Bt roloo[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Bt roloo.exe
Size

10.0MB
MD5

52df0b9cec9b9f3f2408744a151227dd
SHA1

176a4bbc43eabe3080e254e6c9e9b197fb667531
SHA256

635cca89ef5f63b1a5a70c5f152ab9bdf7c01fc68250bed62c7793f2770bff01
SHA512

11878457922ab15f214b529e2d76e26d7efa42deb91f144e39f004c6654dd8b864b9d627e4de09d1ebde37e44760446194034b3c59563f967cf8cb4a832ff6f6
SSDEEP

24576:1+LusqZ0X0VaThvjRVlDfSiqlYnrHVyHRJQ:S0VaThvfMiqlk+JQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Bt roloo.exe

Files

Bt roloo.exe
.exe windows x86

c2c96ce4bcf5251f546035e5ea85e91f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LogicalToPhysicalPoint

gdi32

CreateCompatibleDC
RoundRect

kernel32

CreateFileW
GetProcAddress
GetModuleHandleA
GetModuleHandleW
MultiByteToWideChar
FormatMessageA
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LocalFree
GetLocaleInfoEx
LCMapStringEx
CompareStringEx
GetCPInfo
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
HeapSize
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
WriteConsoleW
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetCurrentThread
GetFileSizeEx
SetFilePointerEx
CloseHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
HeapReAlloc
SetConsoleCtrlHandler
GetTimeZoneInformation
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
ReadConsoleW

Sections

.text
Size: 518KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.Bounds
Size: 605KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.Bounds
Size: 605KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.Bounds
Size: 605KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2c96ce4bcf5251f546035e5ea85e91f

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

kernel32

Sections

.text Size: 518KB - Virtual size: 517KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 152KB - Virtual size: 157KB

.reloc Size: 18KB - Virtual size: 17KB

.Bounds Size: 605KB - Virtual size: 605KB

.Bounds Size: 605KB - Virtual size: 605KB

.Bounds Size: 605KB - Virtual size: 605KB

.text
Size: 518KB - Virtual size: 517KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 152KB - Virtual size: 157KB

.reloc
Size: 18KB - Virtual size: 17KB

.Bounds
Size: 605KB - Virtual size: 605KB

.Bounds
Size: 605KB - Virtual size: 605KB

.Bounds
Size: 605KB - Virtual size: 605KB