bdk-node[.]win32-x64-msvc[.]node

Sharing

Copy URL Twitter E-mail

General

Target

bdk-node.win32-x64-msvc.node
Size

5.8MB
MD5

9d388b2644eb117f5e6c68cdef11d4db
SHA1

4a3a73f28b373fa4fb576ef0f9b1bafc1ad5cb3e
SHA256

1ee00b7e0f5cfbd6994c25aeeccee08b78d6844ccbe696c2960baa4a4f58b726
SHA512

325fc53e5137e5abcd533c8bd528dbc1a4aaa0d69c155af8731874b0b8812c0b659fc499d5d025590f2bf6b5ec699b8ebff8204b98d07b7580bfee3ceb903c9c
SSDEEP

98304:UJiDgimLvz3v+QMKp++d+MHHhrX2ANMm:Xsomj9m8M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdk-node.win32-x64-msvc.node

Files

bdk-node.win32-x64-msvc.node
.dll windows:6 windows x64 arch:x64

648ea39a4ef37854db25bb0e6db1df02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

SystemFunction036

kernel32

HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
SwitchToThread
QueryPerformanceCounter
GetLastError
FreeLibrary
GetProcAddress
GetModuleHandleExW
CloseHandle
GetModuleHandleA
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
ReleaseMutex
RtlLookupFunctionEntry
GetModuleHandleW
FormatMessageW
SetHandleInformation
QueryPerformanceFrequency
GetSystemTimeAsFileTime
SetLastError
GetCurrentDirectoryW
GetCurrentThread
RtlCaptureContext
AcquireSRWLockShared
GetEnvironmentVariableW
Sleep
RtlVirtualUnwind
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
TerminateProcess

ws2_32

closesocket
send
WSAGetLastError
WSASend
getsockopt
WSASocketW
select
connect
ioctlsocket
getaddrinfo
recv
WSACleanup
setsockopt
WSAStartup
freeaddrinfo

bcrypt

BCryptGenRandom

ntdll

NtWriteFile
RtlNtStatusToDosError

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
_CxxThrowException
memset
memmove
memcpy
memcmp
__CxxFrameHandler3

api-ms-win-crt-math-l1-1-0

ceilf

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_cexit
_initialize_narrow_environment
_initterm_e
_configure_narrow_argv
_seh_filter_dll
_initterm

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

napi_register_module_v1
rustsecp256k1_v0_6_1_context_create
rustsecp256k1_v0_6_1_context_destroy
rustsecp256k1_v0_6_1_default_error_callback_fn
rustsecp256k1_v0_6_1_default_illegal_callback_fn

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

648ea39a4ef37854db25bb0e6db1df02

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ws2_32

bcrypt

ntdll

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 112KB - Virtual size: 111KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 112KB - Virtual size: 111KB

.reloc
Size: 8KB - Virtual size: 8KB