blackmoon | 0927e4d14df517b0488aac0631fbbeeea13fa5d8a6ec00bc4749c6669dc966fa | Triage

Sharing

General

Target

0927e4d14df517b0488aac0631fbbeeea13fa5d8a6ec00bc4749c6669dc966fa
Size

82KB
MD5

3c86ad63c6884aacde7f7c574a9a5593
SHA1

9f9793fe31566dd24750efe8fc8a6a0c43f023af
SHA256

0927e4d14df517b0488aac0631fbbeeea13fa5d8a6ec00bc4749c6669dc966fa
SHA512

aee9dc5bf4dfef41cb5c868e48dc8cc344c3604edf097fdeb6a5a6109b229831dc970e72b0af452b2d270e2c21bf54913079076a6ff19381623450068f9ec95b
SSDEEP

1536:/sVyZh7S+jOvKCuv+5eKQ2vES36M7o5jUabtHnIwGsdbMK:/d2KC++5eKQ2vEK37oV3toHa

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Files

0927e4d14df517b0488aac0631fbbeeea13fa5d8a6ec00bc4749c6669dc966fa
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE