BGM107[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BGM107.dll
Size

1.3MB
MD5

7c346f12002b3c0bce7dbe5edcbaea81
SHA1

36a044a3eaf3dd5ee02299e84b99113e439d0390
SHA256

56a7c38a980ad9d304c902e79c9d62e84983f8f74a1f962233327aeef4c7d044
SHA512

423281b4c95699ffb6ce16f8f3451768978f528acfd1fd3379df8edafaaf673597052e63770411e9e0631e8f8f28cf3b44221ef938af20d457b9c178e210ad84
SSDEEP

24576:ynmIANPinqyymqNdmB2qEOcNe1lKDjdLe+pSCkwC1D5+cLgvl9KJb0pMmAaNIoJB:ImIwLIqxCKRe7wC5svuJQp2aNIoJbkO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BGM107.dll

Files

BGM107.dll
.dll windows x86

5188e425339280ef664a4611c2b5d5bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
OutputDebugStringW
FlushViewOfFile
GetDriveTypeW
LoadLibraryA
GetProcAddress
GetWindowsDirectoryW
lstrcmpW
GetSystemTime
lstrcpyW
WideCharToMultiByte
CopyFileW
CreateFileA
GetFileSize
LoadLibraryW
CloseHandle
GlobalFree
DeleteFileW
GlobalAlloc
DeleteFileA
lstrcatW
GetCurrentThread
GetLastError
CopyFileA
DecodePointer
WriteConsoleW
HeapReAlloc
GetSystemInfo
HeapAlloc
Sleep
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetCurrentDirectoryW
SetStdHandle
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
ExitProcess
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
InterlockedFlushSList
RaiseException
RtlUnwind
GetStartupInfoW
MultiByteToWideChar
lstrcatA
GetSystemDirectoryW
CreateFileW
WaitForSingleObject
FindClose
lstrlenA
GetTempPathW
SetFilePointer
SetThreadPriority
GetModuleFileNameW
GetModuleHandleExW
WriteFile
lstrlenW
FindNextFileW
FindFirstFileW
HeapCompact
ReadFile
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
TryEnterCriticalSection
InitializeCriticalSection
AreFileApisANSI
HeapCreate
HeapFree
GetFullPathNameW
GetDiskFreeSpaceW
HeapDestroy
OutputDebugStringA
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateMutexW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetLastError
FormatMessageW
QueryPerformanceCounter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceFrequency
FreeLibrary
GetModuleHandleW
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcessId
SleepEx
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
GetFileSizeEx
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetProcessHeap
LockFileEx
LocalFree
UnlockFile
GetFileAttributesExW

user32

GetDC
GetSystemMetrics
wsprintfA
wsprintfW

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDIBits
DeleteObject
BitBlt

advapi32

CryptEncrypt
GetCurrentHwProfileA
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CryptImportKey
GetUserNameA

shell32

SHGetFolderPathA
ShellExecuteW
SHGetKnownFolderPath

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

shlwapi

PathFindFileNameW
PathFileExistsA
PathGetDriveNumberW
PathBuildRootW
PathFileExistsW
PathFindExtensionW
PathRemoveFileSpecA
PathCombineW

ws2_32

getsockopt
send
gethostname
ioctlsocket
getpeername
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
bind
accept
select
__WSAFDIsSet
inet_pton
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
inet_ntop
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent

crypt32

CertFindCertificateInStore
CertEnumCertificatesInStore
CryptStringToBinaryW
CertOpenStore
CryptUnprotectData
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertCloseStore
CertFreeCertificateChain

gdiplus

GdiplusShutdown
GdiplusStartup
GdipLoadImageFromFile
GdipGetImageEncoders
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipFree
GdipCloneImage
GdipAlloc
GdipDisposeImage

bcrypt

BCryptGenRandom
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptDestroyKey
BCryptCloseAlgorithmProvider

urlmon

URLDownloadToFileW

wininet

HttpOpenRequestW
InternetOpenW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetReadFile

Exports

Exports

CheckWWW
CreateInterface
GenercateToken
SystemCheck
VerifyInstallation

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5188e425339280ef664a4611c2b5d5bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

crypt32

gdiplus

bcrypt

urlmon

wininet

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 153KB - Virtual size: 152KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 153KB - Virtual size: 152KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 39KB - Virtual size: 39KB