RtkBtManServ[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

RtkBtManServ.exe
Size

747KB
MD5

4119ebe361f11863da0494133c5b057a
SHA1

614cfa010f75fceb06d880dab09ab0d1dc685239
SHA256

b7fe8854fbff90a683abd242e91a3ebe532f498a8a8084b15121fccf6a1e6deb
SHA512

da59387ffc578ed6bb9fff6e70ddf53492329bc810c301eb72cf018480c51fc675bd14768165c51c83a1e2f7f2e516735b3c28da46b344a54bd8216969c6ebb2
SSDEEP

12288:ZvUqxjFErFs6NAfl2RADPkG0we4f5NmiBU3:xpFE9s23we4f5NmiBm

Score

1^/10

Malware Config

Signatures

Files

RtkBtManServ.exe
.exe windows x64

Password: PASSWORD

db0dab94225fef23692c8e1575f38f1f

Code Sign

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/06/2021, 17:55

Not After

16/06/2022, 17:55

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:a0:2a:53:89:b8:fc:bd:bc:53:0b:c7:71:42:c4:6e:cd:e4:eb:b0:76:3e:4d:92:21:c1:d2:2f:18:e9:c3:b9
Signer

Actual PE Digest

60:a0:2a:53:89:b8:fc:bd:bc:53:0b:c7:71:42:c4:6e:cd:e4:eb:b0:76:3e:4d:92:21:c1:d2:2f:18:e9:c3:b9

Digest Algorithm

sha256

PE Digest Matches

true

60:a0:2a:53:89:b8:fc:bd:bc:53:0b:c7:71:42:c4:6e:cd:e4:eb:b0:76:3e:4d:92:21:c1:d2:2f:18:e9:c3:b9
Signer

Actual PE Digest

60:a0:2a:53:89:b8:fc:bd:bc:53:0b:c7:71:42:c4:6e:cd:e4:eb:b0:76:3e:4d:92:21:c1:d2:2f:18:e9:c3:b9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError
SetErrorMode

api-ms-win-core-heap-l1-1-0

HeapSize
GetProcessHeap
HeapReAlloc
HeapDestroy
HeapAlloc
HeapFree

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
OpenEventW
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
SetEvent
TryEnterCriticalSection
CreateEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
TryAcquireSRWLockExclusive
ResetEvent
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
SleepConditionVariableCS
WakeAllConditionVariable
InitializeConditionVariable

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-processthreads-l1-1-0

ExitThread
CreateThread
TlsSetValue
GetCurrentProcessId
GetCurrentProcess
GetStartupInfoW
TlsGetValue
TerminateProcess
ResumeThread
TlsAlloc
GetCurrentThreadId
GetExitCodeProcess
ExitProcess
OpenProcessToken
SuspendThread
GetCurrentThread
CreateProcessAsUserW
TlsFree

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
FindResourceExW
GetProcAddress
LoadResource
GetModuleHandleW
GetModuleHandleExW
SizeofResource
LockResource
FreeLibrary

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
InitializeSecurityDescriptor
AdjustTokenPrivileges
SetTokenInformation
SetSecurityDescriptorDacl

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumValueW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCreateKeyExW

api-ms-win-devices-config-l1-1-1

CM_Locate_DevNodeW
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Get_DevNode_Status
CM_Get_Device_ID_ListW
CM_Get_Device_IDW
CM_Get_Parent
CM_Disable_DevNode
CM_Enable_DevNode
CM_MapCrToWin32Err
CM_Unregister_Notification
CM_Register_Notification
CM_Get_Device_ID_List_SizeW

api-ms-win-core-file-l1-1-0

GetFileType
SetFilePointerEx
GetFileSize
SetEndOfFile
ReadFile
CreateDirectoryW
FindClose
WriteFile
FindFirstFileExW
FindNextFileW
DeleteFileW
CreateFileW
FlushFileBuffers

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount64
GetVersionExW
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemInfo

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-service-management-l1-1-0

DeleteService
StartServiceW
CloseServiceHandle
OpenSCManagerW
CreateServiceW
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

ws2_32

WSACleanup
WSAStartup

api-ms-win-shell-shdirectory-l1-1-0

ord290

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetFolderPathW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-core-toolhelp-l1-1-0

Process32FirstW
CreateToolhelp32Snapshot
Process32NextW

oleaut32

SysAllocStringLen

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
LocalFree
GlobalFree

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetStdHandle
SetEnvironmentVariableW

api-ms-win-core-memory-l1-1-0

ReadProcessMemory

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW

api-ms-win-core-psapi-l1-1-0

K32GetModuleBaseNameW
K32EnumProcesses
K32EnumProcessModules

api-ms-win-core-heap-obsolete-l1-1-0

GlobalHandle
GlobalLock
GlobalUnlock

rpcrt4

RpcStringFreeW
UuidToStringW

ext-ms-win-networking-wlanapi-l1-1-0

WlanQueryInterface
WlanOpenHandle
WlanFreeMemory
WlanCloseHandle
WlanEnumInterfaces

wlanapi

WlanIhvControl

shlwapi

PathRemoveFileSpecW

setupapi

SetupDiEnumDriverInfoW
SetupDiGetDeviceInstallParamsW
SetupDiDestroyDriverInfoList
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInfoDetailW
SetupDiSetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
SetupDiEnumDeviceInterfaces
SetupDiOpenDevRegKey
SetupDiBuildDriverInfoList
SetupDiGetClassDevsExW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

wtsapi32

WTSQueryUserToken

dbghelp

MiniDumpWriteDump

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
LCMapStringW
GetCPInfo
FormatMessageW
IsValidCodePage
GetUserDefaultLCID
GetOEMCP
GetACP
EnumSystemLocalesW
IsValidLocale

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlUnwind
RtlPcToFileHeader
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsSetValue
FlsAlloc
FlsGetValue

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-console-l1-1-0

GetConsoleCP
ReadConsoleW
SetConsoleCtrlHandler
GetConsoleMode
WriteConsoleW

Sections

.text
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: PASSWORD

db0dab94225fef23692c8e1575f38f1f

Code Sign

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

60:a0:2a:53:89:b8:fc:bd:bc:53:0b:c7:71:42:c4:6e:cd:e4:eb:b0:76:3e:4d:92:21:c1:d2:2f:18:e9:c3:b9Signer

60:a0:2a:53:89:b8:fc:bd:bc:53:0b:c7:71:42:c4:6e:cd:e4:eb:b0:76:3e:4d:92:21:c1:d2:2f:18:e9:c3:b9Signer

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-util-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

ws2_32

api-ms-win-shell-shdirectory-l1-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-0

userenv

api-ms-win-core-toolhelp-l1-1-0

oleaut32

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

rpcrt4

ext-ms-win-networking-wlanapi-l1-1-0

wlanapi

shlwapi

setupapi

wtsapi32

dbghelp

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-console-l1-1-0

Sections

.text Size: 532KB - Virtual size: 532KB

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

60:a0:2a:53:89:b8:fc:bd:bc:53:0b:c7:71:42:c4:6e:cd:e4:eb:b0:76:3e:4d:92:21:c1:d2:2f:18:e9:c3:b9
Signer

60:a0:2a:53:89:b8:fc:bd:bc:53:0b:c7:71:42:c4:6e:cd:e4:eb:b0:76:3e:4d:92:21:c1:d2:2f:18:e9:c3:b9
Signer

.text
Size: 532KB - Virtual size: 532KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 4KB - Virtual size: 18KB

.pdata
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB