Behavioral task
behavioral1
Sample
874531e26b0afa8f0f712f642d22b05c1e08ee9cf65d730835000ec8ca05257b.exe
Resource
win7-20241010-en
General
-
Target
874531e26b0afa8f0f712f642d22b05c1e08ee9cf65d730835000ec8ca05257b
-
Size
4.6MB
-
MD5
3ca2982bd629310f329307d2c8fa1927
-
SHA1
cc94b99ca0fa7bed086c9f56c9d1389358b616d3
-
SHA256
874531e26b0afa8f0f712f642d22b05c1e08ee9cf65d730835000ec8ca05257b
-
SHA512
c03dedb0edae0c8b4b1531f9227222bf6912bf97dd57baeb22ad2d82a56a1428bcf00c3c7b5a5725c8a04cc56bcee1d7d9b2049cead966efa4bdf368fd6b01b3
-
SSDEEP
98304:IdLiXKnXVUk6Nga4hBWeZa6XmD/IWzFoI2kTYwDjcM:Ili2XykeihBWeFXy+IFTYMjcM
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 874531e26b0afa8f0f712f642d22b05c1e08ee9cf65d730835000ec8ca05257b
Files
-
874531e26b0afa8f0f712f642d22b05c1e08ee9cf65d730835000ec8ca05257b.exe windows:4 windows x86 arch:x86
89e5e3bd4088feed037dde16174fefb3
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetTempPathW
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileW
FindClose
RtlMoveMemory
IsBadCodePtr
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcpynA
OpenProcess
VirtualAllocEx
WriteProcessMemory
WaitForSingleObject
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
DeleteFileA
FindNextFileA
FindFirstFileA
WriteFile
GetStdHandle
ReadConsoleA
Sleep
GetPrivateProfileStringA
lstrlenW
CreateProcessA
GetStartupInfoA
GetTickCount
GetCommandLineA
GetModuleFileNameA
FreeLibrary
LCMapStringA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
lstrcpyn
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc
CloseHandle
VirtualQueryEx
GetCurrentProcess
CreateFileA
FlushFileBuffers
SetStdHandle
SetUnhandledExceptionFilter
GlobalSize
WritePrivateProfileStringA
IsBadReadPtr
GetStringTypeW
GetStringTypeA
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetVersion
RtlUnwind
InterlockedDecrement
InterlockedIncrement
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
user32
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
PeekMessageA
MessageBoxA
advapi32
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
shell32
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
ole32
CoCreateInstance
CoInitialize
CoUninitialize
wininet
InternetReadFile
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
HttpQueryInfoA
oleaut32
VariantTimeToSystemTime
Sections
.text Size: 124KB - Virtual size: 120KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4.5MB - Virtual size: 4.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 648B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ