HEUR-Packed[.]Win32[.]BlackMoo[.]gen-12dd892d6c323c51756bc4fe87c52b04116b65e44e65272418d976f3728c743b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Packed.Win32.BlackMoo.gen-12dd892d6c323c51756bc4fe87c52b04116b65e44e65272418d976f3728c743b
Size

47KB
MD5

d5a8d2f067be42745dfbfd1439afed28
SHA1

63efa97a5b2ef1128d364611910fc172d493a669
SHA256

12dd892d6c323c51756bc4fe87c52b04116b65e44e65272418d976f3728c743b
SHA512

b6cd516b6250d664ccc24d126b053b313ae2c4afe42af6c7a50a011e22c89880386105e3a7747ce60b66b0e00bdb2cf29b91d0b6c3ecb126f6dda893acef4dea
SSDEEP

768:w0VhtAfwHimao51vD6VHypXI0LdWfQqzNWNLP9T0BBAlLlSyDt+4Jsb:w0hAW1iqdWNzI5Pd4CSyDt+rb

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Packed.Win32.BlackMoo.gen-12dd892d6c323c51756bc4fe87c52b04116b65e44e65272418d976f3728c743b

Files

HEUR-Packed.Win32.BlackMoo.gen-12dd892d6c323c51756bc4fe87c52b04116b65e44e65272418d976f3728c743b
.exe windows:4 windows x86 arch:x86

3692d664d063c430bc70000eda71cfd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
CreateProcessA
Sleep
WaitForSingleObject
ReleaseMutex
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
CloseHandle
GetModuleFileNameA
GetCurrentDirectoryA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
GetTickCount
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
OpenMutexA
IsBadReadPtr
SetConsoleTitleA

user32

PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetMessageA

msvcrt

rand
tolower
??3@YAXPAX@Z
srand
strrchr
_ftol
strchr
atoi
memmove
malloc
free
fclose
fread
rewind
ftell
fseek
fopen
fwrite

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ