blackmoon | 35f3060d61bfc8d4eaa394fd91536da3d7979565c7e94574118a693c0cb7822d

Sharing

Copy URL Twitter E-mail

General

Target

35f3060d61bfc8d4eaa394fd91536da3d7979565c7e94574118a693c0cb7822d
Size

188KB
MD5

fb44a88d26137b233a6da206da861824
SHA1

21a5c4d59be4d71ca5aeca2db09477d04828683b
SHA256

35f3060d61bfc8d4eaa394fd91536da3d7979565c7e94574118a693c0cb7822d
SHA512

7e65b01d3e7b4855eb53a1a578eee52795ca98a3c8cf7abea3f387513ca894489b1ee9d592964da847547fd0b623951aefc6de318e58ab743ce5fe5bfdf4c15f
SSDEEP

3072:KfVbwXVpOSIuiaj0qAL2L1DuAqJKTXf3sKqsOa5itnPUyk:KNCjhrL1SA5TvD35wrk

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35f3060d61bfc8d4eaa394fd91536da3d7979565c7e94574118a693c0cb7822d

Files

35f3060d61bfc8d4eaa394fd91536da3d7979565c7e94574118a693c0cb7822d
.exe windows:4 windows x86 arch:x86

883da9df0f6cc4d388e3c2b0f1420d2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapFree
IsBadReadPtr
GetPrivateProfileStringA
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
WriteFile
ReadFile
GetFileSize
SetFilePointer
GetCommandLineA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
LCMapStringA
CloseHandle
HeapAlloc
ExitProcess
GetProcessHeap
GetProcAddress
GetModuleHandleA
Sleep
SetWaitableTimer
CreateWaitableTimerA
VirtualProtect
VirtualAlloc
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
RaiseException
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetVersion
GetCurrentProcessId
TerminateProcess
OpenProcess
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
GetStartupInfoA

user32

MsgWaitForMultipleObjects
GetWindowThreadProcessId
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
FindWindowA

advapi32

CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptAcquireContextA
CryptCreateHash

ole32

CLSIDFromString
OleRun
CoUninitialize
CLSIDFromProgID
CoCreateInstance
CoInitialize

wininet

InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetOpenA

oleaut32

VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
SafeArrayDestroy
VariantClear

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

883da9df0f6cc4d388e3c2b0f1420d2e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

wininet

oleaut32

shell32

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 28KB - Virtual size: 115KB

.rsrc Size: 4KB - Virtual size: 608B

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 28KB - Virtual size: 115KB

.rsrc
Size: 4KB - Virtual size: 608B