blackmoon | f44f151106adaef5cc36e23185535c69fe959900b003d698c3444ffe13d75e7d

Sharing

Copy URL

Twitter E-mail

General

Target

f44f151106adaef5cc36e23185535c69fe959900b003d698c3444ffe13d75e7d
Size

3.4MB
MD5

89c1666b3792691d15e2fa4bf9594710
SHA1

f52c5e7365313c2a30b443126aefabd2acfc1eb5
SHA256

f44f151106adaef5cc36e23185535c69fe959900b003d698c3444ffe13d75e7d
SHA512

5b25ef142907b8245e16b53aa51aa9a42e0e988cda2b1f9d0740775f8885d6159da1043f2526932f17dcb403e11a22f7c4f5132a66b0aa2a92d5630cf458b4c5
SSDEEP

98304:naODEaHRNdn1YYp4fCJMjmKd7ac0sSg3xBMe:aOD3vdn+wwjNacH3xBMe

Score

10^/10

vmprotect blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/LoveSoul_ver.0.9.7.0/LoveSoul/Vcode.dll	family_blackmoon

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/LoveSoul_ver.0.9.7.0/LoveSoul/LoveSoul.exe	vmprotect

Files

f44f151106adaef5cc36e23185535c69fe959900b003d698c3444ffe13d75e7d
.zip
LoveSoul_ver.0.9.7.0/LoveSoul/BugReport.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 185B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LoveSoul_ver.0.9.7.0/LoveSoul/CustomSentences.txt
LoveSoul_ver.0.9.7.0/LoveSoul/LoveSoul.exe
.exe windows x86

25359909c9927835d1cbade79b46fc40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

Exports

Exports

�q�ҸVݶ&��o۷�{1)�~��m�-�ۛ]��C�Ü�6�HfA#0��a��j��!u��Sa%�I�Zz��F��r=�Z5��·�)�'X��[l��G 2b��!��N�u� *��p�.B^$4.��/�p�;��O�P�EKz$r��S/d!�k�jKz�̠��WE�▼;��Y��R��.5�L��& GI��t�־E(�NPjv�!Q]PUQT��d~�z�A��.�k��-}J��uT2*�e��9f)�7��a0�M^S��,��U�y𛼌C0�&��S�"�K/�X/��}�U+%Y��a-�1��[\`��1��OY��d�]��]�?X��|��B�8�EGn�si3G�&��){{J��i]�0S~��u�m��C��G�J�x� ǖV9��V��s�{6�B�,�t=�D��{H�b2��Ё��[i0 ��2h��\��V@N�JP��,��\�R��E#��,u>� �ޝ�֙�� =�6'&3��eQ��#��&�It��y�1�UgG�kT|R��)� ��w?x&��r�y��v�N!�F�X3{�<�W蔽N��'��Iy��G�r��{5��˯ٗC9��HUK��/{6��<��kd<x{��a�C9��z�P��pWxAi��F�Y��Y��2�j!�H��A��J�c#�z��<� ��%r�wQ"Jq=dB��cz��ڂ~��߯@K�� WAi�@��9ܴ5�$��͟�5�xXf=m��PD��y��_w�F{�=��h��64�(-Z��7��X5(��"�E��L��i��o��|�.f��d��&�4�[�o�"� y�6��/�wFv�}϶��O~ո28��F�gr��|�8��=QesR�ץ��&�oJ��tr��e5�-k��,TV��.3��=�[t%�!s��<Ô��6��2�&�X��-�)Vc��m�k��T��PM%��-��k<hG��<�u�lqY��Z�o��㭳m�?��W<Lx]7��:a�m@38�0[��F{ �f ��W�J�;��i])o��ɹ� �z��*7t��내��b�=Ex��l�6��$��Se��g�F�@��>�4� -�c��]-þ�Y�^' �5��M�u�cV ��,��}>t�iXU�=��D4��q3�Z�xR��?��8��s��Z�3>!r%}֞�,��k��#�*��[>��j�iJH��M��Y��T�7{Y��L(��t[}4�6��*V�`��ܯcp�[d��E ��3��uB��3Ma��T8��h�d�li6/DxC��7z"��ξ�sf)˰[ȷ����4+*x��$��!Gk3+�r@<�2��C�~|V�TX>SFo�i��)N�1p��L��1yx��˄��D��m ��/z��ڏ�� d�#-O�:T��U؊�3i��p�� m�~��ؼ��"�bu�G7��bp <��I� ��F��<�P~��V{⡅!�Q=�inn'ĳmg��؂�qZ�/_.�X;�@8]Ӑ=u��Y �TW�!w�0H�� !� �z0�37�/`=Um��ފ�k��e��4��I�3C��\!+��+��=��;��}��pw΀�</�nӜ<h�f��{}$�Z\pp9�#ӫN��"�Y�ҽT��6@�F|6ڡ0��x�(��S8ϊ>�}a ��nq*�\�@SԴmD"��gEmB�?l�}�gm�`$)a��6��?��2�>��»I�U�̫C`��U�"E6� n��Sag�G1�#��?*76�|Od \lnT�͐� ��G��y��uǪ8h��aK��;�f9��I�3��R.-��ȧd��!�1�ȝ��ُ]muECC�(�P��q��!TH�U8"�T��\�� #!��i��`п[��1��q��J.��y��kD��ΐo��Eu��ְ=� ��D}��J��h�]��<��z�C�Z��'�up@>)�(��g��3N�p*ľ�iʹ�G�hfp��q:V�Dj��͂xWV��-��lO��0��۬pJ�9�;��V`��ϧ>º5��*�<�`��L�xS�ʪ��_[Ek��(�w-3��'hAw�n L� �|��OKKK�9��cn��˽Уj(3j�yP~�/8B}�C'��J�§I6�YY�0�6-��5�� 6:ON:�Y��_BD��,�a�:��P�2�Cݷ��.��Q�{��EǏ��@��9��%?�S+,�<��\��u�8P��GZ�dѲ�ϸ_�նwn�2��Nê56{rp�&ٔ7��Ea��V��S��O��e�J� MC.�_��Zt��)�E8��l�}@yo��# \��M�B�t��4AkT%��~M��7Ml�(^C�sޕ�k{N�xh�Y��cU�K$��C(?ҟ�Ӣ�R �P@�RHݍ��}��'��g� ��q�网�/S��~�_N��Y�6��1��NV�m�^}H# �CIc��Gz��C92ьnZO��ܳ��YE�jyvx�[!��,m�K퉯>��o��v��v ��h)�ҜFp'�U2zIB�Vz��c�3q�9�]�P^`�gP�N1�� 8��rN�� OR'c��E��܃�W�(݈�=��GNz-��r�ڻ�`'��q[�2&F{�D���<ϋ��E��a�5�h�FQ�idw��U�ɡzrw��k��%��T@�so�� 2M�:Fi��?C l=��E+ʼD#��[̹l2��Q�>��s,�eD��>��G�%_��--r�=�&��%t�R��8e��

Sections

.text
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LoveSoul_ver.0.9.7.0/LoveSoul/Vcode.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GetVcodeFromBuffer
GetVcodeFromFile
GetVcodeFromHBitmap
GetVcodeFromHWND
GetVcodeFromIECache
GetVcodeFromURL
LoadCdsFromBuffer
LoadCdsFromFile

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LoveSoul_ver.0.9.7.0/LoveSoul/ʹǰض.txt
LoveSoul_ver.0.9.7.0/LoveSoul/ͼƬʽ.txt
LoveSoul_ver.0.9.7.0/LoveSoul/־.txt
LoveSoul_ver.0.9.7.0/LoveSoul/Զĵ.txt
ʹ˵.txt
֮˵.html

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 111KB - Virtual size: 111KB

.sdata Size: 512B - Virtual size: 185B

.rsrc Size: 615KB - Virtual size: 614KB

.reloc Size: 512B - Virtual size: 12B

25359909c9927835d1cbade79b46fc40

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 101KB

.rdata Size: - Virtual size: 27KB

.data Size: - Virtual size: 13KB

.vmp0 Size: - Virtual size: 2.4MB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 2.7MB - Virtual size: 2.7MB

.rsrc Size: 615KB - Virtual size: 614KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 216KB - Virtual size: 212KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 78KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 111KB - Virtual size: 111KB

.sdata
Size: 512B - Virtual size: 185B

.rsrc
Size: 615KB - Virtual size: 614KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 101KB

.rdata
Size: - Virtual size: 27KB

.data
Size: - Virtual size: 13KB

.vmp0
Size: - Virtual size: 2.4MB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 2.7MB - Virtual size: 2.7MB

.rsrc
Size: 615KB - Virtual size: 614KB

.text
Size: 216KB - Virtual size: 212KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 78KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 6KB