Win32[.]BUMBLEBEE_0[.]1[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Win32.BUMBLEBEE_0.1.zip
Size

1.3MB
MD5

99b794c1f126d34d1ec3f7e77afd1924
SHA1

0bc32cb18f1da390bcafa6946fbbdf22922c7afc
SHA256

cf8bfac1ce68faf49ca1e80151bf04bce833f34fcc22cfee0b2cd432fecf438c
SHA512

09f345a6a1728fa02c1dd5f86bcb95870d6ae733425567e07214edb043ac87bf1a9337043f638fa16e5e09da073908fae30c148f4483d0b025c0cfe5069b0e91
SSDEEP

24576:ePBEW/+KCfwxMotRs3i034xX3uvFs2upzb7D7sd2ulX5M+orzC3Y6T1:aHhtaF836u2u1b7D7oArh6T1

Score

8^/10

macro

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
static1/unpack001/0cef17ba672793d8e32216240706cf46e3a2894d0e558906a1782405a8f4decf

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c34e5d36bd3a9a6fca92e900ab015aa50bb20d2cd6c0b6e03d070efe09ee689a

Files

Win32.BUMBLEBEE_0.1.zip
.zip

Password: infected
0cef17ba672793d8e32216240706cf46e3a2894d0e558906a1782405a8f4decf
.docm office2007

ThisDocument

Module1
c34e5d36bd3a9a6fca92e900ab015aa50bb20d2cd6c0b6e03d070efe09ee689a
.dll regsvr32 windows:6 windows x64 arch:x64

bf00e0a5f077c9a1925ed08972af9ef7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
CloseHandle
CreateThread
SuspendThread
GetCurrentProcessId
GetSystemDirectoryA
WaitForSingleObject
GetFileType
SetEndOfFile
GetCurrentThread
CreateNamedPipeA
WaitNamedPipeA
VirtualAlloc
DuplicateHandle
CreateMutexA
OpenMutexA
ReleaseMutex
ExitThread
TransactNamedPipe
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
HeapAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetLastError
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsSetValue
FreeLibrary
LoadLibraryExW
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
RtlUnwindEx

Exports

Exports

Cnt918
DllRegisterServer

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 629KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

ThisDocument

Module1

bf00e0a5f077c9a1925ed08972af9ef7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 629KB - Virtual size: 628KB

.data Size: 1.7MB - Virtual size: 1.7MB

.pdata Size: 2KB - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 629KB - Virtual size: 628KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.pdata
Size: 2KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB