blackmoon | 1a72a99f5f269d2f3d3f60fa53335025d92aee9a21c9309903ff3a179058a118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a72a99f5f269d2f3d3f60fa53335025d92aee9a21c9309903ff3a179058a118
Size

5.1MB
MD5

2875a86d4bdd69f54b04fa91d28c7c29
SHA1

10f2b1a43e0efa69d23936c5bc8b27c0334aefff
SHA256

1a72a99f5f269d2f3d3f60fa53335025d92aee9a21c9309903ff3a179058a118
SHA512

8de0d4f3d621eebef1b8b2f74494a1ba50fd10392b675a4cf9e7760c375957226eebb0c07c06e176531ced8d8837dd938e9d07406cbe0cebcfe6ce64e4c37c50
SSDEEP

98304:vKGM4Ah6KYui8bYA2+kELIqIGnbpT4G5sWLYIAjG:v/niidUPhT41WKG

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a72a99f5f269d2f3d3f60fa53335025d92aee9a21c9309903ff3a179058a118

Files

1a72a99f5f269d2f3d3f60fa53335025d92aee9a21c9309903ff3a179058a118
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 442KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 954KB - Virtual size: 1019KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.winlice
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ