blackmoon | 7bfc36dea7fe6a3d7a029dd024c9daa00e37a264567611a64eaab93d866b1049N[.]exe

General

Target

7bfc36dea7fe6a3d7a029dd024c9daa00e37a264567611a64eaab93d866b1049N.exe
Size

390KB
MD5

3563c531ad8054f4b2fd9a01cd790d50
SHA1

02bbf6220000ca563aebaa7a77bfde42245ca5fc
SHA256

7bfc36dea7fe6a3d7a029dd024c9daa00e37a264567611a64eaab93d866b1049
SHA512

ebfaa64533752433a28fe712a37ea837077b7c5402ceb3dcd1a9ad193376ffe4c19e752ff823036ab38ed9d162f7a93a5de5ad252c375488160cbf91377f5a3d
SSDEEP

6144:VQRO8cJ3yzclEC10Y83d+FEWUTG+gvGIJN/w23WBL9Rr98oGm:VQRr6EC1053MLvGIJN/w23ARldGm

Score

10^/10

aspackv2 blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
sample	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7bfc36dea7fe6a3d7a029dd024c9daa00e37a264567611a64eaab93d866b1049N.exe

Files

7bfc36dea7fe6a3d7a029dd024c9daa00e37a264567611a64eaab93d866b1049N.exe
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreatePointer
D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_GetStatus
D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_SetOptions
D3DPERF_SetRegion
DebugSetLevel
DebugSetMute
Direct3DCreate9
Direct3DCreate9Ex
Direct3DShaderValidatorCreate9
GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetPointer
PSGPError
PSGPSampleTexture
SetPointer
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 352KB - Virtual size: 352KB

.rdata Size: 6KB - Virtual size: 8KB

.data Size: 15KB - Virtual size: 92KB

.reloc Size: 10KB - Virtual size: 12KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.text
Size: 352KB - Virtual size: 352KB

.rdata
Size: 6KB - Virtual size: 8KB

.data
Size: 15KB - Virtual size: 92KB

.reloc
Size: 10KB - Virtual size: 12KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB