blackmoon | 8af7eb42f5e3e565bd5ed959ea1a2b91bf3b48ca56082e8eef96d7d42c5b7e8c

General

Target

8af7eb42f5e3e565bd5ed959ea1a2b91bf3b48ca56082e8eef96d7d42c5b7e8c
Size

121KB
MD5

2b0f9e116a30a09ac4ae0c575a404d6c
SHA1

9773ea18db68efcd099187d206e529fa197ce270
SHA256

8af7eb42f5e3e565bd5ed959ea1a2b91bf3b48ca56082e8eef96d7d42c5b7e8c
SHA512

a6de27c28644f123398db6f7e1d1ec716f548dce87665556fcd90a24c8805ebb000a7d95825a903754e772110f0a1e26febcbb8e3de271a02c9114c0ac7dd2a7
SSDEEP

3072:3HUdXJw5IXVung5U7PyP//IGJgFRJLcyULLA:EdX+oL5QyP//Itj5hcA

Score

10^/10

upx blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/c22481da9aefaba90d24a37f4d4a948edac1fd00d2da67b76047ba912e0b9174.exe	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/c22481da9aefaba90d24a37f4d4a948edac1fd00d2da67b76047ba912e0b9174.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c22481da9aefaba90d24a37f4d4a948edac1fd00d2da67b76047ba912e0b9174.exe

8af7eb42f5e3e565bd5ed959ea1a2b91bf3b48ca56082e8eef96d7d42c5b7e8c
.zip

Password: infected
c22481da9aefaba90d24a37f4d4a948edac1fd00d2da67b76047ba912e0b9174.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE