blackmoon | d6273e0a347843ae84b2330607a3b7f7f6c11f8867010eddf75bbee360ce55a7

General

Target

d6273e0a347843ae84b2330607a3b7f7f6c11f8867010eddf75bbee360ce55a7
Size

134KB
MD5

907e833ac479ecdcfbe421c1b1695198
SHA1

110befc6be6f31345a3a765106f073d6a6c56a7a
SHA256

d6273e0a347843ae84b2330607a3b7f7f6c11f8867010eddf75bbee360ce55a7
SHA512

cb9f37e4f7ca3a169c730fd303624195ef583eeeb9eb67ee4dc7a6b3007c605d988b84033c32cca07ddb64d6cc8a09e9d921e8e55d72c101842997d19e862c4a
SSDEEP

3072:NZBvaSho6Gfvjzw8cxYBoK6nzvD7rND5XxHx6k5cvHPInZ+tCxtj:Nrva6g2wobnDLND5Xdx6kmPInbtj

Score

10^/10

upx blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/64e44248d2bb556cd60dc8d0968279102d4552542159c25a058304ba39cdfb55.exe	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/64e44248d2bb556cd60dc8d0968279102d4552542159c25a058304ba39cdfb55.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/64e44248d2bb556cd60dc8d0968279102d4552542159c25a058304ba39cdfb55.exe

d6273e0a347843ae84b2330607a3b7f7f6c11f8867010eddf75bbee360ce55a7
.zip

Password: infected
64e44248d2bb556cd60dc8d0968279102d4552542159c25a058304ba39cdfb55.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE