blackmoon | 25859d53d1e04cd9ece99eee65d14311

Sharing

Copy URL Twitter E-mail

General

Target

25859d53d1e04cd9ece99eee65d14311
Size

1.7MB
MD5

25859d53d1e04cd9ece99eee65d14311
SHA1

d318b5d09793f429306aac3274ab2c9a55fca4b4
SHA256

caa626d4aed6772178d57d54665d397603dd909a3518a1a4bf0937406460c62e
SHA512

609d8ee1d10f5b83baa2b5fd30ade2a998dbed38283069ae240ea3dcbce849afab43784b1417f2d4fedece4e9548bee244d306fc7237a07fc82a10770ae9163a
SSDEEP

24576:zCsHexMEyc8j+d+IA3M9/LnwRqjLcTBE6xmju7VS4hEfWb:ztIAa/LwYjUOmkQ4W

Score

10^/10

vmprotect blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25859d53d1e04cd9ece99eee65d14311

Files

25859d53d1e04cd9ece99eee65d14311
.exe windows:4 windows x86 arch:x86

68348436755e7ffa71292b7d062eda2d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CreateFileA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
GetTickCount
GetLocalTime
FormatMessageA
GetUserDefaultLCID
GetPrivateProfileStringA
WritePrivateProfileStringA
UnmapViewOfFile
IsBadReadPtr
HeapReAlloc
ExitProcess
lstrlenA
GlobalSize
lstrcpyn
LocalSize
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
MulDiv
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
RtlMoveMemory
MultiByteToWideChar
GetModuleFileNameA
GetModuleHandleA
GetCurrentProcessId
TerminateProcess
OpenProcess
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
Sleep
WinExec
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetCursor
LoadCursorA
DefMDIChildProcA
SendMessageA
DefWindowProcA
DestroyWindow
GetClientRect
GetAsyncKeyState
CallWindowProcA
EndPaint
BeginPaint
MessageBoxTimeoutA
MessageBoxA
ReleaseDC
PostMessageA
GetMessageA
GetParent
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
IsWindow
GetDlgItem
SetFocus
GetFocus
GetWindowRect
ScreenToClient
InvalidateRect
ValidateRect
UpdateWindow
MoveWindow
PeekMessageA
TrackMouseEvent
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
GetClassNameA
CreateIconFromResource
CopyImage
CopyIcon
GetDC
SetParent
IsWindowVisible
ShowWindow
IsWindowEnabled
EnableWindow
GetWindowTextLengthA
DestroyIcon
PostQuitMessage
SetWindowLongA
DestroyCursor
CreateWindowExA
CheckMenuRadioItem
GetMenuItemID
GetWindowTextA
SetWindowTextA
SetPropA
GetPropA
RemovePropA
SetWindowRgn
SetRect
GetClassLongA
wsprintfA
GetWindowLongA
GetSubMenu
SetMenuInfo
InsertMenuA
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
DrawTextA
GetIconInfo
DrawIconEx
DrawIcon
RegisterClassExA
SetActiveWindow
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
SetWindowPos

gdi32

SelectObject
BitBlt
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
StretchBlt
CreateSolidBrush
DeleteDC
CreateCompatibleBitmap
FillRgn
SetTextColor
SetBkMode
FrameRgn
SetBkColor
CreateDIBSection
CreateCompatibleDC
GetObjectA
GetStockObject
CreateFontA
CreatePatternBrush
DeleteObject
CreateDIBitmap
GetDeviceCaps

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

atl

ord47
ord42

ole32

CoCreateInstance
OleRun
GetHGlobalFromStream
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID

oleaut32

VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
OleLoadPicture

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetGetCookieExA
InternetGetCookieA
InternetSetCookieA

shell32

DragAcceptFiles
Shell_NotifyIconA
DragFinish
DragQueryFileA

msimg32

AlphaBlend

gdiplus

GdiplusStartup
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown

shlwapi

StrToIntExA

msvcrt

_onexit
__dllonexit
??1type_info@@UAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_strnicmp
malloc
free
memmove
strrchr
rand
srand
_atoi64
toupper
__CxxFrameHandler
modf
strncpy
_CIpow
_CIfmod
_ftol
atoi
strncmp
tolower
sprintf
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z

Sections

.text
Size: 280KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 338KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

68348436755e7ffa71292b7d062eda2d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

atl

ole32

oleaut32

wininet

shell32

msimg32

gdiplus

shlwapi

msvcrt

Sections

.text Size: 280KB - Virtual size: 284KB

.rdata Size: 12KB - Virtual size: 16KB

.data Size: 1.0MB - Virtual size: 1.1MB

.CRT Size: 512B - Virtual size: 4KB

.vmp0 Size: 89KB - Virtual size: 92KB

.vmp1 Size: 338KB - Virtual size: 340KB

.text
Size: 280KB - Virtual size: 284KB

.rdata
Size: 12KB - Virtual size: 16KB

.data
Size: 1.0MB - Virtual size: 1.1MB

.CRT
Size: 512B - Virtual size: 4KB

.vmp0
Size: 89KB - Virtual size: 92KB

.vmp1
Size: 338KB - Virtual size: 340KB