blackmoon | fa4db1a9735c3e501b56259d89fbb447_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa4db1a9735c3e501b56259d89fbb447_JaffaCakes118
Size

240KB
MD5

fa4db1a9735c3e501b56259d89fbb447
SHA1

477a2fdae37a8dd09f5d1004b63faac6f9b9e171
SHA256

28834c74444d070f8a67cd19647200df639e5cc50c8b6047bba62dd80f1d28cd
SHA512

b88ac35b44978d6a47f1f1de829faf691fda7072a647e4e4b4de2996998848108a24b73f83946712309a17dc134fe4afdf5f09e567c52aba68c6ecb6b5dc788c
SSDEEP

3072:uAJ+DIKT3WqFCiMdJxn9X+zu4dS5c4JZssGRCv7vyHxTcxJiEyHgu5LYROTKtR7z:/EDBUiSJxVvymHiEyHg0kRiA

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa4db1a9735c3e501b56259d89fbb447_JaffaCakes118

Files

fa4db1a9735c3e501b56259d89fbb447_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1d43516ec43c44de68fd83496faf2b0d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetTickCount
GetExitCodeThread
WaitForSingleObject
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
ExitProcess
IsBadReadPtr
GetModuleFileNameA
ReadFile
GetFileSize
CreateFileA
DeleteFileA
Sleep
WriteFile
SetFilePointer
SetEndOfFile
SetFileAttributesA
GetCommandLineA
LCMapStringA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetLastError
GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RaiseException
GetProcAddress
VirtualFree
GetVersionExA
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetVersion
GetStartupInfoA
GetSystemInfo
CreateIoCompletionPort
ReadProcessMemory
GetCurrentProcess
RtlFillMemory
LocalFree
LocalAlloc
MultiByteToWideChar
lstrcmpiA
lstrlenA
CreateProcessA
TerminateThread
CreateThread
CloseHandle
TerminateProcess
OpenProcess
CreateEventA
OpenEventA
GetCurrentProcessId
RtlMoveMemory
lstrcpyn
LocalSize
GetStringTypeW
GetModuleHandleA

user32

InvalidateRect
GetParent
SendMessageA
TrackMouseEvent
EndPaint
GetDC
BeginPaint
MoveWindow
LoadCursorA
LoadIconA
RegisterClassExA
GetSysColor
FillRect
ReleaseDC
CallWindowProcA
GetWindowRect
MsgWaitForMultipleObjects
GetClassInfoExA
DefWindowProcA
RegisterWindowMessageA
RegisterShellHookWindow
SetWindowLongA
GetWindowThreadProcessId
SetWindowTextA
PeekMessageA
wsprintfA
MessageBoxA
KillTimer
SetTimer
SetWindowPos
SetWindowRgn
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
EqualRect
IntersectRect
GetWindowLongA
PostQuitMessage
CreateWindowExA
GetWindowTextLengthA
IsWindow
EnableWindow
UpdateWindow
ShowWindow
IsWindowVisible
FindWindowA
GetWindowTextA

ws2_32

ntohs
inet_ntoa
WSASend
WSARecv
closesocket
listen
bind
htons
inet_addr
WSASocketA
WSAStartup

gdi32

TextOutA
SetBkColor
DeleteObject
CreatePatternBrush
StretchBlt
SetTextColor
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetObjectA
CreateDIBitmap
CreateRectRgn
GetPixel
CombineRgn
CreateSolidBrush

shell32

SHChangeNotify
SHGetSpecialFolderPathA

wininet

HttpOpenRequestA
InternetReadFile
HttpQueryInfoA
InternetSetCookieA
InternetCloseHandle
InternetConnectA
InternetOpenA
HttpSendRequestA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

msimg32

TransparentBlt

mswsock

AcceptEx
GetAcceptExSockaddrs

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shlwapi

PathFileExistsA

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1d43516ec43c44de68fd83496faf2b0d

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

gdi32

shell32

wininet

ole32

msimg32

mswsock

advapi32

shlwapi

Sections

.text Size: 192KB - Virtual size: 190KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 28KB - Virtual size: 82KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 192KB - Virtual size: 190KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 28KB - Virtual size: 82KB

.rsrc
Size: 4KB - Virtual size: 1KB