BtSoft[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BtSoft.exe
Size

13.9MB
MD5

3416c0d581672622269afbe828f511ad
SHA1

82b31e6f173fedc775d1f9a6e44a9bb486aea982
SHA256

0bff0d5c7b38bd5ff5168a442eb7ae2d670c0e4f17a223aa049299074b4654ee
SHA512

6a1851fb87c4fb7f9adf0fe5514b03389b797042fd6556aa7987b60fe4f1e5093cf047811f4196d7e85651c48e6c12049283a8201417b5cc05a3af8b727896e1
SSDEEP

98304:03Kv9h08bc44SLf9FdNtCzTw49VkemnX9TZsqh63AqW:0q9jRTZNtCTw49VkeeX9TZsqU5W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BtSoft.exe

Files

BtSoft.exe
.exe windows x86

eb45c6852748648997fd8f56be52a3a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
WriteFile
CloseHandle
WinExec
GetSystemInfo
GetModuleFileNameA
LoadResource
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
CreateFileW
GetVersionExW
MultiByteToWideChar
Sleep
FindResourceW
LockResource
SetEnvironmentVariableA
ReadConsoleW
ReadFile
SetEndOfFile
VirtualQuery
GetFileAttributesExW
CreateProcessA
GetExitCodeProcess
EncodePointer
DecodePointer
GetLastError
HeapValidate
RaiseException
RtlUnwind
GetCommandLineW
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FatalAppExitA
GetModuleHandleExW
ExitProcess
GetProcAddress
AreFileApisANSI
WideCharToMultiByte
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThread
GetCurrentThreadId
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
HeapAlloc
GetProcessHeap
LoadLibraryExW
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetModuleHandleW
CreateSemaphoreW
OutputDebugStringA
WriteConsoleW
FreeLibrary
SetStdHandle
FlushFileBuffers
SetFilePointerEx
GetStringTypeW
WaitForSingleObject
GetTimeZoneInformation

advapi32

RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteA

wininet

InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetReadFile
HttpQueryInfoW

Sections

.textbss
Size: - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 866KB - Virtual size: 865KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12.8MB - Virtual size: 12.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb45c6852748648997fd8f56be52a3a4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

wininet

Sections

.textbss Size: - Virtual size: 409KB

.text Size: 866KB - Virtual size: 865KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 12KB - Virtual size: 23KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 12.8MB - Virtual size: 12.8MB

.reloc Size: 70KB - Virtual size: 69KB

.textbss
Size: - Virtual size: 409KB

.text
Size: 866KB - Virtual size: 865KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 12KB - Virtual size: 23KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 12.8MB - Virtual size: 12.8MB

.reloc
Size: 70KB - Virtual size: 69KB