blackmoon | 47f37b649bc5d054006d437102e4a5682daa9a263b63484245a19c5e80899dc7

Sharing

Copy URL Twitter E-mail

General

Target

47f37b649bc5d054006d437102e4a5682daa9a263b63484245a19c5e80899dc7
Size

356KB
MD5

d8af1e32753a7ee95a43e25accac981f
SHA1

c471059c19b148d5885caa41bd6b1fb6037b370d
SHA256

47f37b649bc5d054006d437102e4a5682daa9a263b63484245a19c5e80899dc7
SHA512

6f2db4148e445b2b707f2590130b4e979ab50b25bd5fced3f49dabf3b7f2f13a34ab0b88397a34475a24ccb8cac227f96dee4b0b0b706f2d2dd5784e81be261a
SSDEEP

6144:qsKDjH4iZuItmThtQGvsRtCjCXgoSWT3AXIEnf2ykkKIyXrP2UBO5kKymjtcX0ZY:q0Vs2uHZf7c8GzywaAW

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47f37b649bc5d054006d437102e4a5682daa9a263b63484245a19c5e80899dc7

Files

47f37b649bc5d054006d437102e4a5682daa9a263b63484245a19c5e80899dc7
.dll windows:4 windows x86 arch:x86

867291769f39dbeafb18f27cfe4c321f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
OpenProcess
CloseHandle
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
IsBadStringPtrA
GetCurrentProcess
TerminateProcess
Module32First
Module32Next
CreateThread
CreateWaitableTimerA
SetWaitableTimer
WriteProcessMemory
GetCurrentProcessId
IsBadCodePtr
InitializeCriticalSection
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
GetModuleHandleA
LoadLibraryA
GetProcAddress
VirtualQueryEx
VirtualProtectEx
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
lstrlenW
HeapLock
HeapUnlock
HeapCompact
HeapValidate
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
ExitProcess
IsBadReadPtr
GetModuleFileNameA
WriteFile
CreateFileA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
Sleep
GetPrivateProfileStringA
GetUserDefaultLCID
FormatMessageA
GetTickCount
GetCommandLineA
FreeLibrary
LCMapStringA
TerminateThread
LocalFree
LocalAlloc
HeapAlloc
GetProcessHeap
lstrlenA
HeapWalk
HeapCreate

user32

GetSystemMetrics
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetWindowRect
IsWindowVisible
IsWindow
FindWindowA
SetWindowPos
MsgWaitForMultipleObjects
GetAncestor
GetClassNameA
GetWindowTextW
GetWindowThreadProcessId
EnumWindows
SendMessageTimeoutA
SetTimer
KillTimer
GetWindowTextLengthW

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA

ole32

CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitialize
OleRun
CLSIDFromString

psapi

EnumProcesses

msvcrt

realloc
__CxxFrameHandler
_CIpow
strchr
floor
_CIfmod
atof
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z
modf
strtod
malloc
free
_ftol
atoi
sprintf
strncmp
memmove

oleaut32

VariantChangeType
VarR8FromBool
VarR8FromCy
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

Exports

Exports

��

Sections

.text
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

867291769f39dbeafb18f27cfe4c321f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

psapi

msvcrt

oleaut32

Exports

Exports

Sections

.text Size: 272KB - Virtual size: 268KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 56KB - Virtual size: 113KB

.rsrc Size: 4KB - Virtual size: 648B

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 272KB - Virtual size: 268KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 56KB - Virtual size: 113KB

.rsrc
Size: 4KB - Virtual size: 648B

.reloc
Size: 16KB - Virtual size: 12KB