blackmoon | 7b79d3317f89a29f7ec25fbf2c9b7b287b08c94002e2b37932ac4e4fde832e96

General

Target

7b79d3317f89a29f7ec25fbf2c9b7b287b08c94002e2b37932ac4e4fde832e96
Size

107KB
MD5

f1fc5c8b17c5d8547c2038d330facd97
SHA1

a149db370534e934e36ab6c88ea4d5a00680ed89
SHA256

7b79d3317f89a29f7ec25fbf2c9b7b287b08c94002e2b37932ac4e4fde832e96
SHA512

ed27cf29ed2b39a96415a5277009ecb77afbf5ddb25652b68cf82b92a86a421eeded8491a16ad8bde583647be220bbb2a03c58f758d92eb705d495ef140e6d55
SSDEEP

3072:bWe+D+fKzHFpoHV92/AQfPGQRsf2o5G12eLsPof6L0n:LEHL09Q3R2Ljof6gn

Score

10^/10

blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/d05730ee2b3d890a67fe00d4b0b2e248a1a2606a1f6a2ecc8ab6a8850d0613c7.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d05730ee2b3d890a67fe00d4b0b2e248a1a2606a1f6a2ecc8ab6a8850d0613c7.exe

7b79d3317f89a29f7ec25fbf2c9b7b287b08c94002e2b37932ac4e4fde832e96
.zip

Password: infected
d05730ee2b3d890a67fe00d4b0b2e248a1a2606a1f6a2ecc8ab6a8850d0613c7.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE