blackmoon | ff35a85412beb6d98dbefd7e010f7c89_JaffaCakes118 | Triage

Sharing

General

Target

ff35a85412beb6d98dbefd7e010f7c89_JaffaCakes118
Size

66KB
MD5

ff35a85412beb6d98dbefd7e010f7c89
SHA1

25b754cc7335e7c4ae58a3f12f32496d8cd0ccc1
SHA256

77ffafbe58e5da9af7d41d631c126a91e041775b96d35686e9437618365ebc73
SHA512

80c3424b4477982e17cc7ae00ca02e899b931538ca79e3e436783af6f3ea3a2b8dfcf08ca0f75d1779c4422e90e2f3d078e044ff62d394e33f624ce245391827
SSDEEP

1536:0y4ik8KauV5LPBRhINZAdPkKbvedwybgWCQnWyL7DNSObq:EifCPLG/AdXjc9gwWE7DNm

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ff35a85412beb6d98dbefd7e010f7c89_JaffaCakes118
unpack001/out.upx

Files

ff35a85412beb6d98dbefd7e010f7c89_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 396KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE