blackmoon | ebb01deb668b415a501007bc66485de2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ebb01deb668b415a501007bc66485de2_JaffaCakes118
Size

4.7MB
MD5

ebb01deb668b415a501007bc66485de2
SHA1

df05af375ad9d3e70684c63ee83368aa8adbcd8f
SHA256

582621f1ceb190323ccd11ad594d7fb00c5d52596f2d48d5aa5e56d9943c529b
SHA512

276797de720f9c944291b082c1b3e3f368db336bf122528dbec03fdf5b734467935e2e09300c607cc85cfa99affc45e45048f2cee8b22bdd925616b0504b4f84
SSDEEP

98304:/8QFQ+ETJ3D0dRRFXH/Z5y1LbT7j5VZnf:/8QQ+ETOdRRFXH/ZOf

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebb01deb668b415a501007bc66485de2_JaffaCakes118

Files

ebb01deb668b415a501007bc66485de2_JaffaCakes118
.dll windows:6 windows x86 arch:x86

c552e41c87e7b9e676a7c688df690ff8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

kernel32

FindFirstFileA
FindClose
CreateDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
GetLocalTime
CreateProcessA
GetStartupInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetCurrentDirectoryA
GetCommandLineA
LoadLibraryA
LCMapStringA
VirtualQuery
GetTickCount
HeapReAlloc
GetTempPathA
IsWow64Process
GetCurrentProcess
GetVersionExA
lstrcmpiW
HeapFree
GetProcessHeap
InterlockedDecrement
VirtualProtect
GetLocaleInfoW
SetUnhandledExceptionFilter
CompareStringW
CompareStringA
GetExitCodeProcess
CreatePipe
SetStdHandle
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
LCMapStringW
IsBadWritePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
GetACP
RaiseException
TerminateProcess
GetTimeZoneInformation
RtlUnwind
GetOEMCP
Sleep
GetStringTypeExA
MoveFileA
DuplicateHandle
GetProcessVersion
FindResourceA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
InterlockedIncrement
GetVersion
lstrcpyA
lstrcatA
SetErrorMode
LocalReAlloc
GlobalReAlloc
TlsFree
GlobalHandle
GlobalDeleteAtom
lstrcmpA
GetWindowsDirectoryA
InterlockedCompareExchange
AreFileApisANSI
CreateFileMappingA
CreateFileMappingW
CreateMutexW
FlushFileBuffers
FormatMessageW
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
HeapSize
HeapValidate
LockFile
LockFileEx
MapViewOfFile
QueryPerformanceCounter
SetEndOfFile
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
LoadLibraryExA
TryEnterCriticalSection
GetThreadTimes
GetCurrentProcessId
GlobalFlags
FindNextFileA
FormatMessageA
GetUserDefaultLCID
DeleteFileA
SetFilePointer
GetCPInfo
CreateToolhelp32Snapshot
Module32First
Module32Next
CloseHandle
RtlMoveMemory
OpenThread
lstrcpynA
WriteProcessMemory
MulDiv
VirtualFree
FlushInstructionCache
lstrlenA
WaitForSingleObject
WriteFile
OutputDebugStringW
CreateProcessW
RtlFillMemory
MoveFileW
CopyFileW
DeleteFileW
ReadFile
GetFileSize
CreateFileW
GlobalUnlock
GlobalLock
GetLastError
lstrcmpW
lstrlenW
FreeResource
CreateFileA
GetEnvironmentVariableA
SetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
FindResourceW
IsBadCodePtr
TlsAlloc
TlsGetValue
TlsSetValue
VirtualAlloc
ExitProcess
lstrcmpiA
IsBadReadPtr
GlobalAlloc
GetCurrentThreadId
GlobalFree
GetModuleHandleA
GetProcAddress
GetCurrentThread
ExitThread
GetModuleHandleW
HeapCreate
LocalAlloc
LoadLibraryW
FreeLibrary
MultiByteToWideChar
GlobalSize
DebugActiveProcess
WaitForDebugEvent
ContinueDebugEvent
DebugActiveProcessStop
OutputDebugStringA
CopyFileA
VirtualAllocEx
WideCharToMultiByte
GetTempFileNameA
GetSystemDirectoryA
CreateRemoteThread
ReadProcessMemory
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapDestroy
LocalSize
LocalFree
InterlockedExchange
RtlZeroMemory
InterlockedExchangeAdd
InitializeCriticalSection
QueryDosDeviceA
GetLogicalDriveStringsA
lstrcpyn
CreateThread

user32

OpenClipboard
CloseClipboard
wvsprintfA
CreateDialogIndirectParamA
GetDlgItem
SetWindowLongA
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
EmptyClipboard
SetClipboardData
PeekMessageA
GetMessageA
MessageBoxA
GetDesktopWindow
GetWindow
DispatchMessageA
wsprintfA
GetWindowThreadProcessId
GetClassNameA
WindowFromDC
AdjustWindowRectEx
EnumDisplaySettingsA
EndMenu
GetSysColor
SetCaretPos
HideCaret
ShowCaret
CreateCaret
DestroyCaret
TrackPopupMenu
EnableMenuItem
GetSubMenu
LoadMenuW
DestroyCursor
CopyImage
GetCaretPos
SetMenuItemInfoW
EndDialog
GetAsyncKeyState
ToUnicode
GetKeyboardState
MapVirtualKeyW
SetCapture
EndPaint
BeginPaint
GetUpdateRect
WindowFromPoint
UpdateLayeredWindow
GetMenuStringW
GetMenuItemInfoW
GetMenuItemRect
GetMenuItemCount
SetCursor
PostQuitMessage
CallWindowProcW
SetFocus
SetWindowRgn
SetWindowLongW
SetClassLongW
CreateWindowExW
GetCursorPos
GetSystemMetrics
GetClassLongW
MessageBoxW
GetFocus
ShowWindow
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
IsWindowEnabled
SetWindowPos
MoveWindow
GetWindowRect
SetTimer
KillTimer
IsWindow
IntersectRect
IsRectEmpty
DrawTextExW
UpdateWindow
InvalidateRect
UnionRect
OffsetRect
CharLowerW
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
DefWindowProcW
RegisterClassExW
SetWindowsHookExW
SystemParametersInfoW
ReleaseDC
GetDC
LoadStringW
GetDoubleClickTime
RegisterWindowMessageA
LoadCursorW
EnableWindow
SetForegroundWindow
SwitchToThisWindow
ReleaseCapture
DestroyWindow
SendMessageW
PostMessageW
PtInRect
GetForegroundWindow
UnhookWindowsHookEx
DispatchMessageW
TranslateMessage
GetMessageW
MapVirtualKeyA
CallNextHookEx
SetWindowsHookExA
SetWindowTextA
IsWindowVisible
GetParent
GetWindowInfo
ScreenToClient
GetActiveWindow
SetActiveWindow
PostMessageA
GetLastActivePopup
ValidateRect
GetKeyState
GetNextDlgTabItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnregisterClassA
GetDlgCtrlID
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
IsIconic
SystemParametersInfoA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
SendMessageTimeoutA
SendMessageA
MsgWaitForMultipleObjects
PostThreadMessageA

gdi32

PtVisible
RectVisible
ExtTextOutA
Escape
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
TextOutA
OffsetViewportOrgEx
GetStockObject
GetBitmapBits
GetObjectA
GetCurrentObject
GdiFlush
CreateBitmap
StretchBlt
CreateCompatibleBitmap
GetObjectType
GetTextMetricsW
CombineRgn
CreateRoundRectRgn
CreateFontIndirectW
SetTextColor
SetBkColor
BitBlt
SelectClipRgn
CreateRectRgn
DeleteDC
DeleteObject
CreateDIBSection
CreateCompatibleDC
SelectObject
GetDeviceCaps
ScaleViewportExtEx
SetViewportExtEx
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx

comdlg32

GetOpenFileNameA

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconW
SHCreateDirectoryExW
ShellExecuteW
ShellExecuteA

ole32

OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleRun
CLSIDFromString
ReleaseStgMedium
RegisterDragDrop
OleInitialize
CoCreateInstance
GetHGlobalFromStream
CreateStreamOnHGlobal
IsEqualGUID
CoUninitialize
CoInitialize
CLSIDFromProgID

shlwapi

StrToIntExA
PathRemoveFileSpecW
PathIsDirectoryA
StrTrimW
StrToIntW
PathFileExistsA
PathFindFileNameA

gdiplus

GdipDeletePen
GdipDrawRectangle
GdipFillPath
GdipGetMatrixElements
GdipSetMatrixElements
GdipTranslateMatrix
GdipDrawImageRectRectI
GdipGetImagePixelFormat
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipCombineRegionRegion
GdipTranslateRegion
GdipCloneRegion
GdipCreateRegionPath
GdipCreateRegionRect
GdipIsVisibleRegionPoint
GdipCreateTexture
GdipSetImageAttributesColorMatrix
GdipCreatePen2
GdipDeleteBrush
GdipFillRectangle
GdipCreateSolidFill
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipCreateBitmapFromScan0
GdipCreateMatrix
GdiplusStartup
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDrawImageRectRect
GdipSetCompositingMode
GdipCloneBitmapAreaI
GdipDisposeImage
GdipDrawImage
GdipSetPenDashStyle
GdipDrawLine
GdipSetSolidFillColor
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipCreateImageAttributes
GdipResetClip
GdipSetClipRect
GdipSetTextureTransform
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipGetImageGraphicsContext
GdipImageSelectActiveFrame
GdipCreateFromHDC
GdipDeleteGraphics
GdipClosePathFigure
GdipAddPathArc
GdipAddPathLine
GdipStartPathFigure
GdipDeletePath
GdipCreatePath
GdipDeleteRegion
GdipIsVisiblePathPoint
GdiplusShutdown
GdipDeleteMatrix
GdipGraphicsClear

oleaut32

VariantClear
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
OleLoadPicture
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
SafeArrayDestroy
SysAllocStringByteLen
SysAllocString

imm32

ImmAssociateContext
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext

riched20

ord4

oleacc

ObjectFromLresult

wininet

InternetSetCookieA
InternetGetCookieA

oledlg

ord8

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

Exports

Exports

interfaceDll

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 534KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c552e41c87e7b9e676a7c688df690ff8

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

gdiplus

oleaut32

imm32

riched20

oleacc

wininet

oledlg

winspool.drv

comctl32

Exports

Exports

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 534KB - Virtual size: 692KB

.vmp0 Size: 196KB - Virtual size: 195KB

.reloc Size: 114KB - Virtual size: 113KB

.rsrc Size: 512B - Virtual size: 408B

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 534KB - Virtual size: 692KB

.vmp0
Size: 196KB - Virtual size: 195KB

.reloc
Size: 114KB - Virtual size: 113KB

.rsrc
Size: 512B - Virtual size: 408B