BtMgr[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BtMgr.exe
Size

639KB
MD5

5dd08810ec34b5e15b3863195585f947
SHA1

2a0e727a0d450428308df0e8c9932c2a9397478a
SHA256

5cd985e2979f12572da0b985ba9536125b44b0e550b1adcf8d7e07a7caae6b6c
SHA512

7a60d35722f550f1a4d10197e535e472446366498e121b4265da67c273f809b72c4bdc4287af4e94c9c6490dbe0e382c53348ba9a4116f78ce358b524c9a59b8
SSDEEP

12288:et6IkUU//UCGzP4ujCkLuw1Z39vVDeSSQhyl:eYI5GsCGzwujCkLuw1Z39vVDeSSQhyl

Score

1^/10

Malware Config

Signatures

Files

BtMgr.exe
.exe windows:5 windows x86 arch:x86

26138e84eec441a74bea598ba884a505

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

78:72:21:a2:bf:ff:fa:99:d5:b7:19:fc:91:97:76:f0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/07/2014, 00:00

Not After

15/09/2017, 23:59

Subject

CN=IVT CORPORATION,O=IVT CORPORATION,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:3a:71:a6:5e:b0:c9:09:1c:62:09:dd:b5:60:70:0e:39:7c:6c:05
Signer

Actual PE Digest

4e:3a:71:a6:5e:b0:c9:09:1c:62:09:dd:b5:60:70:0e:39:7c:6c:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

bssdk

Btsdk_BLEAddRemoteDeviceInfoToRegistry
Btsdk_GetLocalName
Btsdk_GetRemoteDeviceName
Btsdk_GetRemoteDeviceClass
Btsdk_Done
Btsdk_IsBsHelpCsConnected
Btsdk_GetPrivateProfileInt
Btsdk_GetShortCutProperty
Btsdk_FreeMemory
Btsdk_BLEGetConnectedProfilesByDevHdl
Btsdk_StartEnumConnection
Btsdk_EnumConnection
Btsdk_HFAP_CancelCall
Btsdk_EndEnumConnection
Btsdk_GetLocalDeviceClass
Btsdk_IsDeviceConnected
Btsdk_SetStatusInfoFlag
Btsdk_HFAP_APPRegCbk
Btsdk_AGAP_APPRegCbk
Btsdk_BLEGetServiceConfiguration
Btsdk_BLEHeartRateMeasurementStart
Btsdk_BLEHealthThermometerTemperatureMeasurementStart
Btsdk_BLEGetBatteryLevel
Btsdk_BLEHealthThermometerGetTemperatureType
Btsdk_BLEHeartRateMeasurementStop
Btsdk_BLEHeartRateGetBodySensorLocation
Btsdk_IsBluetoothReady
Btsdk_GATTCloseSession
Btsdk_BLEIsDeviceSupportLockPC
Btsdk_GetPrivateProfileString
Btsdk_BLEDecryptString
Btsdk_BLEFreeMemory
Btsdk_WritePrivateProfileInt
Btsdk_BLEEncryptString
Btsdk_WritePrivateProfileString
Btsdk_BLESetDeviceSupportLockPCByHdl
Btsdk_BroadcastMessage
Btsdk_BLECreateRegistryForLocalDevice
Btsdk_GetLocalDeviceAddress
Btsdk_GetPrivateProfileSection
Btsdk_WritePrivateProfileStruct
Btsdk_BLEGetConnectedProfiles
Btsdk_BLERegisterCallBack
Btsdk_GetRemoteDeviceAddress
Btsdk_Hid_LEHostConnect
Btsdk_BLEHeartRateMonitorStart
Btsdk_BLEHealthThermometerMonitorStart
Btsdk_BLEProximity_MonitorStart
Btsdk_BLEFindME_LocatorStart
Btsdk_UnPairDevice
Btsdk_Hid_LEClntUnPluggedDev
Btsdk_BLEHeartRateMonitorStop
Btsdk_BLEHealthThermometerMonitorStop
Btsdk_BLEProximity_MonitorStop
Btsdk_BLEFindME_LocatorStop
Btsdk_RegisterCallback
Btsdk_BLE_SetAlertLevel
Btsdk_GATTGetServices
Btsdk_GetLEDeviceAppearance
Btsdk_IsServerConnected
Btsdk_GetRemoteDeviceType
Btsdk_Init
Btsdk_RegisterGetStatusInfoCB

bscommon

BsCm_GetInstallDir
BsCm_GetRmtSvcDesStrID
BsCm_GetServiceClsNameStringID
BsCm_GetRmtSvcIconIDEx
BsCm_IsWindowsVistaAbove
BsCm_GetLocDevIconIDEx
BsCm_GetRmtDevStatusString
BsCm_GetDevTypeStrByDevCls
BsCm_PostMsg2Bttray
BsCm_BrowseFTPSvcFolderOfEx
BsCm_GetRmtDevIconIDEx
BsCm_GetLangDepResLib
BsCm_GetCommonSettingFilePath
BsCm_StartBttrayProc

bslangindepres

BsRes_GetResIcon

bslecommon

BsLECm_GetLangDepResLib
BsLECm_GetINIFolder

mfc90u

ord611
ord2360
ord2326
ord811
ord6065
ord2597
ord2208
ord1250
ord3794
ord374
ord639
ord4000
ord5008
ord6760
ord5167
ord4682
ord5653
ord1492
ord6408
ord3353
ord1675
ord1809
ord1810
ord5324
ord4631
ord5632
ord524
ord744
ord3486
ord367
ord1353
ord6091
ord2143
ord3741
ord6545
ord2901
ord4530
ord4527
ord1868
ord2593
ord2251
ord1607
ord2479
ord2478
ord3819
ord4007
ord415
ord670
ord4175
ord5615
ord4720
ord813
ord4586
ord4685
ord3225
ord6375
ord4697
ord1380
ord2369
ord5655
ord5598
ord4344
ord4429
ord2650
ord2651
ord3287
ord5803
ord980
ord6381
ord3230
ord6379
ord3229
ord5338
ord3232
ord4553
ord5450
ord5447
ord2860
ord2079
ord2445
ord5354
ord4985
ord4512
ord2282
ord3577
ord2130
ord1357
ord6666
ord404
ord663
ord5535
ord3187
ord320
ord1261
ord5770
ord2084
ord1552
ord6577
ord4774
ord1254
ord6496
ord6605
ord2038
ord2904
ord1506
ord5096
ord3687
ord6072
ord4741
ord3932
ord575
ord777
ord4034
ord4701
ord3489
ord1718
ord1880
ord1888
ord5808
ord4818
ord5035
ord1876
ord2121
ord6618
ord6616
ord2110
ord2089
ord2655
ord6159
ord1447
ord984
ord2205
ord2240
ord2241
ord4169
ord3109
ord3064
ord6668
ord6664
ord2264
ord6519
ord6622
ord6624
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord3670
ord3220
ord2447
ord6604
ord5675
ord617
ord341
ord996
ord570
ord799
ord4441
ord1098
ord4211
ord794
ord589
ord4043
ord4893
ord4890
ord3589
ord5767
ord1243
ord6811
ord1248
ord1707
ord5778
ord6822
ord2571
ord3115
ord4905
ord1137
ord1064
ord3993
ord266
ord614
ord338
ord3773
ord6187
ord2113
ord6094
ord3488
ord3543
ord2106
ord296
ord600
ord2537
ord1183
ord333
ord4044
ord778
ord595
ord3654
ord4681
ord4910
ord4348
ord2891
ord4071
ord4081
ord4080
ord3286
ord2764
ord2893
ord2774
ord3140
ord2966
ord4728
ord3112
ord2983
ord2771
ord5650
ord1727
ord1791
ord1792
ord2139
ord5625
ord1442
ord3226
ord6376
ord5404
ord3682
ord6804
ord4652
ord1665
ord2274
ord3768
ord4109
ord4866
ord4865
ord5224
ord4622
ord5214
ord4809
ord5418
ord4589
ord4596
ord5209
ord4807
ord4823
ord4820
ord4802
ord4805
ord4800
ord5296
ord5293
ord4378
ord3354
ord6410
ord4664
ord5601
ord5654
ord2643
ord2644
ord2647
ord2645
ord2646
ord3681
ord1440
ord1680
ord4693
ord2592
ord4131
ord5371
ord286
ord4543
ord6579
ord1354
ord3396
ord5016
ord5624
ord1938
ord3537
ord669
ord413
ord4006
ord2069
ord3818
ord4994
ord2859
ord4174
ord6802
ord1641
ord2368
ord2375
ord2630
ord2612
ord2610
ord2628
ord2640
ord2617
ord2633
ord2638
ord2621
ord2623
ord2625
ord2619
ord2635
ord2615
ord971
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord3743
ord5664
ord4603
ord6800
ord5512
ord2074
ord5602
ord2867
ord6762
ord4660
ord1493
ord2204
ord2239
ord801
ord5606
ord6044
ord1462
ord5861
ord3009
ord5945
ord4677
ord5285
ord5171
ord2090
ord4641
ord3340
ord3035
ord6439
ord6553
ord4906
ord4684
ord5137
ord650
ord388
ord4004
ord3803
ord293
ord1599
ord4448
ord4423
ord6801
ord4173
ord6803
ord5153
ord4747
ord4345
ord1751
ord1754
ord6411
ord3355
ord1719
ord2283
ord1272
ord3933
ord285

msvcr90

_CxxThrowException
_CIpow
__CxxFrameHandler3
memset
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_recalloc
calloc
_resetstkoflw
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
_beginthreadex
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_swprintf
memmove
memcpy_s
wcscpy_s
wcstol
__wargv
__argc
_vswprintf
sprintf
malloc
free
memcpy

kernel32

GlobalUnlock
WinExec
DeleteCriticalSection
FreeLibrary
CloseHandle
GetLastError
CreateMutexW
InitializeCriticalSection
Sleep
WideCharToMultiByte
OutputDebugStringA
MultiByteToWideChar
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
GetProcAddress
LoadLibraryW
lstrlenW
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
ResetEvent
SetEvent
WaitForSingleObject
ResumeThread
MulDiv
CreateEventW
GlobalLock
GlobalAlloc
LoadResource
LockResource
SizeofResource
FindResourceW
GlobalFree

user32

GetForegroundWindow
SetWindowPos
SetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetWindowTextW
GetPropW
EnumWindows
IsIconic
ShowWindow
UpdateWindow
FindWindowW
SendMessageW
ShowScrollBar
GetDC
ReleaseDC
LoadCursorW
CopyIcon
IsWindow
GetWindowRect
InvalidateRect
SetCursor
LoadStringA
PostMessageW
GetClientRect
PtInRect
ReleaseCapture
RedrawWindow
SetMenuItemInfoW
LoadBitmapW
SetWindowTextW
SetRect
GetMenuItemInfoW
ClientToScreen
EnableWindow
AppendMenuW
CreatePopupMenu
keybd_event
SystemParametersInfoW
SetPropW
GetSystemMetrics
SetTimer
KillTimer
OffsetRect
GetParent
GetSysColor
wsprintfW
LoadStringW
FillRect
FindWindowExW
SetCapture

gdi32

GetTextExtentPoint32W
GetStockObject
CreateSolidBrush
GetDeviceCaps
CreateFontW
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetViewportOrgEx
StretchBlt
CreateDIBSection
SetDIBColorTable
PatBlt
GetDIBColorTable
DeleteDC
SelectObject
Rectangle
BitBlt
SetViewportOrgEx

msimg32

TransparentBlt
AlphaBlend

advapi32

LogonUserW
GetUserNameW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

ole32

CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

OleLoadPicture

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateLineBrushFromRectI
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCloneBrush
GdipFillRectangleI
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipDrawImageRectRectI
GdiplusShutdown
GdipDrawImageI
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdiplusStartup

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 492KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26138e84eec441a74bea598ba884a505

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

78:72:21:a2:bf:ff:fa:99:d5:b7:19:fc:91:97:76:f0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4e:3a:71:a6:5e:b0:c9:09:1c:62:09:dd:b5:60:70:0e:39:7c:6c:05Signer

Headers

DLL Characteristics

File Characteristics

Imports

bssdk

bscommon

bslangindepres

bslecommon

mfc90u

msvcr90

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

ole32

oleaut32

gdiplus

msvcp90

Sections

.text Size: 81KB - Virtual size: 81KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 11KB - Virtual size: 13KB

.rsrc Size: 492KB - Virtual size: 492KB

.reloc Size: 15KB - Virtual size: 15KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

78:72:21:a2:bf:ff:fa:99:d5:b7:19:fc:91:97:76:f0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4e:3a:71:a6:5e:b0:c9:09:1c:62:09:dd:b5:60:70:0e:39:7c:6c:05
Signer

.text
Size: 81KB - Virtual size: 81KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 11KB - Virtual size: 13KB

.rsrc
Size: 492KB - Virtual size: 492KB

.reloc
Size: 15KB - Virtual size: 15KB