blackmoon | 592b171d37bd12ba0aaecd2b843b8dbdc3bbf6ef8d101ac9ad1d0265bdddd3b6

Sharing

Copy URL Twitter E-mail

General

Target

592b171d37bd12ba0aaecd2b843b8dbdc3bbf6ef8d101ac9ad1d0265bdddd3b6
Size

184KB
MD5

0fad859bc9dedb253550bfb6a80b2d47
SHA1

6ea0e5bf0ab50993e6de67f9bfa06da6c7439821
SHA256

592b171d37bd12ba0aaecd2b843b8dbdc3bbf6ef8d101ac9ad1d0265bdddd3b6
SHA512

a00128ab04fa53bf7bee4a645aba08220ff2e97149996c74fe9e17eedf5b709cceed626d5dd773b81a9cec1a24e4db5114f875c2f21225f0db6be0c374cd4def
SSDEEP

3072:tSP84GfuZhurehVaOmRlQ8gOsCDw7r0r7XUK:t484GfuLuS2vb4Cv79

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
592b171d37bd12ba0aaecd2b843b8dbdc3bbf6ef8d101ac9ad1d0265bdddd3b6

Files

592b171d37bd12ba0aaecd2b843b8dbdc3bbf6ef8d101ac9ad1d0265bdddd3b6
.dll windows:4 windows x86 arch:x86

8b7c769b92af260b9c808391b2c9680d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAllocEx
WriteProcessMemory
WaitForSingleObject
WideCharToMultiByte
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
GetSystemWow64DirectoryA
MultiByteToWideChar
ExpandEnvironmentStringsW
lstrlenW
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
OpenProcess
CreateWaitableTimerA
GetTickCount
Sleep
GetUserDefaultLCID
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
DeleteCriticalSection
CreateThread
RtlMoveMemory
GetVersionExA
SetWaitableTimer
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessA
CreatePipe
GetProcAddress
GetModuleHandleA
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA

user32

PeekMessageA
ReleaseDC
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
GetDC

shlwapi

PathRemoveBlanksA

advapi32

RegDeleteValueA
RegDeleteKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
CreateProcessAsUserA
RegEnumValueA
RegOpenKeyA
RegEnumKeyA

ole32

CoInitialize
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID

msvcrt

__CxxFrameHandler
strncmp
memmove
modf
realloc
strchr
_CIpow
_CIfmod
qsort
sprintf
??3@YAXPAX@Z
strrchr
??2@YAPAXI@Z
atoi
_ftol
free
malloc

oleaut32

SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayGetElemsize

Exports

Exports

SetExceptionCatcher
SetQBClientCrashRpt
SetUploadDumpNum
��Ƿ��

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b7c769b92af260b9c808391b2c9680d

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

advapi32

ole32

msvcrt

oleaut32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 64KB - Virtual size: 111KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 64KB - Virtual size: 111KB

.reloc
Size: 8KB - Virtual size: 4KB