blackguard | 6e2bee37bea0155126b643cae52bb562dde4f35c70ff56ce2b1c5c36701985a5 | Triage

Sharing

General

Target

6e2bee37bea0155126b643cae52bb562dde4f35c70ff56ce2b1c5c36701985a5
Size

218KB
MD5

6605668e357d7c53d90c4e1cb6d45502
SHA1

539089ab49fbd8b6d8863a20e9c16885b2d0a6e9
SHA256

6e2bee37bea0155126b643cae52bb562dde4f35c70ff56ce2b1c5c36701985a5
SHA512

d7ef7d88e08fda3ea505949028d6c67f3ff28e49a7bf71eae9309900dca0484684a77d23f15600ea8b45fb7e1ab9d0cdf970c8d20ca0dcfdc41e21c36436c200
SSDEEP

6144:vRQTrgeUJshWywLsO4viBbyniay2cP7Ewk4d4KP:virgSzO4aFPw2F

Score

10^/10

blackguard

Malware Config

Signatures

Blackguard family
blackguard

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6e2bee37bea0155126b643cae52bb562dde4f35c70ff56ce2b1c5c36701985a5

Files

6e2bee37bea0155126b643cae52bb562dde4f35c70ff56ce2b1c5c36701985a5
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ