blackmoon | yunyu[.]dll | Triage

Sharing

General

Target

yunyu.dll
Size

5.2MB
MD5

35e70d317ab1ba60288330688c93b131
SHA1

03c00ffbcd4ab8038ea1cf032291fc3e716a1a76
SHA256

9211b7897def9171f9dbd169d46ba570af8af03a55bd55ef9fb872cc0ff3c6a1
SHA512

74f03ac5f960cab040514d3daefa0c4466055e4d97e8238810442c84b2bac5584ffd88be6a7375b2e124b7d6041d732e6276b91245126714da8b23c5b66a29c3
SSDEEP

98304:JsAld9NFt0paacMXCTZlrxDmAFWueTLNfaEON:JsAlBgaBMwZldFWT5faEa

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
yunyu.dll

Files

yunyu.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Log
ȡToken

Sections

.text
Size: 868KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.3MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ