Bifrost[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Bifrost.exe
Size

819KB
MD5

2433b273f9ba2b632f02fa2a7cedd047
SHA1

d4e92811e21835ed2d0cf44479e2c1f0b64a6913
SHA256

d1d133c8649f3d59b526426ad55cf748433bd706f8310ed190f39b08551f769d
SHA512

cfd4a510026406febfd73e67331df65fbd7083117857d7451b0b7c50356896cea95053605f8c3acd533418252577ec29ce8a9b3caaf2717338bdec746848cfae
SSDEEP

12288:NdqAeR9JZpJWcw5tAe6Wh2/bDH3Q7LUj3egg0HfRdgJcIt822n7fBxPC+6+O5:vG9JZK6WhdgfH5yHHKVxq+6+y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Bifrost.exe

Files

Bifrost.exe
.exe windows:6 windows x86 arch:x86

94a44fac7f5d46eb7246e87d2c2bdfb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WORK\ビフ館200324（steam版）\Release\Bifrost.pdb

Imports

kernel32

CloseHandle
FileTimeToLocalFileTime
CreateDirectoryA
GetFileTime
GetModuleFileNameA
FindNextFileA
Sleep
LoadLibraryA
GetProcAddress
WriteConsoleW
SetEndOfFile
HeapReAlloc
HeapSize
CreateFileW
FlushFileBuffers
GetStringTypeW
SetStdHandle
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
SetFilePointerEx
GetFileType
GetConsoleCP
ReadConsoleW
CreateFileA
HeapAlloc
HeapFree
GetACP
GetStdHandle
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
GetCurrentDirectoryA
SetCurrentDirectoryA
FindClose
SetFilePointer
WriteFile
FindFirstFileA
CompareFileTime
SetEnvironmentVariableA
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
GetLastError
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadFile
GetPrivateProfileIntA
FileTimeToSystemTime
GetConsoleMode
MultiByteToWideChar
DecodePointer

user32

GetKeyState
MessageBoxA
GetActiveWindow
wsprintfA
ReleaseDC
GetDC
EndPaint
BeginPaint
SetCursorPos
UpdateWindow
RegisterClassExA
PostQuitMessage
UnregisterClassA
PeekMessageA
GetClientRect
CreateWindowExA
DestroyMenu
DefWindowProcA
RegisterClassA
SetMenu
MoveWindow
GetWindowLongA
ChangeDisplaySettingsExA
ChangeDisplaySettingsA
ClientToScreen
CheckMenuItem
SetWindowLongA
IsMenu
GetDlgItemTextA
ShowWindow
DialogBoxParamA
GetSystemMetrics
EndDialog
TranslateMessage
SetWindowPos
DestroyWindow
SystemParametersInfoA
LoadIconA
SetDlgItemTextA
LoadCursorA
SetWindowTextA
GetAsyncKeyState
SendMessageA
GetMenu
DispatchMessageA
GetWindowRect

gdi32

ChoosePixelFormat
GetStockObject
SwapBuffers
SetPixelFormat

gdiplus

GdipBitmapLockBits
GdiplusShutdown
GdipCloneImage
GdipBitmapUnlockBits
GdipAlloc
GdipDisposeImage
GdipFree
GdipCreateBitmapFromFile
GdiplusStartup

winmm

timeGetTime
timeBeginPeriod
waveOutWrite
waveOutUnprepareHeader
waveOutClose
waveOutReset
waveOutPause
waveOutOpen
waveOutPrepareHeader

opengl32

glViewport
glTexEnvf
glPopAttrib
glMatrixMode
wglCreateContext
glTexParameteri
glClearColor
glColor4f
glPushMatrix
wglMakeCurrent
glOrtho
glPushAttrib
glClear
glFlush
glRotatef
glScalef
glPopMatrix
glTranslatef
glDrawArrays
glLoadIdentity
wglDeleteContext
glBindTexture
glGenTextures
glTexImage2D
glTexEnvi
glPixelStorei
glEnable
glBlendFunc
glDisable
glDeleteTextures
glInterleavedArrays

glu32

gluPerspective

glew32

_glewInit@0
__glewBlendFuncSeparate
__glewFramebufferRenderbufferEXT
__glewGenRenderbuffersEXT
__glewBindRenderbufferEXT
__glewGenFramebuffersEXT
__glewRenderbufferStorageEXT
__glewFramebufferTexture2DEXT
__glewBindFramebufferEXT

dinput8

DirectInput8Create

steam_api

SteamInternal_FindOrCreateUserInterface
SteamAPI_Init
SteamAPI_GetHSteamUser
SteamAPI_Shutdown
SteamInternal_ContextInit
SteamAPI_RunCallbacks

Sections

.text
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94a44fac7f5d46eb7246e87d2c2bdfb4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

gdiplus

winmm

opengl32

glu32

glew32

dinput8

steam_api

Sections

.text Size: 500KB - Virtual size: 499KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 132KB - Virtual size: 5.0MB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 59KB - Virtual size: 59KB

.text
Size: 500KB - Virtual size: 499KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 132KB - Virtual size: 5.0MB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 59KB - Virtual size: 59KB