blackmoon | c8983b7c745fd5616bbad5f971df18c0N

General

Target

c8983b7c745fd5616bbad5f971df18c0N
Size

63KB
MD5

c8983b7c745fd5616bbad5f971df18c0
SHA1

39ee53ad58217e33540716b8d906d4c5bbb346d1
SHA256

6927165560e47e1d3415fb218bb06a77fcc2e37b9d32cfca040705d96eee3656
SHA512

73352407f39b2653cd34046aa172863794785fa042d703b637377912e99dac527a1f3e43a242fa741b310786634b316f4ba9217d4785d8c1e9b899c06825fea1
SSDEEP

1536:V8dwRcxcMSEN+C0sFw0i7OCk8/lQDreuusfY1u0E:idB6MSENB0sFw0i7OC5/lQPeulY1u0

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8983b7c745fd5616bbad5f971df18c0N

Files

c8983b7c745fd5616bbad5f971df18c0N
.dll windows:4 windows x86 arch:x86

ceff16379ea0fdc93e572fc1b9966fd2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
IsBadReadPtr
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
HeapReAlloc
OutputDebugStringA
CreateThread
CloseHandle
CreateMutexA
GetLocalTime
WaitForSingleObject
ReleaseMutex
Sleep
HeapAlloc
GetModuleHandleA
ExitProcess
GetTickCount
MultiByteToWideChar
GetProcessHeap

user32

GetClassInfoExA
LoadCursorA
RegisterClassExA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
SetLayeredWindowAttributes
GetClassNameA
IsWindow
SetWindowLongA
DestroyWindow
DefWindowProcA
GetCursorPos
UpdateWindow
ShowWindow
CreateWindowExA

msvcrt

_ftol
atoi
malloc
??3@YAXPAX@Z
??2@YAPAXI@Z
modf
free
memset
ceil
rand
_itow
srand
calloc
strrchr
sprintf
strchr

dwmapi

DwmExtendFrameIntoClientArea

d3d11

D3D11CreateDeviceAndSwapChain

d2d1

ord1

dwrite

DWriteCreateFactory

Exports

Exports

RegSetValueEx

Sections

.text
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ceff16379ea0fdc93e572fc1b9966fd2

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

dwmapi

d3d11

d2d1

dwrite

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 48KB

.rdata Size: 5KB - Virtual size: 8KB

.data Size: 10KB - Virtual size: 12KB

.reloc Size: 1KB - Virtual size: 4KB

.text
Size: 45KB - Virtual size: 48KB

.rdata
Size: 5KB - Virtual size: 8KB

.data
Size: 10KB - Virtual size: 12KB

.reloc
Size: 1KB - Virtual size: 4KB