blackmoon | 425f015232a22e4449925637e16ef612995d44cad31d4884f2d2d64c6c610a71

Sharing

Copy URL

Twitter E-mail

General

Target

425f015232a22e4449925637e16ef612995d44cad31d4884f2d2d64c6c610a71
Size

15.6MB
MD5

b236016daf53914cf3b8ab92cc7a2d26
SHA1

bc8af2e3abd60733d93fee32bd53df355c7d24d9
SHA256

425f015232a22e4449925637e16ef612995d44cad31d4884f2d2d64c6c610a71
SHA512

60cbc75e6314519ccc862764bacf3fa3b0f9b4781198f63222b494321787796356cd94336a9c64f48a4de9e31e41d2e7959e310c52dcf3ca0c9bb6008233fdee
SSDEEP

393216:dN94EyVLJ2ucvfBr28mlgKsgv5fqn6N/VbxLA8Mt:dn4Ea2zvJKwDU/VLAXt

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/cs2（解压我出来）/2.辅助.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cs2（解压我出来）/2.辅助.exe

Files

425f015232a22e4449925637e16ef612995d44cad31d4884f2d2d64c6c610a71
.zip
cs2（解压我出来）/1.使用前必读.txt
cs2（解压我出来）/2.辅助.exe
.exe windows:5 windows x86 arch:x86

914551c8bfce1a54954bc60d36106e3a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetWaitableTimer
CloseHandle
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
CreateWaitableTimerA
HeapFree
IsBadReadPtr
GetCommandLineA
GetModuleFileNameA
GetExitCodeThread
HeapReAlloc
WaitForSingleObject
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
MsgWaitForMultipleObjects
CharUpperBuffW

msvcrt

strrchr
_ftol
free
malloc
calloc

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 818KB - Virtual size: 831KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.evmp0
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.evmp1
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.evmp2
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
cs2（解压我出来）/3.自瞄介绍.jpg
.jpg
cs2（解压我出来）/4.乱码根据我设置.txt
cs2（解压我出来）/5.清理运行痕迹.bat
cs2（解压我出来）/数据执行保护.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

914551c8bfce1a54954bc60d36106e3a

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 818KB - Virtual size: 831KB

.evmp0 Size: 9.4MB - Virtual size: 9.4MB

.evmp1 Size: 1024B - Virtual size: 956B

.evmp2 Size: 2.2MB - Virtual size: 2.2MB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 818KB - Virtual size: 831KB

.evmp0
Size: 9.4MB - Virtual size: 9.4MB

.evmp1
Size: 1024B - Virtual size: 956B

.evmp2
Size: 2.2MB - Virtual size: 2.2MB