blackmoon | 70c1395c202359a6d45426a2ba8d045dfbb9dcfbd0b294173e2403310be3f1fa

Sharing

Copy URL

Twitter E-mail

General

Target

70c1395c202359a6d45426a2ba8d045dfbb9dcfbd0b294173e2403310be3f1fa
Size

10.8MB
MD5

1c974b9aaf3a98cd2221591db21f9f93
SHA1

19cc90e4969a97971d5a45bccd35bf5612644de7
SHA256

70c1395c202359a6d45426a2ba8d045dfbb9dcfbd0b294173e2403310be3f1fa
SHA512

54df741f40a3d641d6f9b711e614f14eb4b207d255d3b8ced850dcf90701cb16626cf1027f9a8bd5d3412e5edd3b8b83c644dc39afe579d57cabff78617a5f8a
SSDEEP

196608:lU6na3D1MLj1Zd//tYL/LQ1K+AHtIa8SL:lUbM5/aL/RHtpxL

Score

10^/10

vmprotect blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

sample family_blackmoon
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	family_blackmoon

resource	yara_rule
sample	vmprotect

Files

70c1395c202359a6d45426a2ba8d045dfbb9dcfbd0b294173e2403310be3f1fa
.exe windows x86

9f3d1fb13ec5bd1ed3512cb1b2657367

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

winmm

waveOutGetNumDevs

ws2_32

closesocket

version

VerQueryValueA

kernel32

CreateEventA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ReleaseDC

gdi32

SetStretchBltMode

winspool.drv

DocumentPropertiesA

advapi32

RegOpenKeyExA

shell32

SHGetSpecialFolderPathA

ole32

StgOpenStorageOnILockBytes

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Duplicate

oledlg

ord8

wldap32

ord29

comdlg32

GetSaveFileNameA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 884KB - Virtual size: 881KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f3d1fb13ec5bd1ed3512cb1b2657367

Headers

File Characteristics

Imports

iphlpapi

winmm

ws2_32

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wldap32

comdlg32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 8.4MB - Virtual size: 8.4MB

.data Size: 76KB - Virtual size: 340KB

.vmp0 Size: 32KB - Virtual size: 28KB

.vmp1 Size: 884KB - Virtual size: 881KB

.vmp2 Size: 116KB - Virtual size: 112KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 8.4MB - Virtual size: 8.4MB

.data
Size: 76KB - Virtual size: 340KB

.vmp0
Size: 32KB - Virtual size: 28KB

.vmp1
Size: 884KB - Virtual size: 881KB

.vmp2
Size: 116KB - Virtual size: 112KB

.rsrc
Size: 12KB - Virtual size: 10KB