blackmoon | 072e4c7e234e8c8f12eb02a2ca648825b5674a7e718cd1fc8e775ecbcafea622

Sharing

Copy URL

Twitter E-mail

General

Target

072e4c7e234e8c8f12eb02a2ca648825b5674a7e718cd1fc8e775ecbcafea622
Size

224KB
MD5

fc0844bb3060e885ae6ee10f01c89632
SHA1

bb86b168cd55c4f1bd143231ca50fda0e91e9440
SHA256

072e4c7e234e8c8f12eb02a2ca648825b5674a7e718cd1fc8e775ecbcafea622
SHA512

2d4e1f17a4fbfcd24c65042aa058f9af2d92a4e95fa7a5b5676d4e3519946dfeb4c48b1cc44a6da6bfd1134f4999bc8bed7c2d80b50f6a3eceef8169eba1415e
SSDEEP

3072:OQ2DvCzSBW6tfsZm2RPKXwXXPmd4w1HCRmkw08oScXLmR0ziq4OYKt9UcV:OftfsZmvHCEkrTLqUC2

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
072e4c7e234e8c8f12eb02a2ca648825b5674a7e718cd1fc8e775ecbcafea622

Files

072e4c7e234e8c8f12eb02a2ca648825b5674a7e718cd1fc8e775ecbcafea622
.dll windows:4 windows x86 arch:x86

b3180fb224abdda79c1fbf82c77b4629

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Process32Next
Sleep
GetModuleHandleA
VirtualAlloc
LoadLibraryA
GetProcessHeap
VirtualFree
GetModuleFileNameA
VirtualProtect
CreateWaitableTimerA
SetWaitableTimer
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetLocalTime
GetUserDefaultLCID
ReadFile
GetFileSize
CreateFileA
GetCommandLineA
FreeLibrary
GetProcAddress
LCMapStringA
Process32First
CreateToolhelp32Snapshot
CloseHandle
OpenProcess
GetCurrentProcess
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
FlushFileBuffers
SetStdHandle
LCMapStringW
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
SetFilePointer
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetACP
GetCPInfo
RaiseException
IsBadWritePtr
WriteFile
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
TerminateProcess
RtlUnwind
GetVersion
LocalFree
LocalAlloc
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection

advapi32

CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptGetHashParam
CryptAcquireContextA
CryptHashData

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize

wininet

HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetSetOptionA
InternetCloseHandle
InternetConnectA
InternetOpenA
HttpOpenRequestA

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
MsgWaitForMultipleObjects

oleaut32

VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

Exports

Exports

Log
sf

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3180fb224abdda79c1fbf82c77b4629

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

wininet

user32

oleaut32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 24KB - Virtual size: 78KB

.rsrc Size: 4KB - Virtual size: 704B

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 24KB - Virtual size: 78KB

.rsrc
Size: 4KB - Virtual size: 704B

.reloc
Size: 12KB - Virtual size: 8KB