blackmoon | e8fbfde2237d49b43979d010a9c77190N

General

Target

e8fbfde2237d49b43979d010a9c77190N
Size

63KB
MD5

e8fbfde2237d49b43979d010a9c77190
SHA1

d4685fe86634cd9e476dcaaf1219ca326d54ec4e
SHA256

4de5d042ac6d2354ba7e1808ded68c52c0086bed79f5960ebec7c5cd45b4fd89
SHA512

649c5658e01f54137aea9b213da18e1bb3d4f39461d799789970312078d4b4cbfa3528ce521bbc5c67b0b9275bab38f45ffdef71ce34dce5c4991bd30876e61b
SSDEEP

1536:V8dwRcxcMSEN+C0sFw0i7OCk8/lQDreuusfY4u0E:idB6MSENB0sFw0i7OC5/lQPeulY4u0

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8fbfde2237d49b43979d010a9c77190N

Files

e8fbfde2237d49b43979d010a9c77190N
.dll windows:4 windows x86 arch:x86

ceff16379ea0fdc93e572fc1b9966fd2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
IsBadReadPtr
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
HeapReAlloc
OutputDebugStringA
CreateThread
CloseHandle
CreateMutexA
GetLocalTime
WaitForSingleObject
ReleaseMutex
Sleep
HeapAlloc
GetModuleHandleA
ExitProcess
GetTickCount
MultiByteToWideChar
GetProcessHeap

user32

GetClassInfoExA
LoadCursorA
RegisterClassExA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
SetLayeredWindowAttributes
GetClassNameA
IsWindow
SetWindowLongA
DestroyWindow
DefWindowProcA
GetCursorPos
UpdateWindow
ShowWindow
CreateWindowExA

msvcrt

_ftol
atoi
malloc
??3@YAXPAX@Z
??2@YAPAXI@Z
modf
free
memset
ceil
rand
_itow
srand
calloc
strrchr
sprintf
strchr

dwmapi

DwmExtendFrameIntoClientArea

d3d11

D3D11CreateDeviceAndSwapChain

d2d1

ord1

dwrite

DWriteCreateFactory

Exports

Exports

RegSetValueEx

Sections

.text
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ceff16379ea0fdc93e572fc1b9966fd2

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

dwmapi

d3d11

d2d1

dwrite

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 48KB

.rdata Size: 5KB - Virtual size: 8KB

.data Size: 10KB - Virtual size: 12KB

.reloc Size: 1KB - Virtual size: 4KB

.text
Size: 45KB - Virtual size: 48KB

.rdata
Size: 5KB - Virtual size: 8KB

.data
Size: 10KB - Virtual size: 12KB

.reloc
Size: 1KB - Virtual size: 4KB