blackmoon | e99443b0e3176d55213b6c05e4bb29022a5b6d55584f0d8a3d6f120d77385e3d

General

Target

e99443b0e3176d55213b6c05e4bb29022a5b6d55584f0d8a3d6f120d77385e3d
Size

109KB
MD5

6dc8a69460d16b134cdb5315611103a4
SHA1

b36bc24d122f19008a0ab0db9985ad096fb4b13e
SHA256

e99443b0e3176d55213b6c05e4bb29022a5b6d55584f0d8a3d6f120d77385e3d
SHA512

c36e3231fd004110804c70d38a8669f525dfa5405c640fea88afac837f6231f4acc4027787478f913f350f9d1fc698d0fd89429d31edcb9c4f47cb71a4c017fc
SSDEEP

3072:la8Ia2E1eudghAIutWr4Olzsb+++mYlXcA:GEPuKoM4QyllXcA

Score

10^/10

blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/db7b4cc021cf533b96f8e7375ac0becc4d25217e68a2e874a3a54d6dd8d92b91.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/db7b4cc021cf533b96f8e7375ac0becc4d25217e68a2e874a3a54d6dd8d92b91.exe

e99443b0e3176d55213b6c05e4bb29022a5b6d55584f0d8a3d6f120d77385e3d
.zip

Password: infected
db7b4cc021cf533b96f8e7375ac0becc4d25217e68a2e874a3a54d6dd8d92b91.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE