blackmoon | 1f4ef17f18880efd8933bffab34336c20f3caa9cb3164a1525842a7d0ed2227e

General

Target

1f4ef17f18880efd8933bffab34336c20f3caa9cb3164a1525842a7d0ed2227e
Size

100KB
MD5

ba318d0632fc8a5be0a748453acf2cc2
SHA1

47750403b28d449de12ff445ad864f7a4a15b6a4
SHA256

1f4ef17f18880efd8933bffab34336c20f3caa9cb3164a1525842a7d0ed2227e
SHA512

686bd655323f5ef04bfd404562260273c98ecc251fd82930eae0cad00b31965ab9f0874c4fdc9409ce5dc230dded711d00c52ad12faeced39fef4db79bdcb5d8
SSDEEP

3072:uwpAIZxKX5wwWxYKkqp6SD570VTuI66DG2gQ5D:v6wKJw7xlkdYu1SuB

Score

10^/10

blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/bbebddadf556c91966fa760f21d04d8990481f254e25b2f38de423503d787ab9.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bbebddadf556c91966fa760f21d04d8990481f254e25b2f38de423503d787ab9.exe

1f4ef17f18880efd8933bffab34336c20f3caa9cb3164a1525842a7d0ed2227e
.zip

Password: infected
bbebddadf556c91966fa760f21d04d8990481f254e25b2f38de423503d787ab9.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE