General
-
Target
Lisect_AV-T_G2002_11.exe
-
Size
831KB
-
MD5
e64f2fd49161d6d950b5cbc8dfe37e6b
-
SHA1
30a8a1d905ad6fd52a7cfc3296d5d9abadfa6c61
-
SHA256
cb3bdb613f610c4a1fdc17efcdc8657a017b704f6bacbbc34c24050d2cd1e43f
-
SHA512
67edfa9717437a312a28678b98b8c5264506bd4ac09c7a494c764adf61d88d4df77e9a0694edc06f32f4cdfe97c498fd27b9627fad95b2a94cbc1dcaeadb6675
-
SSDEEP
24576:UimvOd0mUmFymfREZCVUiK8DM7wKWD3pXNdSYtmVJJ3fwjtJWvRx9:UTchg3
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Lisect_AV-T_G2002_11.exe
Files
-
Lisect_AV-T_G2002_11.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 571KB - Virtual size: 571KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 222KB - Virtual size: 315KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE