Backdoor[.]Win32[.]Bifrose[.]ed-84a463f9ed26c8f9088c90331d56466bd3c9bf8833882082664462e30a2450c1

General

Target

Backdoor.Win32.Bifrose.ed-84a463f9ed26c8f9088c90331d56466bd3c9bf8833882082664462e30a2450c1
Size

51KB
MD5

17dff3388d4b2570712e2d06a7e0135c
SHA1

3ac0d1bdf599381a2ec913126d6b9bc98f3887bf
SHA256

84a463f9ed26c8f9088c90331d56466bd3c9bf8833882082664462e30a2450c1
SHA512

89b11edd2dc85ebf6da7e7ea0b5e90e5f3df2090e912c12ba64bbc84c6df53f69b22d693cb10c5a7ce7e2642a3144b93c10509535714b432eafb3385b61a6f5c
SSDEEP

768:IxDxGiZux43TyjvLfXlUIz99bTDyH5/X0GYKZ+cveI+7PvGt0:IhE2M43TyjvrXu29bw/X0I0yUPo0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Backdoor.Win32.Bifrose.ed-84a463f9ed26c8f9088c90331d56466bd3c9bf8833882082664462e30a2450c1

Files

Backdoor.Win32.Bifrose.ed-84a463f9ed26c8f9088c90331d56466bd3c9bf8833882082664462e30a2450c1
.exe windows:4 windows x86 arch:x86

db0fc01fd6c13eabfca0d4b5690616a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadProcessMemory
lstrcpyA
CreateProcessA
lstrcatA
GetWindowsDirectoryA
DuplicateHandle
GetCurrentProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetComputerNameA
lstrcmpA
CopyFileA
DeleteFileA
SetFileAttributesA
VirtualProtectEx
lstrlenA
GetSystemDirectoryA
GetFileSize
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
ExitProcess
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetProcessHeap
CreateRemoteThread
SetLastError
GetCurrentProcessId
VirtualFree
WriteProcessMemory
Sleep
GetModuleHandleA
GetProcAddress
WaitForSingleObject
WriteFile
CloseHandle
VirtualAlloc
GetPriorityClass
ResumeThread

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
GetUserNameA
RegSetValueExA

msvcrt

_strrev
strrchr
strncpy
strchr
atoi
free
malloc
_strnicmp
_stricmp

shlwapi

SHDeleteKeyA

user32

FindWindowA
GetWindowThreadProcessId
wsprintfA

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

gu_idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

gu_rsrcs
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db0fc01fd6c13eabfca0d4b5690616a4

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

shlwapi

user32

Sections

.text Size: 36KB - Virtual size: 36KB

.rsrc Size: 8KB - Virtual size: 8KB

gu_idata Size: 1KB - Virtual size: 4KB

gu_rsrcs Size: 5KB - Virtual size: 5KB

.text
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 8KB - Virtual size: 8KB

gu_idata
Size: 1KB - Virtual size: 4KB

gu_rsrcs
Size: 5KB - Virtual size: 5KB