blackmoon | dee0d2cc97fd105140b97b1b3d377ef4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dee0d2cc97fd105140b97b1b3d377ef4_JaffaCakes118
Size

22.9MB
MD5

dee0d2cc97fd105140b97b1b3d377ef4
SHA1

e1a6dba00a82fcb6bdd76b6412b677ffd554e5ed
SHA256

1a756e4b5691555e9fd41451be02faf1340d7a27e1ab772ff153203e5d8f190d
SHA512

92ba1e906d766fd6b67f4ca26275435861d86b4ca31312aac9704e7d39840eaae7f94b816429854c1696098aff9a4b2b48986b527b767d7dadd55d6b32afc627
SSDEEP

98304:pJTCPCGJTCPCGJTCPCGJY7xtLK3BDhtvS0Hpe4zbpaAKQkroGIkyVPKAeUbYZfgw:pcBnvjeApaAvkt3U64s6uQy

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dee0d2cc97fd105140b97b1b3d377ef4_JaffaCakes118

Files

dee0d2cc97fd105140b97b1b3d377ef4_JaffaCakes118
.exe windows:6 windows x64 arch:x64

65022046142e0fd6529fe552c23bcbff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Hearts.pdb

Imports

kernel32

GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
DelayLoadFailureHook
LoadLibraryExA
GetProcAddress
GetLastError
FreeLibrary
GetDateFormatW
CloseHandle
CreateFileW
GetTickCount
HeapSetInformation
GetModuleHandleW
LocalFree
IsProcessorFeaturePresent
UnmapViewOfFile
GetModuleHandleA
LoadLibraryA
RegOpenKeyExA
RegQueryValueExA
OutputDebugStringA
InterlockedPushEntrySList
VirtualAlloc
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
CreateThread
GetTickCount64
FreeResource
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
ExitProcess
CreateMutexW
GetCommandLineW
RegisterApplicationRestart
GetModuleFileNameW
SetCurrentDirectoryW
OutputDebugStringW
SleepEx
FlushInstructionCache
MulDiv
GlobalAddAtomW
GlobalDeleteAtom
RaiseException
EnterCriticalSection
LeaveCriticalSection
SetLastError
LoadLibraryW
GetVersionExW
QueryPerformanceFrequency
MultiByteToWideChar
GetCurrentDirectoryW
GetFileAttributesW
MoveFileExW
CreateDirectoryW
DeleteFileW
GetFileSize
ReadFile
WriteFile
SetFilePointer
WideCharToMultiByte
CreateEventW
WaitForSingleObject
LoadLibraryExW
FindResourceW
SizeofResource
LoadResource
LockResource
RegCloseKey
GetStdHandle
WriteConsoleW
DebugBreak
GetFileType
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsW
FindResourceExW
GetThreadLocale
LocalAlloc
FormatMessageW

gdi32

GetGlyphOutlineA
GetTextMetricsW
MoveToEx
GetCharacterPlacementW
CreateDIBSection
SelectObject
GetTextExtentPoint32W
GetObjectW
CreateFontIndirectW
DeleteObject
CreateFontIndirectA
GetFontLanguageInfo
SetMapMode
GetCharacterPlacementA
GetTextMetricsA
SetTextAlign
GetBkColor
RemoveFontResourceW
AddFontResourceW
GetDeviceCaps
CreateFontW
CreateRoundRectRgn
GetObjectA
GetTextColor
ExtTextOutA
Rectangle
CreatePen
DeleteDC
RestoreDC
SaveDC
PatBlt
ExcludeClipRect
BitBlt
CreateBitmap
CreateCompatibleDC
ExtTextOutW
SetBkMode
SetBkColor
SetTextColor
CreateSolidBrush
GetStockObject

user32

EnableWindow
IsDlgButtonChecked
CheckDlgButton
LoadStringW
AdjustWindowRectEx
GetWindowLongW
UnhookWindowsHookEx
ShowCursor
KillTimer
SetTimer
IsIconic
FindWindowW
BringWindowToTop
SetForegroundWindow
RegisterRawInputDevices
LoadAcceleratorsW
PeekMessageW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
GetSystemMetrics
SetWindowLongPtrW
IsZoomed
GetWindowPlacement
SetWindowPlacement
ScreenToClient
BeginPaint
EndPaint
ReleaseDC
InvalidateRect
IsWindowVisible
RedrawWindow
SetCapture
GetClassInfoExW
LoadCursorW
RegisterClassExW
RegisterWindowMessageW
SetCursor
SetClassLongPtrW
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
SetMenuInfo
CallNextHookEx
GetCursorPos
TrackPopupMenu
GetSysColorBrush
RegisterClassW
SetWindowsHookExW
SetPropW
GetSubMenu
GetKeyState
GetMonitorInfoW
LoadMenuW
GetDlgItemTextW
FillRect
GetFocus
GetForegroundWindow
GetRawInputData
IntersectRect
IsRectEmpty
TrackMouseEvent
ReleaseCapture
PtInRect
DefWindowProcW
UnionRect
EqualRect
OffsetRect
EnumDisplayMonitors
MonitorFromRect
SendInput
SetRect
GetDoubleClickTime
NotifyWinEvent
GetWindowLongPtrW
DrawTextW
CallWindowProcW
SetWindowLongW
GetIconInfo
GetParent
AdjustWindowRect
GetProcessDefaultLayout
MessageBoxW
GetWindow
GetDlgCtrlID
SetFocus
DialogBoxParamW
CreateDialogIndirectParamW
GetNextDlgGroupItem
GetNextDlgTabItem
GetClassNameW
IsDialogMessageW
EndDialog
SetWindowRgn
EnumChildWindows
GetWindowTextW
IsWindowEnabled
DrawEdge
GetClientRect
GetDC
SendMessageW
ShowWindow
DestroyMenu
GetMenu
SetMenu
DrawMenuBar
LoadIconW
SetWindowTextW
SetDlgItemTextW
GetSysColor
PostMessageW
MapDialogRect
SetWindowPos
MapWindowPoints
GetWindowRect
GetDlgItem
DestroyWindow
DrawFrameControl
CreateDialogParamW
SystemParametersInfoW
PostQuitMessage
CreateWindowExW
UnregisterClassA
MonitorFromWindow

msvcrt

wcscspn
wcsspn
wcstoul
strncmp
_vscwprintf
_localtime64_s
_snwprintf_s
_errno
_wcsnicmp
memmove_s
powf
logf
memmove
wcsncmp
wcstol
qsort
_wcsicmp
atanf
atan2f
_wcstoui64
wcstod
memset
__CxxFrameHandler3
floorf
?_set_new_mode@@YAHH@Z
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
wcscat_s
_vsnwprintf_s
cosf
sinf
acosf
memcmp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UEAA@XZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_callnewh
malloc
_CxxThrowException
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_time64
wcschr
wcscpy_s
srand
time
rand
swprintf_s
_purecall
_wtoi
wcsncpy_s
realloc
free
_finite
_strdup
setlocale
iswalpha
iswspace
iswpunct
iswdigit
memcpy
sqrtf

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIncrementDWORD
WinSqmAddToStream

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoInitialize
CoUninitialize

shell32

SHGetFolderPathW
SHGetFolderPathEx
ShellExecuteW
ShellAboutW
CommandLineToArgvW
SHSetLocalizedName

advapi32

GetUserNameW

oleaut32

VariantInit
SysAllocString
SysStringLen
VariantClear
SysFreeString

shlwapi

PathCombineW
PathFileExistsW

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

gdiplus

GdipImageRotateFlip
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteRegion
GdipCreateRegionHrgn
GdipSetClipRegion
GdipSetClipRectI
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawString
GdipDrawImageRectI
GdipDeleteFont
GdipLoadImageFromStream
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipCreateLineBrushFromRectI
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipSetStringFormatHotkeyPrefix
GdipCreateFromHDC
GdipGetDC
GdipReleaseDC
GdipDrawLineI
GdipDrawRectangle
GdipDrawRectangleI
GdipFillRectangleI
GdipFillRegion
GdipMeasureString
GdipDrawImagePointRectI
GdipDrawImageRectRectI

secur32

GetUserNameExW

d3d9

Direct3DCreate9

dsound

ord11

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

oleacc

AccessibleChildren
CreateStdAccessibleProxyW
AccessibleObjectFromWindow
LresultFromObject

xinput9_1_0

XInputGetState

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

slc

SLGetWindowsInformationDWORD

usp10

ScriptBreak
ScriptItemize

Sections

.text
Size: 481KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65022046142e0fd6529fe552c23bcbff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

user32

msvcrt

ntdll

ole32

shell32

advapi32

oleaut32

shlwapi

comctl32

gdiplus

secur32

d3d9

dsound

winmm

oleacc

xinput9_1_0

wtsapi32

slc

usp10

Sections

.text Size: 481KB - Virtual size: 481KB

.rdata Size: 143KB - Virtual size: 142KB

.data Size: 14KB - Virtual size: 16KB

.pdata Size: 24KB - Virtual size: 24KB

.rsrc Size: 83KB - Virtual size: 82KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 481KB - Virtual size: 481KB

.rdata
Size: 143KB - Virtual size: 142KB

.data
Size: 14KB - Virtual size: 16KB

.pdata
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 83KB - Virtual size: 82KB

.reloc
Size: 2KB - Virtual size: 2KB