bumblebee | LdrAddx64[.]dll | Triage

Submit
Reports

Overview

overview

Static

static

LdrAddx64.dll

windows10-1703-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

LdrAddx64.dll

Resource

win10-20220812-en

bumblebee 1508 trojan

windows10-1703-x64

2 signatures

150 seconds

General

Target

LdrAddx64.dll
Size

1.1MB
MD5

78796148afc0a3218f4ce6c9aacc429c
SHA1

cd5c762a8ce9fb69bd24531de0588a689fe76f0e
SHA256

0b0a5f3592df7b538b8d8db4ba621b03896f27c9f112b88d56761972b03e6e58
SHA512

93cce3ceade3a0a5b353db486bf5119a257e0899b744737bc2b6d6313b8a0cb313059ecb106a3f072c1103129c73f76506fa2b753297cf8a3b4e8b342a4855da
SSDEEP

24576:nPbd7OXoxkXTfxUXIeUu3MWXA0FaRaayXd0:MocTxUXX35XbFivyX

Score

10^/10

bumblebee

Malware Config

Extracted

Family

bumblebee

rc4.plain

Signatures

Bumblebee family
bumblebee

Files

LdrAddx64.dll
.dll windows x64

83f847006bcd9e79aedb74fc499583c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

StrToIntA
StrChrA
PathFindFileNameW

kernel32

VirtualFree
lstrcpyA
lstrcmpA
lstrcatA
GetProcAddress
FreeLibrary
VirtualAlloc
GetCurrentThread
GetCurrentThreadId
CloseHandle
GetModuleHandleW
VirtualProtectEx
LoadLibraryA
GetModuleHandleA
VirtualQuery
lstrlenA
VirtualQueryEx
GetCurrentProcess
UnmapViewOfFile

Exports

Exports

PQBgKzQJybBy
setPath

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy