| File Name | BlueStar_2025_1_0.dll |
| File Type |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| Scanner Version | 1.0.223.174 |
| Database Version | 2025-08-20 14:00:21 UTC |
Malware family: Heuristic
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
fda99f5c13224eb387daa9353a7595b1
|
|
| SHA1 |
a34ac022109c8ee6148901aff5384536678bc7cf
|
|
| SHA256 |
cfa4a4ba96b6d0ff4506c9595b3b22a9c02a02d4726bf3d76f5d0f9c5b4ddee1
|
|
| SHA512 |
5748734ce20f04379fc762df106457e2b2efd52567d7f8bbd355d25ce9f524a3c2102177e4ded9ab64d57a4cbb99a2a1ca2a9532f233d43b727c8cbd5e1ee58b
|
|
| ImpHash |
931d423636df92b1c3f2c2c27833dfde
|
| Icon |
Hash: d57508c47cc45b6bd340760cd5aa76b9
Fuzzy: 0b5208b0e0c787cdc328534de38d626d dHash: e0d4f0b2f0f0f070 |
| Image Base | 0x180000000 |
| Entry Point | 0x180570d0e |
| Compilation Time | 2024-12-05 10:31:24 |
| Checksum | 0x00000000 (Actual: 0x00476f95) |
| OS Version | 6.0 |
| PEiD Signatures |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| Digital Signature | No valid SignedData structure was found. |
| Imports |
10 libraries
VERSION, SHELL32, MSVCP140, KERNEL32, VCRUNTIME140, api-ms-win-crt-runtime-l1-1-0, api-ms-win-crt-string-l1-1-0, api-ms-win-crt-heap-l1-1-0, WTSAPI32, USER32 |
| Exports | 7 functions |
| Resources | 14 Resources |
| Sections | 9 Sections |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
23,813 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x00007000 |
14,820 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.data |
0x0000b000 |
2,440 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.pdata |
0x0000c000 |
2,592 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.gfids |
0x0000d000 |
44 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.FPS0 |
0x0000e000 |
2,808,629 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.FPS1 |
0x002bc000 |
4,458,916 bytes | 4,459,008 bytes | 7.86 (Packed/Encrypted) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
B3A3B1F48B646B5D053261E887CAF93C |
.reloc |
0x006fd000 |
196 bytes | 512 bytes | 1.81 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
4A6695AC1917664E5F9EDA8521E1CD9C |
.rsrc |
0x006fe000 |
974,300 bytes | 199,168 bytes | 5.70 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
960E0EB9CBC63219A95C83F824A22CEE |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| AFX_DIALOG_LAYOUT | 1 | 2 bytes | |
| RT_BITMAP | 1 | 775,036 bytes | |
| RT_ICON | 9 | 197,189 bytes | |
| RT_DIALOG | 1 | 500 bytes | |
| RT_GROUP_ICON | 1 | 132 bytes | |
| RT_MANIFEST | 1 | 551 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
No valid SignedData structure was found.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Trojan.Heur!.02296022 without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
