloseHandle
WriteFile
CreateFileA
CopyFileA
WaitForSingleObject
CreateProcessA
IsBadReadPtr
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
ExitProcess
GetModuleHandleA
GetStartupInfoA

user32

TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetMessageA
PeekMessageA

msvcrt

modf
atoi
strchr
_ftol
strrchr
sprintf

shlwapi

PathFileExistsA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ