blackmoon | e0fafc20ae8ed3817689f46b5a748dd3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e0fafc20ae8ed3817689f46b5a748dd3_JaffaCakes118
Size

6.9MB
MD5

e0fafc20ae8ed3817689f46b5a748dd3
SHA1

5804d8dee9270f34118e3382f3286655e0d932ab
SHA256

3af946dc823440c618e0073f07facd3e4fc6653bd30c57d58e9983be36ad45b7
SHA512

015a60fb6ddf926375edf5e34974cbe7cab1629e5c136a89807388a09339d1a2661f7ccc37c10a020d8f7c7c23f34fd43e625079e36a259727ae17d8f48126cb
SSDEEP

98304:GYkPCbO7xTnWgMG/158lKCkZ1XsDJFw7SFEk+JosO+PJFK0WoS:GYRK00XcJFJFEkoos/PJpW

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0fafc20ae8ed3817689f46b5a748dd3_JaffaCakes118

Files

e0fafc20ae8ed3817689f46b5a748dd3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

88e4d8ff136699a392f175cd57fac9af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeKillEvent
timeSetEvent

kernel32

lstrcpyA
GetVersionExA
GetLastError
SetFilePointer
LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
Sleep
FindClose
FindFirstFileA
FindNextFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
FormatMessageA
GetUserDefaultLCID
GetLocalTime
GetFileSize
GetModuleFileNameA
GetTickCount
CreateDirectoryA
IsBadReadPtr
HeapReAlloc
ExitProcess
GetModuleHandleA
HeapCreate
CreateFileMappingA
CreateFileA
UnmapViewOfFile
MapViewOfFile
HeapAlloc
HeapDestroy
WaitForSingleObject
HeapFree
GetProcessHeap
FlushInstructionCache
GetCurrentProcess
GetProcAddress
LocalSize
RtlFillMemory
lstrlenA
GetTimeFormatA
GetDateFormatA
DeleteFileA
GetCurrentProcessId
TerminateProcess
OpenProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadFile
CreateProcessA
GetVersion
CreatePipe
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
RtlMoveMemory
SetWaitableTimer
CreateWaitableTimerA
WriteFile
WideCharToMultiByte
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventA
OpenEventA
MultiByteToWideChar
VirtualFree
GetModuleHandleW
VirtualAlloc
InitializeCriticalSection
GetTempPathA
GetWindowsDirectoryA
CloseHandle
CreateThread
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
LCMapStringW
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
GetACP
RaiseException
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
SetErrorMode
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcpynA
FlushFileBuffers
LocalFree
MulDiv
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetTimeZoneInformation
FindResourceA
LoadResource
SetLastError
lstrcatA
LockResource

user32

GetWindowThreadProcessId
GetWindowTextW
GetClassNameA
SetForegroundWindow
SetWindowPos
GetMessageW
TranslateMessage
IsWindowVisible
GetClassLongA
SystemParametersInfoA
UpdateWindow
ShowWindow
SendMessageW
SetWindowTextA
CreateDialogIndirectParamA
GetClipboardData
SetCaretPos
GetDlgItem
ScreenToClient
GetWindowTextLengthA
GetWindowTextA
OpenClipboard
DestroyCaret
CreateCaret
GetIconInfo
RedrawWindow
SetWindowRgn
IsRectEmpty
GetDC
SetFocus
GetFocus
SetCapture
IsZoomed
SendMessageA
TrackMouseEvent
SetWindowLongW
EmptyClipboard
SetClipboardData
CloseClipboard
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowLongW
IsIconic
DestroyIcon
CreateWindowExW
CallWindowProcA
SetWindowLongA
GetWindowLongA
ReleaseDC
EndPaint
BeginPaint
SetCursor
DispatchMessageW
GetPropW
MsgWaitForMultipleObjects
IsWindow
GetWindowRect
SetPropW
GetParent
GetKeyState
MoveWindow
MessageBeep
PostMessageW
RemovePropW
DestroyWindow
PostQuitMessage
LoadCursorW
LoadIconW
RegisterClassExW
DefWindowProcW
KillTimer
UpdateLayeredWindow
CallWindowProcW
ReleaseCapture
SetTimer
DestroyMenu
PostThreadMessageA
UnregisterClassA
LoadStringA
GetSystemMetrics
FindWindowA
PtInRect
GetWindow
PostMessageA
EnableWindow
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
SetActiveWindow
EndDialog
GetDlgCtrlID
GetMenuItemCount
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
GetCursorPos

gdi32

GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
GetStockObject
GetObjectA
GetDIBits
GetObjectW
DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateRoundRectRgn
BitBlt
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
SetViewportExtEx
GetTextExtentPoint32W
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

advapi32

CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

comctl32

ImageList_GetIconSize
ImageList_GetIcon
ord17

iphlpapi

SendARP

shlwapi

PathFindExtensionA
PathFindFileNameA
PathFileExistsA

ws2_32

htons
connect
select
getsockopt
closesocket
ioctlsocket
setsockopt
socket
inet_addr
gethostbyname
WSAStartup
WSACleanup
gethostname
recv
send

shell32

DragFinish
ShellExecuteA
ShellExecuteEx
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA
DragQueryFileA

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CLSIDFromProgID
CoCreateInstance
OleRun
CLSIDFromString
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoRevokeClassObject

wininet

InternetSetOptionA
InternetCanonicalizeUrlA
InternetOpenUrlA
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetGetCookieExA
InternetGetCookieA
InternetSetCookieA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetCrackUrlA
HttpOpenRequestA

gdiplus

GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipGetFamilyName
GdipDrawImageRect
GdipSetTextRenderingHint
GdipSetClipRegion
GdipSetClipRect
GdipGetVisibleClipBounds
GdipDrawPolygon
GdipLoadImageFromFile
GdipCreateStringFormat
GdipGetStringFormatTrimming
GdipGetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatFlags
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipLoadImageFromStream
GdipDrawImageRectRect
GdipSetSmoothingMode
GdipMeasureString
GdipFillPolygon
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipResetClip
GdipDeleteStringFormat
GdipGetFontSize
GdipGetFontStyle
GdipDeletePath
GdipCloneBitmapArea
GdipGraphicsClear
GdipDeleteMatrix
GdipGetRegionScans
GdipGetRegionScansCount
GdipCreateMatrix
GdipCombineRegionRect
GdipSetStringFormatAlign
GdipGetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipGetFontHeight
GdipImageSelectActiveFrame
GdipCreateBitmapFromHICON
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipCreatePathGradientFromPath
GdipCreateRegionHrgn
GdipGetImagePixelFormat
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipDrawString
GdipBitmapGetPixel
GdipCreatePath
GdipAddPathArc
GdipClosePathFigure
GdipSetClipPath
GdipFillPath
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipDrawRectangle
GdipDeletePen
GdipSetPenDashStyle
GdipDrawPath
GdipSetStringFormatMeasurableCharacterRanges
GdipCreateRegion
GdipMeasureCharacterRanges
GdipGetRegionBounds
GdipDeleteRegion

oleaut32

VarR8FromCy
VariantTimeToSystemTime
LoadTypeLi
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
RegisterTypeLi
SafeArrayDestroyDescriptor
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromBool
SysFreeString
LHashValOfNameSys

winhttp

WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpSetCredentials
WinHttpCrackUrl
WinHttpCheckPlatform
WinHttpQueryHeaders

odbc32

ord32
ord29
ord39
ord18
ord8
ord43
ord30
ord76
ord12
ord72
ord19
ord20
ord11
ord31
ord9
ord41
ord75
ord24
ord36

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmAssociateContext
ImmGetContext

oledlg

ord8

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

rasapi32

RasGetConnectStatusA
RasHangUpA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.6MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

88e4d8ff136699a392f175cd57fac9af

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

advapi32

comctl32

iphlpapi

shlwapi

ws2_32

shell32

ole32

wininet

gdiplus

oleaut32

winhttp

odbc32

imm32

oledlg

winspool.drv

rasapi32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 5.6MB - Virtual size: 5.8MB

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 5.6MB - Virtual size: 5.8MB

.rsrc
Size: 28KB - Virtual size: 25KB