blackmoon | 0372826af0ed3ff9068066ae7688585122f45578f15ee839c9063c70106395ad

Sharing

Copy URL Twitter E-mail

General

Target

0372826af0ed3ff9068066ae7688585122f45578f15ee839c9063c70106395ad
Size

638KB
MD5

188ac6d1b59186670f59711cb3b274ff
SHA1

1519eec0317ac8a061caeb0ca6e9f39900652318
SHA256

0372826af0ed3ff9068066ae7688585122f45578f15ee839c9063c70106395ad
SHA512

1b1ee29802f2d721b257eb8ab83ff3b8d3e57dd5095d23bb4c99d946c19cb05fb6ff843faf29fe1a634b3717eae2e88db4e451eb804e2ff3afdc937d0fd2c288
SSDEEP

12288:sLpINdoSjdxr+TfrdmEU1eAHBCa66+SnRPBPEh40e8:QATdxr+TfrYsAHBrxmC0

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0372826af0ed3ff9068066ae7688585122f45578f15ee839c9063c70106395ad

Files

0372826af0ed3ff9068066ae7688585122f45578f15ee839c9063c70106395ad
.exe windows:4 windows x86 arch:x86

1cd3e98d705708bff4fa9331f869527c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

kernel32

GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
LCMapStringA
GetTickCount
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
VirtualProtect
SetWaitableTimer
CreateWaitableTimerA
LocalAlloc
WideCharToMultiByte
Sleep
CloseHandle
lstrcpyA
lstrcatA
MulDiv
CreateThread
LoadLibraryA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

shlwapi

PathFileExistsA

user32

CallWindowProcA
CreateWindowExA
GetDC
GetSysColor
LoadBitmapA
RegisterHotKey
ReleaseCapture
SendMessageA
SetCapture
SetWindowLongA
UnregisterHotKey
MessageBeep
PeekMessageA
GetDesktopWindow
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
MsgWaitForMultipleObjects
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetClientRect
ClientToScreen
MoveWindow
GetAsyncKeyState
mouse_event
GetCursorPos
SetLayeredWindowAttributes
GetMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateFontA
TranslateCharsetInfo

msvcrt

modf
realloc
??3@YAXPAX@Z
memmove
strncmp
__CxxFrameHandler
_except_handler3
calloc
strchr
strrchr
_CIpow
floor
_CIfmod
malloc
free
rand
srand
_ftol
atoi
sprintf

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderPathA
ShellExecuteA

comctl32

ImageList_DragShowNolock
ImageList_DragEnter
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragMove
ord17
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy

Sections

.text
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 350KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1cd3e98d705708bff4fa9331f869527c

Headers

File Characteristics

Imports

winmm

kernel32

shlwapi

user32

gdi32

msvcrt

shell32

comctl32

Sections

.text Size: 280KB - Virtual size: 280KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 350KB - Virtual size: 440KB

.text
Size: 280KB - Virtual size: 280KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 350KB - Virtual size: 440KB