blackmoon | 93f5654a63437c630ba9597681b4c083_JaffaCakes118 | Triage

Sharing

General

Target

93f5654a63437c630ba9597681b4c083_JaffaCakes118
Size

500KB
MD5

93f5654a63437c630ba9597681b4c083
SHA1

4798a9d0a35cf7f9231dd2b963fb34de2a87b8ac
SHA256

bc6da2867abddf2fe6eb33f3f5c2af2d92b595c3f7739517f9700a8b8e40e349
SHA512

3775a46305281dbd214c76258ab9c3543e6423b2d01636fb9c22c6c1bf295343d647a5f4900a437f6b864699ac7523697ffe6863a2c027648e6865152b093a7f
SSDEEP

12288:sQq/vuFiWqFVbnhK0JYI3oCnvg1Zr4ELr/:sQ+vLNvbnMAoF1Zrxr/

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
93f5654a63437c630ba9597681b4c083_JaffaCakes118

Files

93f5654a63437c630ba9597681b4c083_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bd54a4c167394e56c8a42fbc35df7163

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

sprintf
modf
calloc
malloc
free
_ftol
strrchr
_stricmp

kernel32

GetModuleFileNameA
IsBadReadPtr
HeapFree
lstrcpynA
VirtualAlloc
VirtualFree
RtlMoveMemory
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
GetCommandLineA

user32

GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
PeekMessageA

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 440KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE