blackmoon | 31a0baf3f39aaed95ff9f2f8f26df776cf06b7746b1a6bdc7496ae1046c83e8b

General

Target

31a0baf3f39aaed95ff9f2f8f26df776cf06b7746b1a6bdc7496ae1046c83e8b
Size

176KB
MD5

e2bfd9c8899a577f5db1cce569d95572
SHA1

cafc2b5691ddcf5e77772f6c27287132b664a117
SHA256

31a0baf3f39aaed95ff9f2f8f26df776cf06b7746b1a6bdc7496ae1046c83e8b
SHA512

7950f02f3c6b5cdc7641bc279ff1ba10b8dcc667b80ff30b1775e8005c325cfc1c4411f3d8487220393a35b5ad8201e296dd9621a72841b48d9840824e98ab83
SSDEEP

1536:b6jZQx7EKpLRAGJe0eLRn9ek6xSSZNEnxRoCTvy00nJBYuH1Cr/7TDEy0gxWR:+1QhEKJaLd0bZNExRoYyNJCuH8MyB

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31a0baf3f39aaed95ff9f2f8f26df776cf06b7746b1a6bdc7496ae1046c83e8b

Files

31a0baf3f39aaed95ff9f2f8f26df776cf06b7746b1a6bdc7496ae1046c83e8b
.dll windows:4 windows x86 arch:x86

0986269e0d2cfaa308fbd150a8ed57cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalSize
CreateProcessA
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
GetExitCodeThread
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
GetPrivateProfileStringA
GetTickCount
CreateMutexW
ReadFile
GetFileSize
CreateFileA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
lstrcpyn
DeleteCriticalSection
CreateThread
CloseHandle
VirtualProtect

user32

FindWindowA
MessageBoxA
wsprintfA
DispatchMessageA
PeekMessageA
GetMessageA
TranslateMessage

iphlpapi

GetAdaptersInfo

msvcrt

_strnicmp
tolower
sprintf
strncmp
??3@YAXPAX@Z
atoi
_ftol
??2@YAPAXI@Z
__CxxFrameHandler
toupper
srand
rand
strrchr
strchr
modf
memmove
free
malloc

shlwapi

PathFileExistsA

Exports

Exports

_GetToolsVersion
_��ӳ��
inject_
startGameAndSetHook
startTcgAndSetHook

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.svmp0
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0986269e0d2cfaa308fbd150a8ed57cd

Headers

File Characteristics

Imports

kernel32

user32

iphlpapi

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 20KB - Virtual size: 80KB

.svmp0 Size: 20KB - Virtual size: 18KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 80KB

.svmp0
Size: 20KB - Virtual size: 18KB

.reloc
Size: 8KB - Virtual size: 4KB