blackmoon | f8c4d852e54c8991e1aa7111beb670b59bddef349f5c75b183ff3288b841eaab

General

Target

f8c4d852e54c8991e1aa7111beb670b59bddef349f5c75b183ff3288b841eaab
Size

119KB
MD5

be4ded26e7a25bb26a5dacc82b3f9c80
SHA1

61fa9eab95848a05fe32e9c4d92d31720dd6d06c
SHA256

f8c4d852e54c8991e1aa7111beb670b59bddef349f5c75b183ff3288b841eaab
SHA512

98e9cac22a60a76c8f727034c181263b58475f1ff3a0164531ee99cd3a340d7d4af220fb68d7c60d8b691b959d56b7e13600b7b6f4a2116c6f361312e762c01a
SSDEEP

3072:8tNPW0eWGzK4I1dgtdUjh3lgRuaE9zDFlUO:8Prs2h1itSjdlAuaKxlUO

Score

10^/10

upx blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/76bd6b875ed2389a331f1ab31495c2e818c519dd0ce3199e8f09541972b56d16.exe	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/76bd6b875ed2389a331f1ab31495c2e818c519dd0ce3199e8f09541972b56d16.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/76bd6b875ed2389a331f1ab31495c2e818c519dd0ce3199e8f09541972b56d16.exe

f8c4d852e54c8991e1aa7111beb670b59bddef349f5c75b183ff3288b841eaab
.zip

Password: infected
76bd6b875ed2389a331f1ab31495c2e818c519dd0ce3199e8f09541972b56d16.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE