Malicious
Classifications
Downloader
Threat Names
BumbleBee
Dynamic Analysis Report
Created on 2023-02-03T18:26:08+00:00
51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656.exe.dll
Windows DLL (x86-64)
Remarks (2/3)
(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.
(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.
(0x0200000E): The overall sleep time of all monitored processes was truncated from "8 minutes, 29 seconds" to "1 minute, 30 seconds" to reveal dormant functionality.
Remarks
(0x0200005D): 7572 additional dumps with the reason "Content Changed" and a total of 12062 MB were skipped because the respective maximum limit was reached.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\kEecfMwgj\Desktop\51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656.exe.dll | Sample File | Binary |
Malicious
|
...
|
»
| Also Known As |
C:\Users\KEECFM~1\Desktop\51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656.exe.dll (Accessed File)
|
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 903.00 KB |
| MD5 |
a740177df6f2918373d4e6f482b8c2e3
|
| SHA1 |
4501edd7904033cfdee783c03af2df0db935be30
|
| SHA256 |
51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656
|
| SSDeep |
24576:gYfSxQ6Gjq/v/PQ7fV+Hz9PuYWp9ToAbXjTA+JxN9QS:/fSqovPQ7Cs9FbTTAAbx
|
| ImpHash |
5b5de5739f4fcbaa215d9c878921b5a7
|
PE Information
»
| Image Base | 0x180000000 |
| Entry Point | 0x180002EA0 |
| Size Of Code | 0x00011600 |
| Size Of Initialized Data | 0x000D0E00 |
| File Type | IMAGE_FILE_DLL |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_AMD64 |
| Compile Timestamp | 2023-02-01 16:16 (UTC+1) |
Sections (7)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x180001000 | 0x00011592 | 0x00011600 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.42 |
| .rdata | 0x180013000 | 0x0006E1CE | 0x0006E200 | 0x00011A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.45 |
| .data | 0x180082000 | 0x00061480 | 0x00060A00 | 0x0007FC00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.59 |
| .pdata | 0x1800E4000 | 0x00000A08 | 0x00000C00 | 0x000E0600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.32 |
| .gfids | 0x1800E5000 | 0x00000010 | 0x00000200 | 0x000E1200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.16 |
| .rsrc | 0x1800E6000 | 0x000001E0 | 0x00000200 | 0x000E1400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.72 |
| .reloc | 0x1800E7000 | 0x00000500 | 0x00000600 | 0x000E1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.02 |
Imports (1)
»
KERNEL32.dll (50)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateFileA | - | 0x180013000 | 0x00080C98 | 0x0007F698 | 0x000000BA |
| LockFile | - | 0x180013008 | 0x00080CA0 | 0x0007F6A0 | 0x000003BE |
| ReadFile | - | 0x180013010 | 0x00080CA8 | 0x0007F6A8 | 0x00000454 |
| WriteFile | - | 0x180013018 | 0x00080CB0 | 0x0007F6B0 | 0x000005F1 |
| CloseHandle | - | 0x180013020 | 0x00080CB8 | 0x0007F6B8 | 0x0000007F |
| GetLastError | - | 0x180013028 | 0x00080CC0 | 0x0007F6C0 | 0x00000256 |
| HeapCreate | - | 0x180013030 | 0x00080CC8 | 0x0007F6C8 | 0x0000033A |
| InitializeCriticalSection | - | 0x180013038 | 0x00080CD0 | 0x0007F6D0 | 0x00000350 |
| EnterCriticalSection | - | 0x180013040 | 0x00080CD8 | 0x0007F6D8 | 0x00000129 |
| LeaveCriticalSection | - | 0x180013048 | 0x00080CE0 | 0x0007F6E0 | 0x000003A5 |
| TryEnterCriticalSection | - | 0x180013050 | 0x00080CE8 | 0x0007F6E8 | 0x0000058B |
| WaitForSingleObject | - | 0x180013058 | 0x00080CF0 | 0x0007F6F0 | 0x000005BB |
| CreateThread | - | 0x180013060 | 0x00080CF8 | 0x0007F6F8 | 0x000000E7 |
| GetSystemDirectoryA | - | 0x180013068 | 0x00080D00 | 0x0007F700 | 0x000002D3 |
| VirtualAlloc | - | 0x180013070 | 0x00080D08 | 0x0007F708 | 0x000005AB |
| GetModuleHandleA | - | 0x180013078 | 0x00080D10 | 0x0007F710 | 0x0000026A |
| SwitchToFiber | - | 0x180013080 | 0x00080D18 | 0x0007F718 | 0x0000056A |
| CreateFiber | - | 0x180013088 | 0x00080D20 | 0x0007F720 | 0x000000B7 |
| ConvertThreadToFiber | - | 0x180013090 | 0x00080D28 | 0x0007F728 | 0x0000009C |
| CallNamedPipeA | - | 0x180013098 | 0x00080D30 | 0x0007F730 | 0x00000065 |
| RaiseException | - | 0x1800130A0 | 0x00080D38 | 0x0007F738 | 0x00000444 |
| RtlCaptureContext | - | 0x1800130A8 | 0x00080D40 | 0x0007F740 | 0x000004AE |
| RtlLookupFunctionEntry | - | 0x1800130B0 | 0x00080D48 | 0x0007F748 | 0x000004B5 |
| RtlVirtualUnwind | - | 0x1800130B8 | 0x00080D50 | 0x0007F750 | 0x000004BC |
| IsDebuggerPresent | - | 0x1800130C0 | 0x00080D58 | 0x0007F758 | 0x0000036A |
| UnhandledExceptionFilter | - | 0x1800130C8 | 0x00080D60 | 0x0007F760 | 0x00000592 |
| SetUnhandledExceptionFilter | - | 0x1800130D0 | 0x00080D68 | 0x0007F768 | 0x00000552 |
| GetCurrentProcess | - | 0x1800130D8 | 0x00080D70 | 0x0007F770 | 0x0000020F |
| TerminateProcess | - | 0x1800130E0 | 0x00080D78 | 0x0007F778 | 0x00000570 |
| IsProcessorFeaturePresent | - | 0x1800130E8 | 0x00080D80 | 0x0007F780 | 0x00000370 |
| SetLastError | - | 0x1800130F0 | 0x00080D88 | 0x0007F788 | 0x00000519 |
| HeapAlloc | - | 0x1800130F8 | 0x00080D90 | 0x0007F790 | 0x00000338 |
| HeapFree | - | 0x180013100 | 0x00080D98 | 0x0007F798 | 0x0000033C |
| GetModuleHandleW | - | 0x180013108 | 0x00080DA0 | 0x0007F7A0 | 0x0000026D |
| GetProcAddress | - | 0x180013110 | 0x00080DA8 | 0x0007F7A8 | 0x000002A4 |
| TlsGetValue | - | 0x180013118 | 0x00080DB0 | 0x0007F7B0 | 0x00000584 |
| TlsSetValue | - | 0x180013120 | 0x00080DB8 | 0x0007F7B8 | 0x00000585 |
| FreeLibrary | - | 0x180013128 | 0x00080DC0 | 0x0007F7C0 | 0x000001A4 |
| LoadLibraryExW | - | 0x180013130 | 0x00080DC8 | 0x0007F7C8 | 0x000003AA |
| LCMapStringW | - | 0x180013138 | 0x00080DD0 | 0x0007F7D0 | 0x00000399 |
| IsValidCodePage | - | 0x180013140 | 0x00080DD8 | 0x0007F7D8 | 0x00000375 |
| GetACP | - | 0x180013148 | 0x00080DE0 | 0x0007F7E0 | 0x000001AA |
| GetOEMCP | - | 0x180013150 | 0x00080DE8 | 0x0007F7E8 | 0x0000028D |
| GetCPInfo | - | 0x180013158 | 0x00080DF0 | 0x0007F7F0 | 0x000001B9 |
| ExitProcess | - | 0x180013160 | 0x00080DF8 | 0x0007F7F8 | 0x00000157 |
| GetModuleHandleExW | - | 0x180013168 | 0x00080E00 | 0x0007F800 | 0x0000026C |
| GetStringTypeW | - | 0x180013170 | 0x00080E08 | 0x0007F808 | 0x000002CC |
| MultiByteToWideChar | - | 0x180013178 | 0x00080E10 | 0x0007F810 | 0x000003D4 |
| WideCharToMultiByte | - | 0x180013180 | 0x00080E18 | 0x0007F818 | 0x000005DD |
| RtlUnwindEx | - | 0x180013188 | 0x00080E20 | 0x0007F820 | 0x000004BB |
Exports (5)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| Cpurthnvlc | 0x00005970 | 0x00000001 |
| FPH732n7 | 0x00011CF0 | 0x00000002 |
| KlXWgB9j | 0x00010010 | 0x00000003 |
| LKKIJ77 | 0x00006420 | 0x00000004 |
| MMlFUh3Tzt | 0x00010CF0 | 0x00000005 |
