bitsprx5[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

bitsprx5.dll
Size

34KB
MD5

6e8d038d7a6a0408280a3812e10355f9
SHA1

fd2788af96f276cf9869025aac3cc8a5b68f016d
SHA256

0fe398532418802f6573f977ffb459163dfe2cde0e4af5eb38a7b22b4fa735c3
SHA512

63628686387090b3a4bc255b5fd96314476a9a42c33de9b1285aa21e40b07bdc5c6611cb187a04d1f046769f2bc91b4881728222b68fbea032e9ab1b1254a50e
SSDEEP

384:+4xxPztIZmz90HgzY4WQgt0CKsNtZYD/iHaisfUG5mlK/lBvWrCWk/34iO:+4xxPztIZmh0AzY4IKsFYdbBGaO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bitsprx5.dll

Files

bitsprx5.dll
.dll regsvr32 windows:6 windows x64 arch:x64

628743404e2c4ba9f457ab79acb334f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bitsprx5.pdb

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
memcmp

rpcrt4

NdrDllGetClassObject
NdrDllUnregisterProxy
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrStubForwardingFunction
NdrOleAllocate
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
NdrStubCall3
CStdStubBuffer_DebugServerRelease
NdrCStdStubBuffer2_Release
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllCanUnloadNow
CStdStubBuffer_Disconnect

combase

ord7
ord14
ord6
ord32
ord10
ord12
ord5
ord9
ord2
ord4
ord8
ord15
ord35
ord33
ord36
ord34
ord16
ord11
ord13
ord3

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
GetCurrentProcessId

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

628743404e2c4ba9f457ab79acb334f7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

combase

kernel32

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 24KB

.orpc Size: 512B - Virtual size: 476B

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 512B - Virtual size: 264B

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 24KB

.orpc
Size: 512B - Virtual size: 476B

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 264B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB