blackshades | 15b1dafe92e9d0faa7a24fe026c90f4e82be3ce25bb4ec700b53691d11957809 | Triage

Sharing

General

Target

15b1dafe92e9d0faa7a24fe026c90f4e82be3ce25bb4ec700b53691d11957809
Size

448KB
MD5

2c67929a7a3929359c94deeef4da7710
SHA1

363a86441fc390aec34d19debb57b772a71f8e21
SHA256

15b1dafe92e9d0faa7a24fe026c90f4e82be3ce25bb4ec700b53691d11957809
SHA512

c2ae914fb5bff91af78e2c3b3b32a2d5c8b40c1de2fc2c221341c9d74d9e007bf0dee3794af4290c9944ab50ee61dfd852e94e881d7e9df1d3b4f94ed35a2cc5
SSDEEP

6144:Th5IjKmFs4Hb4I2HIEi+nPHawdn0/JRSerTWIdeFjkZM6jI7F1eZ9A3m:t5IjKCsC4IsKRFqIQFjkZM6jI7TeZx

Score

10^/10

blackshades

Malware Config

Signatures

Blackshades family
blackshades

Blackshades payload 1 IoCs

resource	yara_rule
sample	family_blackshades

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15b1dafe92e9d0faa7a24fe026c90f4e82be3ce25bb4ec700b53691d11957809

Files

15b1dafe92e9d0faa7a24fe026c90f4e82be3ce25bb4ec700b53691d11957809
.exe windows:4 windows x86 arch:x86

d7bb01f12bf05bc215cc79d5f95b57f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
ord694
ord696
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord626
ord519
ord660
ord553
ord665
ord558
ord666
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord592
ord593
ord594
ord301
ord595
ord303
ord702
ord598
ord599
ord520
ord307
ord521
ord309
ord709
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord561
DllFunctionCall
ord563
ord569
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord713
ord606
ord607
ord714
ord608
ord531
ord716
ord717
ord319
ProcCallEngine
ord535
ord536
ord537
ord644
ord645
ord570
ord648
ord571
ord572
ord573
EVENT_SINK2_AddRef
ord681
ord576
ord577
ord685
ord578
ord100
ord579
ord689
ord610
ord320
ord612
ord321
ord613
ord616
ord617
ord618
ord619
ord542
ord545
ord546
ord580
ord581

Sections

.text
Size: 440KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ