blackmoon | f28c7c00d218c8e8d5c852776e05f36f521eeb9d5bd1840f3a09390f71b6be4f

General

Target

f28c7c00d218c8e8d5c852776e05f36f521eeb9d5bd1840f3a09390f71b6be4f
Size

124KB
MD5

ddf9a086b2b41882f7c79c2cd594328b
SHA1

08b02642ad0baf6022e014b56a990edc6c619154
SHA256

f28c7c00d218c8e8d5c852776e05f36f521eeb9d5bd1840f3a09390f71b6be4f
SHA512

bda5e352eb8fd9ab3f57a5b52a8ffc77f42cfe8af843f50b1833518eb85a080ac09c0af6f01944a8a7f31d00cffe3d4af386b007262aed1d3a5cbe96a15e5831
SSDEEP

3072:Lj2e8Zq7CBRw5xJr/tixI+puu2J0O5N1qHJDGFNyicz:HqJEDr3v0O/4kq

Score

10^/10

blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/c32debb0f6e917375b8205f3f4bc2aa87b2970c25ff4622aec2d25a1571781fb.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c32debb0f6e917375b8205f3f4bc2aa87b2970c25ff4622aec2d25a1571781fb.exe

f28c7c00d218c8e8d5c852776e05f36f521eeb9d5bd1840f3a09390f71b6be4f
.zip

Password: infected
c32debb0f6e917375b8205f3f4bc2aa87b2970c25ff4622aec2d25a1571781fb.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE