| File Name | BlueStar_2025.dll |
| File Type |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| Scanner Version | 1.0.217.174 |
| Database Version | 2025-05-30 19:00:16 UTC |
Malware family: Heuristic
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
e13e7b1492af269ae1730b336d80569f
|
|
| SHA1 |
d2cdc40ab0452eb8558025509d71a28c2f0ba926
|
|
| SHA256 |
74771c2550654e04149c91bb09f9e5d53092eb9e29ec3dd9ce022d025f253f1e
|
|
| SHA512 |
ee5074831f97c8d66e407d7420e16a6d0d7cfd67dd9b7355d6110beb86f7ac8715613e830e5b401f1ba565f35b9d8be6cd22601db4f4ac65952d128040e87caa
|
|
| ImpHash |
ad0e038b3535e8e3ce1229066dc63c93
|
| Icon |
Hash: d57508c47cc45b6bd340760cd5aa76b9
Fuzzy: 0b5208b0e0c787cdc328534de38d626d dHash: e0d4f0b2f0f0f070 |
| Image Base | 0x180000000 |
| Entry Point | 0x18058ef3f |
| Compilation Time | 2024-09-13 09:30:23 |
| Checksum | 0x00000000 (Actual: 0x0047047c) |
| OS Version | 6.0 |
| PEiD Signatures |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| Digital Signature | No valid SignedData structure was found. |
| Imports |
10 libraries
VERSION, SHELL32, USER32, MSVCP140, KERNEL32, VCRUNTIME140, api-ms-win-crt-runtime-l1-1-0, api-ms-win-crt-string-l1-1-0, api-ms-win-crt-heap-l1-1-0, WTSAPI32 |
| Exports | 7 functions |
| Resources | 14 Resources |
| Sections | 9 Sections |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
24,645 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x00008000 |
14,070 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.data |
0x0000c000 |
2,448 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.pdata |
0x0000d000 |
2,472 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.gfids |
0x0000e000 |
44 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.FPS0 |
0x0000f000 |
2,794,333 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.FPS1 |
0x002ba000 |
4,431,932 bytes | 4,432,384 bytes | 7.86 (Packed/Encrypted) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
6F8DB0B141A575A5A3D82C0302E58865 |
.reloc |
0x006f5000 |
176 bytes | 512 bytes | 1.67 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
61CE474B1D81D9D6875430C42D774E06 |
.rsrc |
0x006f6000 |
974,312 bytes | 199,168 bytes | 5.70 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
85E190A1EE4FB1B70C9964C0572C99E3 |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| AFX_DIALOG_LAYOUT | 1 | 2 bytes | |
| RT_BITMAP | 1 | 775,036 bytes | |
| RT_ICON | 9 | 197,189 bytes | |
| RT_DIALOG | 1 | 512 bytes | |
| RT_GROUP_ICON | 1 | 132 bytes | |
| RT_MANIFEST | 1 | 548 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
No valid SignedData structure was found.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Trojan.Heur!.02296022 without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
