blackshades | 33ae868a81881e9f5a6dfea68fa61f0c19cc1e1c76300e6718f0d6b11bd71ccd[.]exe | Triage

Sharing

General

Target

33ae868a81881e9f5a6dfea68fa61f0c19cc1e1c76300e6718f0d6b11bd71ccd.exe
Size

448KB
MD5

7eedb8677973037d906e8b1a8c9c7beb
SHA1

7d2fcbee555f10fe8dbf465f20e20ca6f91de15f
SHA256

33ae868a81881e9f5a6dfea68fa61f0c19cc1e1c76300e6718f0d6b11bd71ccd
SHA512

147bfb0c30d567e8e2abd69b14151c733734d4fd2f0551bd43d53e50bc138c82de42263bc4fc8e482b845fc289ee1f47d5706f0a79264d15fadfcf45126faf68
SSDEEP

6144:Th5IjKmFs4Hb4I2HIEi+nPHawdn0/JRSerTWIdeFjkZM6jI7F1eZ9A3C:t5IjKCsC4IsKRFqIQFjkZM6jI7TeZz

Score

10^/10

blackshades

Malware Config

Signatures

Blackshades family
blackshades

Blackshades payload 1 IoCs

resource	yara_rule
sample	family_blackshades

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33ae868a81881e9f5a6dfea68fa61f0c19cc1e1c76300e6718f0d6b11bd71ccd.exe

Files

33ae868a81881e9f5a6dfea68fa61f0c19cc1e1c76300e6718f0d6b11bd71ccd.exe
.exe windows:4 windows x86 arch:x86

d7bb01f12bf05bc215cc79d5f95b57f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
ord694
ord696
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord626
ord519
ord660
ord553
ord665
ord558
ord666
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord592
ord593
ord594
ord301
ord595
ord303
ord702
ord598
ord599
ord520
ord307
ord521
ord309
ord709
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord561
DllFunctionCall
ord563
ord569
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord713
ord606
ord607
ord714
ord608
ord531
ord716
ord717
ord319
ProcCallEngine
ord535
ord536
ord537
ord644
ord645
ord570
ord648
ord571
ord572
ord573
EVENT_SINK2_AddRef
ord681
ord576
ord577
ord685
ord578
ord100
ord579
ord689
ord610
ord320
ord612
ord321
ord613
ord616
ord617
ord618
ord619
ord542
ord545
ord546
ord580
ord581

Sections

.text
Size: 440KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ