blackmoon | c936aaaa2d66521aa4d22294f5b74c139e3273b01e802505aeb79ecf46a1768b

Sharing

Copy URL Twitter E-mail

General

Target

c936aaaa2d66521aa4d22294f5b74c139e3273b01e802505aeb79ecf46a1768b
Size

344KB
MD5

cb07fbe161546e17c0556a8b8d987bb4
SHA1

dd197b399b59a2d05c81b01422055943f7689bb4
SHA256

c936aaaa2d66521aa4d22294f5b74c139e3273b01e802505aeb79ecf46a1768b
SHA512

4732389ce3eb75827366a360c5e509c790b09a4c2f14e1ce9bb7a19727d8d118a20aec6084a13887a59cd7b87cd04ba2a23245e50be8ea2131d5ce86567f603e
SSDEEP

6144:tRC/uzwfNq4VDhMHlqDgoxkjT/O1mZSg1fzVda:t0uzwfhtq4DgEkjT/2+S2da

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c936aaaa2d66521aa4d22294f5b74c139e3273b01e802505aeb79ecf46a1768b

Files

c936aaaa2d66521aa4d22294f5b74c139e3273b01e802505aeb79ecf46a1768b
.exe windows:4 windows x86 arch:x86

eb75cc55c7b599f9e60cfe194dd2e095

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
CreateToolhelp32Snapshot
Module32Next
VirtualAlloc
VirtualFree
GetCurrentProcessId
CreateMutexA
OpenFileMappingA
CreateFileMappingA
OpenEventA
CreateEventA
Process32First
Process32Next
CloseHandle
WaitForSingleObject
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetPrivateProfileStringA
WriteFile
GetStdHandle
ReadConsoleA
WritePrivateProfileStringA
ReadFile
GetFileSize
CreateFileA
DeleteFileA
GetModuleFileNameA
GetLocalTime
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
CreateDirectoryA
CreateProcessA
GetStartupInfoA
GetTickCount
GetCommandLineA
DeviceIoControl
GetProcAddress
LoadLibraryA
LCMapStringA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GlobalSize
GlobalMemoryStatusEx
GetComputerNameA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
MultiByteToWideChar
SetFilePointer
RaiseException
IsBadWritePtr
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
TerminateProcess
FreeLibrary
Sleep
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleCursorInfo
GetConsoleCursorInfo
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateThread
GetVersion
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError

user32

GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
GetClassNameA
MessageBoxTimeoutA
CallWindowProcA
FindWindowExA
GetWindowTextLengthA
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA

advapi32

LookupPrivilegeValueA
OpenProcessToken

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
InternetCloseHandle

ws2_32

recv
getsockname
ntohs
send
select
socket
WSAStartup
closesocket
WSAAsyncSelect
htons
connect
gethostbyname
WSACleanup
inet_addr

shlwapi

PathFileExistsA

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb75cc55c7b599f9e60cfe194dd2e095

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

ws2_32

shlwapi

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 48KB - Virtual size: 112KB

Size: 44KB - Virtual size: 42KB

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 48KB - Virtual size: 112KB