blackmoon | 93960f8e553b56304be89a9e76309661849c29e98a74977467ee6393c7d9eea0

Sharing

Copy URL Twitter E-mail

General

Target

93960f8e553b56304be89a9e76309661849c29e98a74977467ee6393c7d9eea0
Size

10.6MB
MD5

3e91d577bc9500ea3319dd96196a8a70
SHA1

5cbe078d9ccda8496a5b510c483efbaf7fb0b66b
SHA256

93960f8e553b56304be89a9e76309661849c29e98a74977467ee6393c7d9eea0
SHA512

ba85f8b72902cb913544f284a43c758c7943f652370d9ceb4ea88a19ee2bb52ba2602049498382ef58ad1fed8fcd7ef190d71bcc26f123ae47407d77fcbc56e1
SSDEEP

196608:OBOtbQ6JVjP93izWhcSIIMSfpV4b653gsAaGEoXM8:OBOtbQ6zFyyMSxVeegsGEIM8

Score

10^/10

vmprotect blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93960f8e553b56304be89a9e76309661849c29e98a74977467ee6393c7d9eea0

Files

93960f8e553b56304be89a9e76309661849c29e98a74977467ee6393c7d9eea0
.exe windows:5 windows x86 arch:x86

4e5c427e705bedb57286bda63bb5f789

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GetCurrentDirectoryA
GetDiskFreeSpaceA
MulDiv
SetCurrentDirectoryA
CreateDirectoryA
SetFilePointer
GetEnvironmentVariableA
GetLocalTime
WritePrivateProfileStringA
GetPrivateProfileStringA
Sleep
GetStartupInfoA
CreateProcessA
WaitForSingleObject
SetFileAttributesA
WriteFile
CreateFileA
GetFileSize
ReadFile
GetTickCount
DeleteFileA
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
WriteProcessMemory
VirtualFree
VirtualAlloc
RtlZeroMemory
lstrcmpiW
lstrcmpW
GetTempPathA
GetVersionExA
GetCurrentProcessId
GetSystemInfo
CreateMutexA
lstrlenW
LocalSize
ReleaseMutex
LoadLibraryExA
RtlMoveMemory
TerminateProcess
InterlockedExchange
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
LCMapStringW
IsBadWritePtr
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
SetErrorMode
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetModuleHandleW
CreateRemoteThread
GetCurrentThreadId
GetVolumeInformationA
GetComputerNameA
DebugActiveProcessStop
ContinueDebugEvent
WaitForDebugEvent
DebugActiveProcess
GetSystemDirectoryA
GetTempFileNameA
VirtualAllocEx
CopyFileA
CreateEventA
OpenEventA
IsBadReadPtr
MultiByteToWideChar
FindClose
FindNextFileA
FindFirstFileA
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
TlsGetValue
LocalReAlloc
QueryDosDeviceA
GetLogicalDriveStringsA
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcpynA
WideCharToMultiByte
ReadProcessMemory
FlushFileBuffers
CreateThread
DeleteCriticalSection
GetACP
GlobalFree
GlobalUnlock
GlobalLock
GetLastError
GetCurrentProcess
lstrcpyA
lstrlenA
GlobalAlloc
SetLastError
lstrcatA
DeviceIoControl
GetVersion
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
LocalFree
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

LoadStringA
MessageBoxTimeoutW
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoW
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuStringW
TrackPopupMenu
CheckMenuRadioItem
SetMenuInfo
InsertMenuW
GetMenuItemCount
AppendMenuW
DestroyMenu
LoadMenuW
GetSystemMenu
CreatePopupMenu
CreateMenu
CharLowerW
CharUpperW
RegisterWindowMessageA
RegisterClassExW
SetForegroundWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
GetMessageW
SendMessageA
SystemParametersInfoA
SetWindowLongA
GetCursorPos
GetWindowLongA
PtInRect
GetKeyState
GetActiveWindow
GetNextDlgTabItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
GetDlgCtrlID
SetWindowTextA
GetWindowPlacement
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
UnregisterClassA
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageW
DrawMenuBar
SetMenu
GetSystemMetrics
PostQuitMessage
DestroyWindow
DestroyIcon
GetSysColor
SetClassLongW
GetClassLongW
SetRect
SetWindowRgn
DestroyCursor
RemovePropW
GetPropW
SetPropW
MessageBoxW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SetParent
PostMessageW
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
GetParent
GetClientRect
GetFocus
SetFocus
GetClassNameW
GetWindowLongW
SendMessageW
CreateWindowExW
SetWindowLongW
TrackMouseEvent
SetCursor
LoadCursorW
DefMDIChildProcW
DefWindowProcW
GetAsyncKeyState
CallWindowProcW
EndPaint
BeginPaint
GetWindowInfo
SetKeyboardState
AttachThreadInput
MapVirtualKeyA
SendInput
MoveWindow
GetMenuStringA
GetMenuItemID
GetSubMenu
GetMenu
GetScrollInfo
GetLastActivePopup
EnableWindow
DrawIconEx
FillRect
GetDC
ChildWindowFromPointEx
GetCursorInfo
GetDlgItem
ReleaseDC
GetWindowDC
IsZoomed
FindWindowExA
SetWindowPos
PostThreadMessageA
SetWindowsHookExA
MsgWaitForMultipleObjects
CallNextHookEx
GetWindowThreadProcessId
GetDesktopWindow
GetWindow
GetClassNameA
GetWindowTextLengthA
GetWindowTextA
PostMessageA
WaitForInputIdle
IsWindow
SwitchToThisWindow
SetActiveWindow
GetMenuBarInfo
GetAncestor
GetWindowRect
RedrawWindow
EnableMenuItem
IsWindowVisible
IsWindowEnabled
ShowWindow
IsIconic
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetDeviceCaps
CreateBitmap
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectObject
Rectangle
CreateCompatibleDC
CreateSolidBrush
CreateDIBSection
BitBlt
GetDIBits
GetStockObject
DeleteObject
GetObjectA
DeleteDC
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
SetTextColor
SetBkColor
SetBkMode
StretchBlt
CreatePatternBrush
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
CreateProcessAsUserA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

shell32

SHBrowseForFolderA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetPathFromIDListA
SHAppBarMessage
Shell_NotifyIconW

comctl32

ord17
InitCommonControlsEx

ole32

OleInitialize
CoInitialize

shlwapi

StrTrimW
PathFileExistsA
PathFindFileNameA

ws2_32

WSCEnumProtocols
socket
ntohs
gethostbyname
WSACleanup
htons
WSAStartup
getsockname
recvfrom
htonl
getpeername
inet_addr
gethostname
inet_ntoa
closesocket
connect
sendto
listen
bind
accept
__WSAFDIsSet
select
recv
send

atl

ord42

gdiplus

GdiplusShutdown

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

wtsapi32

WTSSendMessageW

Exports

Exports

}�� X��ٞm��5�yם��K��q.�_�v1#�j:#3��W<�9Ua�v�a��ٷ��Wy ��ǃ��Ȯ|6�*�L�1 Vf�!�=�Z��(�K�GD�f� T�6��6�#JƱ��۞��K�P��ɉ4X��7�U��w��E��R��J��u�J^� A�X��d+��8��`�3_�=*��4�0��5[�yTJ�R�q�/>wR��*!]�"Q��yq�7h�+ϲ�C��F�Q��=�@�{H :�r�T,yjS�0q�/Pә��#�p��ޔx��8Ԅ��o�Z��}��&��`v1ބn"w**�P��)B�!��w+ה��ѐX�"��w�ڽ��Wf�1߶��AD�hޠR�8#Zؗ��s�)�8�[�\��q9z��b�D'�q�Z�dQP�j��F�E��R_�I_v��;6�u��]��1��[3��Ofr��O��>�"�`�?�VȚZ5��"�@�G�XF^�SoX\*2QH�y�w��R�.g��|q�v��&��SR�9=��B�k!#5�I�Ѳ��^4��23��A��1h�� S��?��'T�H\4��>�X>��}� ��g�;��yn��˖I@��,��>��i !Y��4�g=4A�1␗X��V��<z-�'�om��t,H̃��V�/��Qu��}� ��z(F��{��_��t7��K�MU��[k�װY|��Ι��ɋ�Ffүbn��'�3��"R��, ��d��褓]~�o��0Ã��h�'�n��[n*>�~��'��@۔M�a��P)��CsUw��%�A�[�v8��NP\jA�),��zP잪?ʼ D��䉊��A��SnZ9]�a�5��\�g6Ҧ��&��m��m[6dS�L�X��oiQ��7��T �8�hN��%��^ŭ��c��ƽ�6n�w�m��϶�:@r�^�� L?��{��p��b�h��Z�*< ��DOd�h��IȾ��}Hrڍ�.��gt� G�3_<��P��X�ޜ�ֵ��i�m�Z��$pt��~mO�42��}^�k7�� ״�9]lR�dޗ��程��y�J��||5�z8lL�ֿ^c�W~�OL��'y�q�zv�51��u&ڠ�-��Mѹ�u��m��Q GJrR��fi iY�d��\r ��&�t*��}7� 3�w��c��X��W��V�0z�*U��}FsW$��!��γ��ڽʈ�f�d��)��7��`�bj� �Wqvӫ^�!�(�%i�R��a��T��\*��5� �L��-EA$��=O~��m��.�"c!O��݊͹q�λX�@�O+�`r}{ެ�Z��q'��I��y�c�'-��u��jO�ο��R�vTp�H��f�u��z6��6�H�}��Ѷ��U��S�P��n�Kp9��t��T6 a*L��QbQ��B��s��0��*�۔��r�`~�� ߶!�n��}%��ބ|�"�E{��j>@CThRprAAv��|��_��B+��0�� ,q;YaB:�0@��.�Hr~4��w,�,�Q8��qR7 mĢ�\<��4Ņ�U��/M��@��~�|��4ڠ�R�Q�P�P ��ܓr�7�oiR�V�ܜ�ӭ��Fq��bϱ�7�m*_��Ϛ��`M.eWAT?R��8��U�;7�[�ZGIgj�s?f��@�mD�i��<��S_�,�*��+\��nK�V�zKq-��j�қʸ�`�1��C?�n~?�c��пà��T3�l�K&<�n��$ո0'tq�@��Bc/��-{�NP�`��O��AV��/K��v[��v�z|�8)��݂�N��z(ڣ6FS��q��h��3�p��ҕR%��Q)��5�'�?ؤ��?�#]5��]{m|��Q��#^��EOt'��4�;/"��{^�SE�t��r�!��ᅺ��9�4,�,�6p�'��u��P��\��j�-s��JCՑ �~�-��+Mw��!�r��ܪs��G�T~�<��]ݾH��0a>�ԣ��2@�<��ڞ?��M9 L�Le��<%��|��'E;Y�l�MG�g��)2�6�?�;��H\��?��BI��7�)��6�8rs��]��ԟ�N�b�ۖmUȐ_��4Z�j�d��%��.��/I3P�p6��3BJ��QY>�n�}4��{�%�}ڇ��^�=��&n'\��r��ֱ}h�y�G�7�Ĭ��Z��,��%7��a9�:$�;��[ڑl~�wK�~V>��\�� O��O�D��a81��*|��^C{�"O�rX�:�p`po)X��#�B�h�� E7�%�>��^�M�B:�p�d�S��vxzC��t�kPl�l��N��ME1��Ђ�8NK'x:� �� 2/�hԶd;�.vc1��Ja_��v�~e��@�T��&�<�0��h�f��^a��*��˧�m��P+�6~FwÞ�T_��}#��}�U��(��ѶS�[q��+"ECK��s�n��vN�n5j�� 3��m�Uh��=��-\x�K��Y8P��g�X��p�H9�y;��3��d��Г��p�]a �/��O9_�M~v,)'��D�\]��i��1�Q�z��x$�u��w�Ѵt8��SO�t*'󭏣�b?��Z-w�c��^Oj�=n5��[��#c��ui��*4z��z��}i��G�f�.��\`#'�>N>��k��Ʀt"�[��x۹M��ZO��W�`��Ρt�&o��t��vh��aBI%(g�3��p�7��޺9Y

Sections

.text
Size: 692KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 820KB - Virtual size: 818KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.3MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4e5c427e705bedb57286bda63bb5f789

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

shlwapi

ws2_32

atl

gdiplus

winspool.drv

wtsapi32

Exports

Exports

Sections

.text Size: 692KB - Virtual size: 688KB

.rdata Size: 820KB - Virtual size: 818KB

.data Size: 4.3MB - Virtual size: 4.4MB

.vmp0 Size: 2.9MB - Virtual size: 2.9MB

.vmp1 Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 692KB - Virtual size: 688KB

.rdata
Size: 820KB - Virtual size: 818KB

.data
Size: 4.3MB - Virtual size: 4.4MB

.vmp0
Size: 2.9MB - Virtual size: 2.9MB

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 4KB - Virtual size: 1KB