blackmoon | 282ce5ff3bce356aad9a90a91458cd12c27607445b0c2d6bc74ed2ff69c69a98

General

Target

282ce5ff3bce356aad9a90a91458cd12c27607445b0c2d6bc74ed2ff69c69a98
Size

107KB
MD5

29d0e7dbe7bf9d876a6b2995aea06717
SHA1

4b7a88921682b26980ef12a205cbc8534548d689
SHA256

282ce5ff3bce356aad9a90a91458cd12c27607445b0c2d6bc74ed2ff69c69a98
SHA512

5de0af1cc3b437b2c5acb446f6f87d2b8417dcf9e0249342a272d38a4844744ee2ff5b38446da3c5e0c3336d8dbe5f9d7fddd11f4baa6d50a3be9fb9ebd78263
SSDEEP

3072:trHIUT4jWljdWTU7SP4SWpsSSv3tV+sMKCmHb:lZT4KlkUmPhWpAtEbKv7

Score

10^/10

blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/8d6113a90dd18104a7ae2586fa414ba80beef922083b8bdadfede1f5a81d07e0.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8d6113a90dd18104a7ae2586fa414ba80beef922083b8bdadfede1f5a81d07e0.exe

282ce5ff3bce356aad9a90a91458cd12c27607445b0c2d6bc74ed2ff69c69a98
.zip

Password: infected
8d6113a90dd18104a7ae2586fa414ba80beef922083b8bdadfede1f5a81d07e0.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE