BellsEbuth_x64[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

BellsEbuth_x64.zip
Size

63.8MB
MD5

d77db403193ca6a3dde6ebb9bbb48b4e
SHA1

52a0c8e55129e8da699bccb9c6651100fc8416b4
SHA256

07863b5956bd1f6b44db9ccfc3b5ce975601f2fe965310ac31ebc03ee050b96a
SHA512

7bf27ce023996e54652d9e1ce3fb92494000c788098b80a1218867b20c82e092dab4244c456218a4e5c80a7975eda7ebe1719659124ee1ea283cbe9ef9977954
SSDEEP

1572864:iEhswAo+e8RpFUBc0lVSSoveu/Hgl0tL4m07+XLbFl1js0FREjYIMJmSH:pSwAo+e6bUBdlVYvVgl0t707+X7REjY5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BellsEbuth.dll

Files

BellsEbuth_x64.zip
.zip
BellsEbuth.dll
.dll windows x64

8a97207ef419be6b9ca6b9f225ef35c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExW
LeaveCriticalSection
GetFileAttributesW
TerminateProcess
ReadFile
GetModuleFileNameW
CreateFileW
FlushFileBuffers
GetTempPathW
GetLastError
GetCurrentDirectoryW
MoveFileW
EnterCriticalSection
FindClose
RemoveDirectoryW
GetModuleHandleA
IsDebuggerPresent
FindNextFileW
GetFileAttributesExW
QueryPerformanceFrequency
DeleteCriticalSection
SetThreadAffinityMask
ReleaseMutex
DeleteFileW
GetVolumeInformationW
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
GetCurrentProcessId
ReleaseSemaphore
CreateSemaphoreW
CreateThread
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
LCMapStringW
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetHandleCount
FlsAlloc
SetLastError
FlsFree
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
RtlUnwindEx
GetStdHandle
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlPcToFileHeader
RaiseException
GetCommandLineA
FlsSetValue
GetSystemTimeAsFileTime
GetTimeZoneInformation
WideCharToMultiByte
GetTimeFormatW
GetDateFormatW
ExitThread
GetModuleHandleW
GetFileType
HeapReAlloc
EncodePointer
DecodePointer
HeapAlloc
HeapFree
GetLocaleInfoW
TerminateThread
InitializeCriticalSection
WriteFile
OutputDebugStringW
CreateDirectoryW
QueryPerformanceCounter
GetLogicalDriveStringsW
FreeLibrary
SetEndOfFile
GetDriveTypeW
SetFilePointer
FindFirstFileW
CreateMutexW
ExitProcess
GetCurrentThreadId
CloseHandle
GetThreadPriority
CreateEventW
GetProcAddress
SetThreadPriority
MultiByteToWideChar
Sleep
LoadLibraryW
GetCurrentThread
SetEvent
WaitForSingleObject
GetCurrentProcess
GetModuleFileNameA
GetProcessHeap

user32

MessageBeep
GetWindowInfo
LoadCursorW
TrackMouseEvent
SetForegroundWindow
SetCapture
GetMessageExtraInfo
IsChild
DefWindowProcW
SetWindowLongPtrW
CreateWindowExW
GetDesktopWindow
RegisterClassExW
GetWindowLongPtrW
UnregisterClassW
DestroyWindow
GetSystemMetrics
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowPos
GetClassNameW
CallNextHookEx
GetUpdateRgn
CloseClipboard
EnumDisplayMonitors
SetCursor
EndPaint
GetParent
GetSystemMenu
GetWindowRect
GetWindowThreadProcessId
AttachThreadInput
DispatchMessageW
PeekMessageW
TranslateMessage
EnumWindows
SetFocus
GetFocus
GetMessageW
ReleaseDC
GetDC
GetMessagePos
GetMessageTime
DestroyIcon
SetWindowTextW
SetClipboardData
SendMessageW
SetCaretPos
IsWindowVisible
ReleaseCapture
MessageBoxW
OpenClipboard
CreateCaret
GetActiveWindow
ShowWindow
SetLayeredWindowAttributes
GetCursorPos
DestroyCaret
DestroyCursor
RedrawWindow
SetWindowLongW
EmptyClipboard
EnableMenuItem
SystemParametersInfoW
GetClipboardData
GetAncestor
GetWindowLongW
SetCursorPos
PostMessageW
MapVirtualKeyW
InvalidateRect
GetAsyncKeyState
GetWindowPlacement
GetForegroundWindow
GetCapture
GetIconInfo
CreateIconIndirect
BeginPaint
ShowCaret
WindowFromPoint

gdi32

GetOutlineTextMetricsW
SetMapperFlags
GetKerningPairsW
GetGlyphOutlineW
SetMapMode
CreateRectRgnIndirect
GetRegionData
CreateBitmap
ExcludeClipRect
CreateDIBSection
CreateCompatibleDC
DeleteObject
SelectObject
GetDeviceCaps
CreateFontIndirectW
DeleteDC
GetTextMetricsW
RestoreDC
CreateRectRgn
GetObjectW
StretchDIBits
SaveDC
GetGlyphIndicesW
GetPixel
CombineRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

SHGetPathFromIDListW
ShellExecuteW
ExtractAssociatedIconW
SHGetMalloc
SHBrowseForFolderW
SHGetSpecialFolderPathW

ole32

RegisterDragDrop
CoTaskMemAlloc
DoDragDrop
RevokeDragDrop
OleUninitialize
OleInitialize

shlwapi

PathStripToRootW

winmm

timeBeginPeriod
timeGetTime

imm32

ImmGetContext
ImmGetCompositionStringW
ImmSetCandidateWindow
ImmNotifyIME
ImmReleaseContext

Exports

Exports

VSTPluginMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BellsEbuth.instruments/BellsEbuth.mse

Sharing

General

Malware Config

Signatures

Files

8a97207ef419be6b9ca6b9f225ef35c2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

shlwapi

winmm

imm32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 62KB - Virtual size: 373KB

.pdata Size: 74KB - Virtual size: 74KB

.tls Size: 512B - Virtual size: 21B

text Size: 12KB - Virtual size: 11KB

data Size: 26KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 43KB - Virtual size: 42KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 62KB - Virtual size: 373KB

.pdata
Size: 74KB - Virtual size: 74KB

.tls
Size: 512B - Virtual size: 21B

text
Size: 12KB - Virtual size: 11KB

data
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 43KB - Virtual size: 42KB