blackmoon | 07c240a443a508cccd455983e9ce852eb3ec5266e8ca92a04d017d514ab398d6

General

Target

07c240a443a508cccd455983e9ce852eb3ec5266e8ca92a04d017d514ab398d6
Size

134KB
MD5

515f0fcb275b40766c68bf8d0b395c9b
SHA1

530c08a67374f88856fbb3e91f0b7d0228d39d5c
SHA256

07c240a443a508cccd455983e9ce852eb3ec5266e8ca92a04d017d514ab398d6
SHA512

d196fa8ec06f222636047f57f05318f8d2edf2dd8af476f162b85334eeb9088f96198a940791d84a7740cba72678f03ed6e9f373de0e892f0fa1c984961e8639
SSDEEP

3072:qR/gUdxhGjatZ1Uw5c4SqT9VqD6FDoekA:s//dxhgiftK4r78gEI

Score

10^/10

upx blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/78f70c15a9899517feb5af49363ad78e17c89c162ef56e808c09fb2021ad0c72.exe	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/78f70c15a9899517feb5af49363ad78e17c89c162ef56e808c09fb2021ad0c72.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/78f70c15a9899517feb5af49363ad78e17c89c162ef56e808c09fb2021ad0c72.exe

07c240a443a508cccd455983e9ce852eb3ec5266e8ca92a04d017d514ab398d6
.zip

Password: infected
78f70c15a9899517feb5af49363ad78e17c89c162ef56e808c09fb2021ad0c72.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE