blackmoon | 5cf668b0d7628a7166dd5ffe827306c16429085b01b7782c59e8dee00062dde8

Sharing

Copy URL Twitter E-mail

General

Target

5cf668b0d7628a7166dd5ffe827306c16429085b01b7782c59e8dee00062dde8
Size

636KB
MD5

8d57dabdc83fbff0479ec09e413cd21d
SHA1

f84a3aebaa2dd81bd757bc7af82518a8ab5e2437
SHA256

5cf668b0d7628a7166dd5ffe827306c16429085b01b7782c59e8dee00062dde8
SHA512

613b9fbd6d45a720aa3769fd787dc2e079d488ce7d021bf6739f5f3d055fd499b37caa8bff9745528deb6266790802f9182f549c11eac198e8585358d94c275d
SSDEEP

12288:ELpINdoSDqkHXY6gvUa1eAHBCa66+SnRPBPEh40e8:YATqkHXY68kAHBrxmC0

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5cf668b0d7628a7166dd5ffe827306c16429085b01b7782c59e8dee00062dde8

Files

5cf668b0d7628a7166dd5ffe827306c16429085b01b7782c59e8dee00062dde8
.exe windows:4 windows x86 arch:x86

1cd3e98d705708bff4fa9331f869527c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

kernel32

GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
LCMapStringA
GetTickCount
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
VirtualProtect
SetWaitableTimer
CreateWaitableTimerA
LocalAlloc
WideCharToMultiByte
Sleep
CloseHandle
lstrcpyA
lstrcatA
MulDiv
CreateThread
LoadLibraryA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

shlwapi

PathFileExistsA

user32

CallWindowProcA
CreateWindowExA
GetDC
GetSysColor
LoadBitmapA
RegisterHotKey
ReleaseCapture
SendMessageA
SetCapture
SetWindowLongA
UnregisterHotKey
MessageBeep
PeekMessageA
GetDesktopWindow
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
MsgWaitForMultipleObjects
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetClientRect
ClientToScreen
MoveWindow
GetAsyncKeyState
mouse_event
GetCursorPos
SetLayeredWindowAttributes
GetMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateFontA
TranslateCharsetInfo

msvcrt

modf
realloc
??3@YAXPAX@Z
memmove
strncmp
__CxxFrameHandler
_except_handler3
calloc
strchr
strrchr
_CIpow
floor
_CIfmod
malloc
free
rand
srand
_ftol
atoi
sprintf

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderPathA
ShellExecuteA

comctl32

ImageList_DragShowNolock
ImageList_DragEnter
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragMove
ord17
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 350KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1cd3e98d705708bff4fa9331f869527c

Headers

File Characteristics

Imports

winmm

kernel32

shlwapi

user32

gdi32

msvcrt

shell32

comctl32

Sections

.text Size: 278KB - Virtual size: 278KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 350KB - Virtual size: 440KB

.text
Size: 278KB - Virtual size: 278KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 350KB - Virtual size: 440KB