blackmoon | ac85e9acc1138b13828d4f523f1d0c6a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ac85e9acc1138b13828d4f523f1d0c6a_JaffaCakes118
Size

14.9MB
MD5

ac85e9acc1138b13828d4f523f1d0c6a
SHA1

c434447eff0bd8b7a5d1aa0957b33f4a8b0419c9
SHA256

781cdb077e5bc58bf6c0ffc7c20d8605a42e24802d97db3e6f51562f4462f977
SHA512

4c5bf0e0527712277298d558700dbf3a5202e12414bcca78442bcf542ccbe11c9bbe3c4dc13d874fcb0e50b102c3278e15382705e36177165383c63810a2d7c1
SSDEEP

393216:/cF45KQrHAb5IgiFZ8/MZTdkC2ZW9CFMHX29LE/w1OvyJV3xb:zKQrHs5ev8/DClOO29LoSOvcV3xb

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/投视梓瞄免费版.vmp.exe	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/投视梓瞄免费版.vmp.exe

Files

ac85e9acc1138b13828d4f523f1d0c6a_JaffaCakes118
.zip
安装使用说明.txt
投视梓瞄免费版.vmp.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31.7MB - Virtual size: 31.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
最新QQ软件下载.url