blackmoon | 455e38db1f089c1751e4690a778272e03afc073d4ea35c6587c27af14d78ebd1

General

Target

455e38db1f089c1751e4690a778272e03afc073d4ea35c6587c27af14d78ebd1
Size

124KB
MD5

d9fb47dd46e5ed54cdcef459c97a8eb8
SHA1

adff6d6ccb3c7cc94800c268dc28436b986f041f
SHA256

455e38db1f089c1751e4690a778272e03afc073d4ea35c6587c27af14d78ebd1
SHA512

f223e2a274266178169796e4060b6636ceb0162779543a922b3aa35c002968f4bbedb56b5cbdcf3f452fbdb81e0bfe6bd846a7cf63889ee2b04038fe8c00b28d
SSDEEP

3072:lNwTEIR8ImcCH8JK1njFed0+DsQKzB3xZ6v8e+N:lpIy8Yne+3sU

Score

10^/10

blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/a4f48c5ca0aee2ff443b527da0db994e3ad35decb4b8d5ac2c011f2eef3cf109.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a4f48c5ca0aee2ff443b527da0db994e3ad35decb4b8d5ac2c011f2eef3cf109.exe

455e38db1f089c1751e4690a778272e03afc073d4ea35c6587c27af14d78ebd1
.zip

Password: infected
a4f48c5ca0aee2ff443b527da0db994e3ad35decb4b8d5ac2c011f2eef3cf109.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE