blackmoon | efba71e5818a2fddbd25aa016ea0eba90e8c79ad0565301de19489bb77765224

General

Target

efba71e5818a2fddbd25aa016ea0eba90e8c79ad0565301de19489bb77765224
Size

124KB
MD5

edce9909f39661a9e476d57a7f5c1f1a
SHA1

06d100e332c6a4f41725f88814a837d987fd16b0
SHA256

efba71e5818a2fddbd25aa016ea0eba90e8c79ad0565301de19489bb77765224
SHA512

b84d6b02e342f831244f3e39f508aa6340e322c9a033f63b4e40979a99ca79ac5604e94477e23a466ba2952ff0e094d368e539732d67ea61b46ea0c0a2ff1dd5
SSDEEP

3072:a9JgFpAXDtJqzfqVxpzQMv+Y0VgxwkeQoybmyO6Ab17fWnZVgV:4WFpYUf9tweQ/YdenL2

Score

10^/10

blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/ca594f5bb896a5277dced48379884891bd878166f4734d6beab4cda12df90299.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ca594f5bb896a5277dced48379884891bd878166f4734d6beab4cda12df90299.exe

efba71e5818a2fddbd25aa016ea0eba90e8c79ad0565301de19489bb77765224
.zip

Password: infected
ca594f5bb896a5277dced48379884891bd878166f4734d6beab4cda12df90299.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE