blackmoon | 57b52fdde49efb77d307a10efc60f281e1849b32b90823a551ced07301e3212e

General

Target

57b52fdde49efb77d307a10efc60f281e1849b32b90823a551ced07301e3212e
Size

100KB
MD5

b90ad9bfc46ba627b8390c31f17db3e8
SHA1

477ea397fb855b8ceb5a3f26f84fc4c866a4c238
SHA256

57b52fdde49efb77d307a10efc60f281e1849b32b90823a551ced07301e3212e
SHA512

143261c688a5354c6e5f441e063e615537a0197c0d6aca2ee69c14a94a0b890b54fceba4d2581e98dac2de9d78ab7a0ba0b9985ae3de264a44c81573cdf3949b
SSDEEP

1536:YyeDA+TJtW1LXjmVvYEDHG7xc8yg5LUagMUQWDCq/NG5ckRsFK:YjAmJY1bIY66tyg5LRUQ6vjzFK

Score

10^/10

blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/b7954d42bcef17cab225b261f982877781aec6d885535fb7d654eb38aa59ccee.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b7954d42bcef17cab225b261f982877781aec6d885535fb7d654eb38aa59ccee.exe

57b52fdde49efb77d307a10efc60f281e1849b32b90823a551ced07301e3212e
.zip

Password: infected
b7954d42bcef17cab225b261f982877781aec6d885535fb7d654eb38aa59ccee.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE