BLUE_REFLECTION[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

BLUE_REFLECTION.exe
Size

26.2MB
MD5

82f56df0f64cbc495bd86ad1216b6af6
SHA1

d8ff9930b5fd8623328fa54d681868a0cf013fdb
SHA256

250840c4483d1bef224e7be57d79e91c6d25c4e92839c54df2df472b4735cdb4
SHA512

df14bf24a181ab577cd955d883c60b5978d115ff680aea90e0b0e763744e56bc961bc54cf3672138e9daeac73fd404e4ef5638b9afd0a434724c41e590d387ee
SSDEEP

98304:hrOb5W0SLzfORz0QYpOzkY+7sRPyQVaoSe6N11P/Y/H+CEVBbVLlXl80Yg9fOiva:JUCpOzkYDRPykivMJcdPF84dqXs2U2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BLUE_REFLECTION.exe

Files

BLUE_REFLECTION.exe
.exe windows:6 windows x64 arch:x64

a013dcac17f87818754730be3d9bc197

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Work_KTG\projMelp\ktg_svn\school\Elixir\A18\Schoolx64MasterROM.pdb

Imports

msvcr110

rename
isdigit
fmod
vsprintf
longjmp
_setjmp
isupper
isxdigit
ispunct
isprint
strtod
strtol
tolower
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
?terminate@@YAXXZ
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_ismbblead
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_acmdln
_fmode
_commode
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtSetUnhandledExceptionFilter
memcpy
strlen
memmove
_CxxThrowException
memset
vsprintf_s
powf
frexp
modf
_vsnprintf
floorf
sprintf_s
memchr
memcmp
strcmp
sqrtf
remove
_localtime64
_gmtime64
fflush
feof
__iob_func
strchr
isalnum
isspace
isalpha
islower
strtok
strcpy
expf
_splitpath_s
sprintf
fabs
ceilf
sinf
atoi
rand
strcpy_s
wcslen
fclose
fread
fwrite
swprintf_s
_wfopen_s
atan2f
_stricmp
sscanf_s
strstr
atof
_vsnprintf_s
modff
cosf
strtok_s
strncmp
strncpy_s
srand
acos
exit
sin
cos
sqrt
exp
ceil
atan
pow
log
ldexp
qsort
floor
fseek
fopen
realloc
malloc
free
calloc
_errno
_fseeki64
ftell
fmodf
strtoul
log10f
logf
_wcsicmp
wcsncpy_s
wcscpy_s
wcschr
wcscat_s
iswalnum
_wsplitpath_s
_wfullpath
wcsncmp
towupper
iswcntrl
iscntrl
vswprintf_s
_beginthreadex
clock
__C_specific_handler
_endthreadex
_time64
printf
atanf
abs
acosf
_isnan
_finite
tanf
toupper
asinf
__CxxFrameHandler3

shell32

SHGetFolderPathA
SHGetFolderPathW
ord165

steam_api64

SteamAPI_GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_UnregisterCallback
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamInternal_ContextInit
SteamInternal_CreateInterface
SteamAPI_Init
SteamAPI_RegisterCallback

shlwapi

PathFileExistsW

msvcp110

?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_1@placeholders@std@@3V?$_Ph@$00@2@A
?_Xbad_function_call@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Orphan_all@_Container_base12@std@@QEAAXXZ
??1_Container_base12@std@@QEAA@XZ
??0_Container_base12@std@@QEAA@XZ
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
??0id@locale@std@@QEAA@_K@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Orphan_all@_Container_base0@std@@QEAAXXZ

d3dx10_43

D3DXMatrixInverse
D3DXMatrixRotationAxis
D3DXQuaternionRotationMatrix
D3DXPlaneFromPoints
D3DXMatrixLookAtRH
D3DXMatrixMultiply

vcomp110

_vcomp_set_num_threads
_vcomp_barrier
_vcomp_for_static_end
_vcomp_for_static_init
_vcomp_for_dynamic_next
_vcomp_for_dynamic_init
omp_set_num_threads
omp_get_num_procs
_vcomp_fork

d3dcompiler_43

D3DReflect

dwmapi

DwmGetCompositionTimingInfo

d3d9

Direct3DCreate9Ex

kernel32

GetProcessHeap
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
IsDebuggerPresent
EncodePointer
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetModuleFileNameA
GetCurrentDirectoryA
SetThreadExecutionState
DecodePointer
CreateSemaphoreW
WaitForMultipleObjects
GetFullPathNameW
GetFullPathNameA
GetDriveTypeA
CreateFileA
SleepConditionVariableCS
IsProcessorFeaturePresent
CreateEventW
WakeAllConditionVariable
InitializeConditionVariable
FormatMessageA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateSemaphoreA
GetCurrentThreadId
ReleaseSemaphore
MoveFileW
GetModuleHandleA
GetLastError
WriteFile
SetFileTime
RemoveDirectoryW
ReadFile
GetFileTime
GetFileSizeEx
GetFileAttributesW
FlushFileBuffers
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
GetDriveTypeW
GetCurrentDirectoryW
SystemTimeToFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
ResumeThread
SetThreadPriority
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetExitCodeThread
RaiseException
WideCharToMultiByte
MultiByteToWideChar
ExitThread
CreateThread
CreateEventA
CloseHandle
OutputDebugStringA
GetLocalTime
DebugBreak
Sleep
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
CreateMutexA
ResetEvent

d3d11

D3D11CreateDevice

dinput8

DirectInput8Create

imm32

ImmDisableIME

xinput1_3

ord3
ord2

user32

GetSystemMenu
EnableMenuItem
DispatchMessageA
TranslateMessage
LoadIconA
LoadCursorA
ShowCursor
GetWindowRect
GetClientRect
ReleaseDC
GetDC
SendMessageA
GetSystemMetrics
SetWindowPos
DestroyWindow
CreateWindowExA
GetClassInfoExA
RegisterClassExA
PostQuitMessage
DefWindowProcA
GetMonitorInfoA
EnumDisplaySettingsA
SetWindowLongPtrA
GetWindowLongPtrA
ShowWindow
CallWindowProcA
CharNextW
GetMessageA
PeekMessageA
SetTimer
KillTimer
MessageBoxA
CharNextA

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
CoGetClassObject
CoTaskMemAlloc

oleaut32

VariantClear
VariantInit

gdi32

GetStockObject

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Sections

.text
Size: 17.1MB - Virtual size: 17.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 644KB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 510KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a013dcac17f87818754730be3d9bc197

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr110

shell32

steam_api64

shlwapi

msvcp110

d3dx10_43

vcomp110

d3dcompiler_43

dwmapi

d3d9

kernel32

d3d11

dinput8

imm32

xinput1_3

user32

ole32

oleaut32

gdi32

advapi32

Sections

.text Size: 17.1MB - Virtual size: 17.1MB

.rdata Size: 6.7MB - Virtual size: 6.7MB

.data Size: 644KB - Virtual size: 6.3MB

.pdata Size: 1.2MB - Virtual size: 1.2MB

.idata Size: 16KB - Virtual size: 20KB

.tls Size: 2KB - Virtual size: 4KB

_RDATA Size: 7KB - Virtual size: 8KB

.rsrc Size: 510KB - Virtual size: 512KB

.text
Size: 17.1MB - Virtual size: 17.1MB

.rdata
Size: 6.7MB - Virtual size: 6.7MB

.data
Size: 644KB - Virtual size: 6.3MB

.pdata
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 16KB - Virtual size: 20KB

.tls
Size: 2KB - Virtual size: 4KB

_RDATA
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 510KB - Virtual size: 512KB