blackmoon | 3334bf44b87db682f239b268f7f1811a46ec2a52f0122890620b5e9b442d51d0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3334bf44b87db682f239b268f7f1811a46ec2a52f0122890620b5e9b442d51d0
Size

5.5MB
MD5

9bcc062033558d10452172704d6b8e8e
SHA1

f6b856ca11bfba9fb4c5c98d260c35599d96d3da
SHA256

3334bf44b87db682f239b268f7f1811a46ec2a52f0122890620b5e9b442d51d0
SHA512

0e7accc415a6268927d2af1e8196dadeed9a281c4c83b54d138e03635c1cd2298893e5cc474606e96b218ba8559daef34cb401c284147221c8e14671b43d209d
SSDEEP

98304:cGD3vAGNweNbFrx6t8VzArOSqeDalc6d:cG8GNw4WYc9BDal

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3334bf44b87db682f239b268f7f1811a46ec2a52f0122890620b5e9b442d51d0

Files

3334bf44b87db682f239b268f7f1811a46ec2a52f0122890620b5e9b442d51d0
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 728KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ