blackmoon | 3788a3d19adc34c5c66581160bcbbf3d03bfb5b1cf0543212543c4cdf6b878e6

General

Target

3788a3d19adc34c5c66581160bcbbf3d03bfb5b1cf0543212543c4cdf6b878e6
Size

100KB
MD5

1530ca37f3f96a68d8eba1e66d6f00d2
SHA1

0b4ba64219cb9c05ee78a7ca2055a7facef89316
SHA256

3788a3d19adc34c5c66581160bcbbf3d03bfb5b1cf0543212543c4cdf6b878e6
SHA512

9d27bf333f04c0f8bacae33bcfaafe0972c0c7a343acda0e847a09bbc04fca4f4853c3d050b4657eef37d94be2a4769521ce21fb5fe39a631066a4bc74733759
SSDEEP

3072:PTM7+JNCiCYncSB8EbJm9LcEjufHB+uIFkb8mV:PzJsUnd8EbJYLbufHB6kb8mV

Score

10^/10

blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/621be0513d8d0a220b556bae17819a2bcb9af35e5ded754b027add7fbc0d6dde.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/621be0513d8d0a220b556bae17819a2bcb9af35e5ded754b027add7fbc0d6dde.exe

3788a3d19adc34c5c66581160bcbbf3d03bfb5b1cf0543212543c4cdf6b878e6
.zip

Password: infected
621be0513d8d0a220b556bae17819a2bcb9af35e5ded754b027add7fbc0d6dde.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE