blackmoon | 6551da197044f53baa37b467067dbcee9a21e0e4638515184fcd39eb2d1d13da

General

Target

6551da197044f53baa37b467067dbcee9a21e0e4638515184fcd39eb2d1d13da
Size

119KB
MD5

e91dab3359629ebccad376c0a697800e
SHA1

9bcca284b088813f2a01f09cb66c724750080787
SHA256

6551da197044f53baa37b467067dbcee9a21e0e4638515184fcd39eb2d1d13da
SHA512

5f1730a0481e06e91c24d502a26f88e1ce69d4d4c4c4a034b5c6550da4313bcf7888a870b4b76c52dafdaf6ad484cfde46c675e30b0dc05ffb7996adb8d998d8
SSDEEP

3072:OLvrSvJh3nNu8kJQZq/3vUA3mDvftLC/kP:ObrWnNuHKZU3vmDE/kP

Score

10^/10

upx blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/760c15e7ff0ac2bd76f5f1de223a16aaaada083445ccae77339ab66f98e58bdf.exe	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/760c15e7ff0ac2bd76f5f1de223a16aaaada083445ccae77339ab66f98e58bdf.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/760c15e7ff0ac2bd76f5f1de223a16aaaada083445ccae77339ab66f98e58bdf.exe

6551da197044f53baa37b467067dbcee9a21e0e4638515184fcd39eb2d1d13da
.zip

Password: infected
760c15e7ff0ac2bd76f5f1de223a16aaaada083445ccae77339ab66f98e58bdf.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE