blackmoon | 9e32a608c87c26b33b30aa3f99edfa2b53a3b952c392609d916f3b2e0308399e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9e32a608c87c26b33b30aa3f99edfa2b53a3b952c392609d916f3b2e0308399e
Size

12.6MB
MD5

eaa95e21229975b2b0987088eee829ca
SHA1

4038d026d3a0903bc87b065086bf02d5ebb84a5d
SHA256

9e32a608c87c26b33b30aa3f99edfa2b53a3b952c392609d916f3b2e0308399e
SHA512

3abe03e81e4b321629bccac4d122252dfc6b259cbdd7c9589917f0191fb2c8c15d27355ca88d83cd61e61a556ae475ebb95ef0fcc79a573bc8658258386c3d37
SSDEEP

393216:a86bEV40X6pgFlildNTJocRELcHJ9CK0Irz32:EoV44cd7EgCKH2

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e32a608c87c26b33b30aa3f99edfa2b53a3b952c392609d916f3b2e0308399e

Files

9e32a608c87c26b33b30aa3f99edfa2b53a3b952c392609d916f3b2e0308399e
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 660KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 8.5MB - Virtual size: 11.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 48KB - Virtual size: 561KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 72KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.winlice
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ