blackmoon | a4b4df4677ec228a0dc86208fe63b6c6a7bda23a04f647951ff0f89d1a441df0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4b4df4677ec228a0dc86208fe63b6c6a7bda23a04f647951ff0f89d1a441df0
Size

537KB
MD5

944de3d3377f6cdf8d0e7c09f472a10b
SHA1

da332bd04c5ba6f1472789f3d5ad6bcc40281071
SHA256

a4b4df4677ec228a0dc86208fe63b6c6a7bda23a04f647951ff0f89d1a441df0
SHA512

56721893830483e119ec0480e7f5101faf30a760effe7e97dcd899ca2ade69dead4cb24aefc755e534da44ca3d5576264ea706fb596b86e310813c38f28bdbf8
SSDEEP

12288:bsRWNkJyNkiJWGvGVnXpb+U2R3uo98pAOacm:bsRWN/NwymnXpb+UEeo9InLm

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4b4df4677ec228a0dc86208fe63b6c6a7bda23a04f647951ff0f89d1a441df0

Files

a4b4df4677ec228a0dc86208fe63b6c6a7bda23a04f647951ff0f89d1a441df0
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

UPX0
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 423KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE