blackmoon | a92b85a76f725d39dca4174bc9dfc00ccf06f2743ba2508e8e046e3ca8f1c14f

Sharing

Copy URL Twitter E-mail

General

Target

a92b85a76f725d39dca4174bc9dfc00ccf06f2743ba2508e8e046e3ca8f1c14f
Size

1.1MB
MD5

3114f58f66fdaa939478e367a42c8cd7
SHA1

0a21d1be155d23439b5a98340572e2cf353dcf8e
SHA256

a92b85a76f725d39dca4174bc9dfc00ccf06f2743ba2508e8e046e3ca8f1c14f
SHA512

c54db78b1b4d0eaa55321f79279afe48567f60bf8889eb2d738a42b26218a8bd2a90101b60445ac0625e118c1f00972937f3ec52bd34df49a398696a867c5dbc
SSDEEP

12288:hMu9/wDjhkUCbgDG44jCQR5nWFpPoSwfx0gF7X6Ki9XUk+IPEnugusUETcDa+ylb:hMu9/oWU0gDlmCTbOfTFuKiUR5Z3FF

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a92b85a76f725d39dca4174bc9dfc00ccf06f2743ba2508e8e046e3ca8f1c14f

Files

a92b85a76f725d39dca4174bc9dfc00ccf06f2743ba2508e8e046e3ca8f1c14f
.exe windows:4 windows x86 arch:x86

5557a2a9ed72c07458d711a087105e9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
LCMapStringA
GetModuleFileNameA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetLocalTime
CreateDirectoryA
SetFileAttributesA
CopyFileA
DeleteFileA
IsBadReadPtr
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
ReadFile
GetFileSize
CreateFileA
GetEnvironmentVariableA
WriteFile
GetCommandLineA
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetProcAddress
GetModuleHandleA
RtlMoveMemory
VirtualFree
VirtualAlloc
lstrcpynA
Process32Next
Process32First
CreateToolhelp32Snapshot
FreeLibrary
LoadLibraryA
MoveFileExA
GetTempFileNameA
GetTempPathA
DeviceIoControl
VirtualProtect
WideCharToMultiByte
CloseHandle
SetWaitableTimer
CreateWaitableTimerA
CreateThread
MoveFileA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
MultiByteToWideChar
MulDiv
lstrcatA
lstrcpyA
GetVersion
RtlUnwind
InterlockedDecrement
InterlockedIncrement
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
SetFilePointer
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
FlushFileBuffers
Sleep

user32

RegisterHotKey
ReleaseCapture
ScreenToClient
SendMessageA
SetCapture
SetWindowLongA
UnregisterHotKey
LoadBitmapA
GetSysColor
CreateWindowExA
CallWindowProcA
PeekMessageA
FindWindowA
GetWindowThreadProcessId
SetLayeredWindowAttributes
GetCursorPos
MsgWaitForMultipleObjects
GetMessageA
TranslateMessage
DispatchMessageA
GetSystemMetrics
wsprintfA
MessageBoxA
wvsprintfA
IsWindow
GetAsyncKeyState
GetDC

advapi32

CryptAcquireContextA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash

gdi32

CreateFontA
DeleteObject
GetDeviceCaps
TranslateCharsetInfo

shlwapi

PathFileExistsA

psapi

GetProcessImageFileNameA

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderPathA

comctl32

ImageList_DragEnter
ord17
ImageList_EndDrag
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock

Sections

.text
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 872KB - Virtual size: 965KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5557a2a9ed72c07458d711a087105e9e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

shlwapi

psapi

oleaut32

shell32

comctl32

Sections

.text Size: 224KB - Virtual size: 221KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 872KB - Virtual size: 965KB

.rsrc Size: 4KB - Virtual size: 692B

.text
Size: 224KB - Virtual size: 221KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 872KB - Virtual size: 965KB

.rsrc
Size: 4KB - Virtual size: 692B