blackmoon | fe03c2462c96e0b6b4d068870a00f31298de3fda5d4e1b0172074037e123941e

General

Target

fe03c2462c96e0b6b4d068870a00f31298de3fda5d4e1b0172074037e123941e
Size

56KB
MD5

84e971e396ef6b896660ac7fa9476066
SHA1

4562824b5a8ecbb1448812c7f1d5058add821686
SHA256

fe03c2462c96e0b6b4d068870a00f31298de3fda5d4e1b0172074037e123941e
SHA512

0932e3fb8ca5bdce19fbbc6060753fdacc1c8a69121ec9623850f3f12b262df9958cfe34cbb38cd7bac3b85963af935085f6d8b00a131c95d324f8fe79db95f0
SSDEEP

1536:iHloAc2U0/ceV0HpzG/ICtNc95MQv8J0PLvQBeOI5o4K:N2h/DV0Jetw5960PLvoe9S3

Score

10^/10

upx blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/c40c47e6805b82f64cf15b6b90c1d8c9a5137a0a6c28653d9d80d6e52e4eff71.exe	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/c40c47e6805b82f64cf15b6b90c1d8c9a5137a0a6c28653d9d80d6e52e4eff71.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c40c47e6805b82f64cf15b6b90c1d8c9a5137a0a6c28653d9d80d6e52e4eff71.exe

fe03c2462c96e0b6b4d068870a00f31298de3fda5d4e1b0172074037e123941e
.zip

Password: infected
c40c47e6805b82f64cf15b6b90c1d8c9a5137a0a6c28653d9d80d6e52e4eff71.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE