blackmoon | eae34455507aa2de1a5caab4612c4c3ed9ad084d0ebe00c556152c8b6f4a2167

General

Target

eae34455507aa2de1a5caab4612c4c3ed9ad084d0ebe00c556152c8b6f4a2167
Size

4.6MB
MD5

f8e2ab85cb191ed0d014c77cc699c230
SHA1

d33f0454cd0139b831e252f80eb9d3314196fd89
SHA256

eae34455507aa2de1a5caab4612c4c3ed9ad084d0ebe00c556152c8b6f4a2167
SHA512

9c4a8cc703dfa91f6af5c3fcdaca2142bec0e48b169e2eed8ff69663a95b82f93e52f4df381156714d91baf7f4e681e2960d2f3139c8062f32f24f007eb5b413
SSDEEP

98304:A4m7nXWiuGlEB7sxj0Ith/UWtmYYAszulCn93ZFc/OWqS1Lf+uwCT/tmgB6:APDXWiDEKjP/vRIzRtI11LX

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
eae34455507aa2de1a5caab4612c4c3ed9ad084d0ebe00c556152c8b6f4a2167
unpack001/out.upx

Files

eae34455507aa2de1a5caab4612c4c3ed9ad084d0ebe00c556152c8b6f4a2167
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 530KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 3.5MB - Virtual size: 3.5MB

.rsrc Size: 80KB - Virtual size: 80KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 530KB - Virtual size: 530KB

.rdata Size: 118KB - Virtual size: 118KB

.data Size: 7KB - Virtual size: 410KB

.msvcjmc Size: 1024B - Virtual size: 608B

.rsrc Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 23KB - Virtual size: 22KB

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 3.5MB - Virtual size: 3.5MB

.rsrc
Size: 80KB - Virtual size: 80KB

.text
Size: 530KB - Virtual size: 530KB

.rdata
Size: 118KB - Virtual size: 118KB

.data
Size: 7KB - Virtual size: 410KB

.msvcjmc
Size: 1024B - Virtual size: 608B

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 23KB - Virtual size: 22KB