blackmoon | d125c1f90a3be59bd0bdb32ee16ced39a461f665a2d71fc84510bf7b003e35c9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d125c1f90a3be59bd0bdb32ee16ced39a461f665a2d71fc84510bf7b003e35c9
Size

852KB
MD5

533a8b0f6fa2eafa577903c604cbbc99
SHA1

4cad58dc5f338e44088700e7f66fe1adf0be3cf6
SHA256

d125c1f90a3be59bd0bdb32ee16ced39a461f665a2d71fc84510bf7b003e35c9
SHA512

fb59d2886487b7fe1e193155f91675a6707b9b101dfa03f04953b085e566d0e16d9779f74bc8fc3d96005aa95d6785f45393db02438d7f97fe9da915a13b8ed0
SSDEEP

12288:4VSjKjumxRDTCi3Nezuu6xoOb14QSyvBIhQZnV2LUVgKIaUXWQKXgu74rtHQwf:4VSAxVj3NeaFx7ohQZni/Ra4EjCtHQw

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d125c1f90a3be59bd0bdb32ee16ced39a461f665a2d71fc84510bf7b003e35c9

Files

d125c1f90a3be59bd0bdb32ee16ced39a461f665a2d71fc84510bf7b003e35c9
.exe windows:4 windows x86 arch:x86

1f01f7f5566c13d90c10aa2d24c1c42c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetWaitableTimer
CloseHandle
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
CreateWaitableTimerA
HeapFree
IsBadReadPtr
GetCommandLineA
GetModuleFileNameA
GetExitCodeThread
HeapReAlloc
WaitForSingleObject

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
MsgWaitForMultipleObjects

msvcrt

strrchr
_ftol
free
malloc
calloc

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 819KB - Virtual size: 832KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE