blackmoon | fb3b8b518aae06673a6b5e12a7eb3541002e6eae757428c76a5f4b8d05526475 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb3b8b518aae06673a6b5e12a7eb3541002e6eae757428c76a5f4b8d05526475
Size

14.8MB
MD5

45a6c2fc7153cbb2a1772028a3d27a2f
SHA1

2b9b1f3fc7b7560bec74c87ef47709881b5e60bd
SHA256

fb3b8b518aae06673a6b5e12a7eb3541002e6eae757428c76a5f4b8d05526475
SHA512

ed63007ef2e1aed05db8da844166bf3dc5fdc7948f9f29fb9b4d63a8ff331e8c6e52fc7e6d0d28c8c35b3a8446fc0052f58d545528b41fa2109b986c28b9eed8
SSDEEP

196608:kGvGFUbt0I7sL8Mt/HR0pFAHqodGIc9BDal:kGvGFaspt/HR8eHgIc9s

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb3b8b518aae06673a6b5e12a7eb3541002e6eae757428c76a5f4b8d05526475

Files

fb3b8b518aae06673a6b5e12a7eb3541002e6eae757428c76a5f4b8d05526475
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText

Sections

UPX0
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 189KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE