blackmoon | 42df2c95683d1334751d1ae2c00d54bb8acd71d4855599e168ecfdcd26cb4156

Sharing

Copy URL

Twitter E-mail

General

Target

42df2c95683d1334751d1ae2c00d54bb8acd71d4855599e168ecfdcd26cb4156
Size

108KB
MD5

cf04480e5450673364506eb0030aadd4
SHA1

dbbebb6b7ccafdb134a91c9bb06f2ecf37db4bb5
SHA256

42df2c95683d1334751d1ae2c00d54bb8acd71d4855599e168ecfdcd26cb4156
SHA512

75646aabaae6019795e9d10365e0bd5b1f774a3ded19dc99c1b754b46f7987271703cb69db7542a8a7c281907a3ce20718627d487d3f2c4a7e6c6b354d56d02e
SSDEEP

1536:NvHKtpR2BR4fFdRe0SBiE3mHXHPvvnBGVPdHn1+N+blyYOoUXYr:9KnoBR4fRe05QmHXvX+PeN+5vOoUXYr

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42df2c95683d1334751d1ae2c00d54bb8acd71d4855599e168ecfdcd26cb4156

Files

42df2c95683d1334751d1ae2c00d54bb8acd71d4855599e168ecfdcd26cb4156
.dll windows:4 windows x86 arch:x86

b4b675e2449a943f1a40964483c09049

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
Sleep
GetModuleFileNameA
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
GetCurrentProcessId
WTSGetActiveConsoleSessionId
WriteFile
CreateFileA
GetCommandLineA
LCMapStringA
SetWaitableTimer
CreateWaitableTimerA
GetWindowsDirectoryA
GetSystemDirectoryA
GetLastError
RtlZeroMemory
GetTempPathA
lstrcpyn
GetProcAddress
GetModuleHandleA
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot

user32

PeekMessageA
GetMessageA
MsgWaitForMultipleObjects
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage

comdlg32

GetFileTitleA

advapi32

CreateProcessAsUserA
AdjustTokenPrivileges
SetTokenInformation
DuplicateTokenEx
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

ole32

CLSIDFromString
CoUninitialize
CLSIDFromProgID
CoInitialize
OleRun
CoCreateInstance

oleaut32

SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
SafeArrayGetUBound

wininet

InternetCloseHandle
InternetOpenA
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetSetOptionA
InternetConnectA

shlwapi

PathFileExistsA

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

msvcrt

free
_ftol
atoi
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
sprintf
_CIfmod
strrchr
realloc
modf
strncmp
__CxxFrameHandler
memmove
malloc

shell32

SHGetSpecialFolderPathA

Exports

Exports

ChromeUpdate
RegisterUserNotifyInterface

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4b675e2449a943f1a40964483c09049

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

oleaut32

wininet

shlwapi

wtsapi32

userenv

msvcrt

shell32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 88KB

.rsrc Size: 4KB - Virtual size: 652B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 88KB

.rsrc
Size: 4KB - Virtual size: 652B

.reloc
Size: 4KB - Virtual size: 3KB