blackmoon | 4b514053a4a8404c8e49ffe14fb0f5c5ede20aaea7441b8bfa36b8f3a6fd946c

Sharing

Copy URL Twitter E-mail

General

Target

4b514053a4a8404c8e49ffe14fb0f5c5ede20aaea7441b8bfa36b8f3a6fd946c
Size

388KB
MD5

5b1fadbb7e7e4a2892aa9a783b1362e8
SHA1

2316ac1cd8f0842c89cb1ddbc4cd2e7ccb0c2f45
SHA256

4b514053a4a8404c8e49ffe14fb0f5c5ede20aaea7441b8bfa36b8f3a6fd946c
SHA512

868b226c766b88c0a3ee39c177ffdfb18125acd7567e6bde3908490480e90960873054c9c7f43d97a7a148453db925f33a2c0ee675040703f4b0510f3f2a6aab
SSDEEP

6144:SwDEW8Yvm8Mz2uP3PVk/nDAXf3/7onrGXo3s4ItjNjeHn:SwIW8YvmJau/PirAXf3/M6Xoc4eNg

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b514053a4a8404c8e49ffe14fb0f5c5ede20aaea7441b8bfa36b8f3a6fd946c

Files

4b514053a4a8404c8e49ffe14fb0f5c5ede20aaea7441b8bfa36b8f3a6fd946c
.exe windows:4 windows x86 arch:x86

15a04f026bd6df6aece0fa12ad3fbf45

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetFileAttributesA
CreateToolhelp32Snapshot
Module32Next
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
CreateFileA
Process32First
Process32Next
GetCurrentProcessId
VirtualFreeEx
VirtualAllocEx
CloseHandle
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
ReadFile
GetFileSize
DeleteFileA
GetTickCount
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
GetPrivateProfileStringA
GlobalUnlock
GlobalLock
WritePrivateProfileStringA
WriteFile
Sleep
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualFree
InterlockedIncrement
InterlockedDecrement
VirtualAlloc
SetWaitableTimer
CreateWaitableTimerA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
UnmapViewOfFile
MapViewOfFile
MoveFileA
CreateDirectoryA
CreateEventA
OpenEventA
CreateFileMappingA
RtlUnwind
GetVersion
SetFilePointer
RaiseException
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStartupInfoA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
OpenFileMappingA
TerminateProcess
CreateMutexA
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW

user32

SetWindowTextA
wvsprintfA
IsWindowVisible
GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
CreateWindowStationA
MessageBoxA
wsprintfA
PeekMessageA
CreateDialogIndirectParamA
UpdateWindow
GetMessageA
SendMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
PostQuitMessage
CloseClipboard
GetDlgItem
ShowWindow
SetWindowLongA
GetWindowRect
ScreenToClient
SetWindowPos
GetWindowLongA
GetWindowTextLengthA
OpenClipboard
GetClipboardData

advapi32

CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

WSAStartup
closesocket
socket
htons
inet_addr
connect
gethostbyname
recv
getsockname
ntohs
WSAAsyncSelect
select
WSACleanup
send

shlwapi

PathFileExistsA

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

15a04f026bd6df6aece0fa12ad3fbf45

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

Sections

.text Size: 312KB - Virtual size: 311KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 60KB - Virtual size: 151KB

.text
Size: 312KB - Virtual size: 311KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 60KB - Virtual size: 151KB