blackmoon | 174a77d128d801a916d26ee90226df4ed8c52154ece27ffab41f80ee4388fd1f

Sharing

Copy URL Twitter E-mail

General

Target

174a77d128d801a916d26ee90226df4ed8c52154ece27ffab41f80ee4388fd1f
Size

9.4MB
MD5

7e0465d8b720964c0bd38e460577e5e9
SHA1

9b1089fa13ef4cc82246957136c9855e9c75d969
SHA256

174a77d128d801a916d26ee90226df4ed8c52154ece27ffab41f80ee4388fd1f
SHA512

7a6fc1eb03ac3f578fdb629e73708ae057cc4ce4d1d6a9e5f0b17195573bd01ecf672e4c9b50ab11ccab768c80d765525552aeaa9e14900b7d365758c23fc0db
SSDEEP

196608:O9ONnBw0iCjA+Jd//tYq/LQ1K+ATeLr2:EOvw0i+B/aq/RKLr

Score

10^/10

vmprotect blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

174a77d128d801a916d26ee90226df4ed8c52154ece27ffab41f80ee4388fd1f
.exe windows x86

a335bdd678c53b8052dd21f42618e3b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

winmm

waveOutGetNumDevs

ws2_32

gethostname

kernel32

UnhandledExceptionFilter
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetFocus

gdi32

GetPolyFillMode

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

RegisterDragDrop

oleaut32

VariantInit

comctl32

ImageList_Destroy

wldap32

ord29

comdlg32

GetOpenFileNameA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 828KB - Virtual size: 825KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a335bdd678c53b8052dd21f42618e3b1

Headers

File Characteristics

Imports

iphlpapi

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wldap32

comdlg32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 7.3MB - Virtual size: 7.3MB

.data Size: 72KB - Virtual size: 286KB

.vmp0 Size: 28KB - Virtual size: 27KB

.vmp1 Size: 828KB - Virtual size: 825KB

.vmp2 Size: 108KB - Virtual size: 105KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 7.3MB - Virtual size: 7.3MB

.data
Size: 72KB - Virtual size: 286KB

.vmp0
Size: 28KB - Virtual size: 27KB

.vmp1
Size: 828KB - Virtual size: 825KB

.vmp2
Size: 108KB - Virtual size: 105KB

.rsrc
Size: 12KB - Virtual size: 10KB