blackmoon | fb8f02853e5ca85c2c3e49e9c83d97d4_JaffaCakes118

General

Target

fb8f02853e5ca85c2c3e49e9c83d97d4_JaffaCakes118
Size

209KB
MD5

fb8f02853e5ca85c2c3e49e9c83d97d4
SHA1

7cf25a20b229cc6f9ddcc0b0302a9098f6200f7b
SHA256

2950f9647637ff0abc8dbdd85721962480d8fc904becbc3fa00fed3f3d2c6b38
SHA512

4dfc5436c172415df209a3ac301aa7d1c7296b4236d49cd5350761d222a18058156d8bdda9dd9b0bc15d527bde2ed0929f648eb28b98df6a362d4a02dcde524a
SSDEEP

3072:66izfmdOKQUkVzcpoxGWuvSZSN4n3lDsOmrd4MyE6dUweVR:DYmmlcGxGW0Il4OUd4HE62

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb8f02853e5ca85c2c3e49e9c83d97d4_JaffaCakes118

Files

fb8f02853e5ca85c2c3e49e9c83d97d4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

58f3944e86e5374b2fa222aa235e757f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

sprintf
strncmp
strncpy
malloc
free
modf
_ftol
strrchr
??3@YAXPAX@Z
??2@YAPAXI@Z
_CIpow
strtod
tolower

user32

MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
KillTimer
SetTimer

kernel32

LCMapStringA
GetModuleFileNameA
GetCommandLineA
CreateFileA
WriteFile
WideCharToMultiByte
MultiByteToWideChar
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
CloseHandle
SetWaitableTimer
CreateWaitableTimerA

ole32

CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize

oleaut32

VariantChangeType
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
RegisterTypeLi
LoadTypeLi
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
VariantInit
SafeArrayGetUBound

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

58f3944e86e5374b2fa222aa235e757f

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

ole32

oleaut32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 8KB - Virtual size: 4KB