BSBLEFuncM[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

BSBLEFuncM.exe
Size

2.8MB
MD5

46acdb46957d229a69e4ddd936269c1f
SHA1

6cd5ec8b0430bf6309718fe886fbbf081f75d964
SHA256

a13b96ec361a64e4788bda0826cd2829a3943f72271f2d1ee238e5732f83215b
SHA512

a1f0e0f12f34aa05ca92dcf4a65adc622901c89d66f77d886c5e0d56ef7a381e075eadedc930d976ef8c509de0d70ae738bee2d4e1ae0448d0b3bb5c0eca03fb
SSDEEP

49152:+0d08h7+ObXK49fwv2Q5fPXTahhYqbLMuo:+0d08h7+OrROvPXXTahhYqbLMl

Score

1^/10

Malware Config

Signatures

Files

BSBLEFuncM.exe
.exe windows:5 windows x86 arch:x86

1ae5c3c13ad6a0746c35d5aaf296104e

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

78:72:21:a2:bf:ff:fa:99:d5:b7:19:fc:91:97:76:f0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/07/2014, 00:00

Not After

15/09/2017, 23:59

Subject

CN=IVT CORPORATION,O=IVT CORPORATION,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:38:8e:1b:68:d7:96:3a:4c:a7:90:eb:0d:5a:d9:1c:61:1f:4d:c7
Signer

Actual PE Digest

34:38:8e:1b:68:d7:96:3a:4c:a7:90:eb:0d:5a:d9:1c:61:1f:4d:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

bssdk

Btsdk_SetStatusInfoFlag
Btsdk_GetPrivateProfileString
Btsdk_CheckOLInfo
Btsdk_RegisterGetStatusInfoCB
Btsdk_Done
Btsdk_EndEnumRemoteDevice
Btsdk_GetRemoteDeviceAddress
Btsdk_GetRemoteDeviceType
Btsdk_EnumRemoteDevice
Btsdk_StartEnumRemoteDevice
Btsdk_IsServerConnected
Btsdk_Init
Btsdk_IsBsHelpCsConnected
Btsdk_GetPrivateProfileSection

bsbledlg

BsBLE_OpenSettingDlg
BsBLE_CreateDlgProfilePage
DllPreTranslateMessage

bscommon

BsCm_IsSupportADFunction
BsCm_GetCommonSettingFilePath

mfc110u

ord6360
ord1467
ord996
ord1059
ord7506
ord2331
ord2335
ord4820
ord7667
ord13113
ord13365
ord2811
ord8626
ord12417
ord10224
ord7505
ord989
ord1463
ord7844
ord2154
ord946
ord13732
ord6723
ord12760
ord12057
ord12089
ord10278
ord8062
ord4528
ord12085
ord12077
ord5789
ord3794
ord6219
ord14488
ord6220
ord14489
ord6218
ord14487
ord7847
ord12364
ord14287
ord11821
ord11820
ord1985
ord7789
ord12779
ord4031
ord4093
ord9248
ord14415
ord7770
ord14409
ord12375
ord12374
ord2432
ord5233
ord8169
ord12697
ord8230
ord8314
ord8308
ord923
ord1404
ord14055
ord12511
ord12444
ord461
ord10194
ord1106
ord7347
ord8599
ord4168
ord6477
ord3873
ord539
ord1164
ord4824
ord2164
ord13958
ord5298
ord1959
ord10883
ord3127
ord4177
ord3202
ord8986
ord6700
ord1437
ord2472
ord3902
ord14198
ord6403
ord9085
ord12011
ord449
ord1101
ord6356
ord2466
ord5091
ord2468
ord12902
ord13948
ord9549
ord13868
ord361
ord1061
ord12860
ord3806
ord1980
ord14367
ord979
ord6398
ord13081
ord13596
ord12391
ord12411
ord12785
ord12699
ord12927
ord12919
ord13109
ord13515
ord13936
ord8734
ord13933
ord12851
ord13944
ord12854
ord7266
ord5295
ord6964
ord4588
ord892
ord6661
ord922
ord1403
ord1453
ord9060
ord7294
ord13952
ord4510
ord12918
ord8664
ord8209
ord13076
ord2248
ord2345
ord12474
ord6678
ord12894
ord4112
ord11571
ord11088
ord10121
ord9338
ord9885
ord11719
ord10249
ord11362
ord10161
ord11320
ord6804
ord7634
ord9893
ord9892
ord10991
ord8862
ord10967
ord9379
ord11584
ord8764
ord8772
ord6000
ord10962
ord9376
ord9836
ord9831
ord9364
ord9374
ord9359
ord11122
ord11119
ord8150
ord6090
ord13575
ord3249
ord3247
ord8055
ord2707
ord10130
ord10132
ord10131
ord10129
ord10133
ord5528
ord11563
ord11564
ord8990
ord11926
ord3780
ord11774
ord14408
ord8816
ord6840
ord10847
ord9106
ord3211
ord13699
ord12097
ord12095
ord1707
ord4908
ord1724
ord4909
ord1729
ord4858
ord4895
ord4866
ord4878
ord4874
ord4870
ord4901
ord4891
ord4862
ord4905
ord4912
ord4910
ord4911
ord4886
ord4441
ord9540
ord4433
ord3000
ord14410
ord7771
ord14416
ord6738
ord11555
ord2954
ord285
ord5792
ord12010
ord8353
ord1179
ord554
ord290
ord10317
ord1382
ord884
ord7345
ord6436
ord4754
ord2251
ord6429
ord1104
ord457
ord6967
ord3824
ord6617
ord5401
ord5638
ord10095
ord9059
ord3181
ord12182
ord2324
ord14424
ord4795
ord12239
ord14477
ord2194
ord7338
ord1062
ord362
ord6931
ord2385
ord13078
ord1650
ord13785
ord1441
ord968
ord280
ord1514
ord2329
ord286
ord265
ord266
ord8679
ord3994
ord2497
ord8678
ord11495
ord10127
ord11441
ord10583
ord11516
ord13524
ord5806
ord2626
ord11942
ord3317
ord3316
ord3124
ord12006
ord5128
ord5425
ord5635
ord9200
ord5404
ord5664
ord5131
ord5287
ord5109
ord7572
ord7573
ord7563
ord5285
ord8064
ord10100
ord9076
ord2935
ord8676
ord2122
ord3882
ord11380
ord8670
ord4825
ord11732
ord11024
ord12017
ord7360
ord3775
ord1161
ord532
ord7011
ord1504
ord2355
ord10829
ord11011
ord11515
ord9351
ord9350
ord9112
ord11008
ord11443
ord8855
ord12058
ord8977
ord13577
ord6091
ord3090
ord12716
ord8204
ord11969
ord8891
ord10860
ord11233
ord4033
ord3349
ord3348
ord3109
ord6089
ord13573
ord3250
ord2706
ord11927
ord1716
ord1720
ord4883
ord4847
ord4853
ord9541
ord6739
ord2628
ord11962
ord10349
ord3210
ord10698
ord10157
ord11572
ord13784
ord1502
ord1516
ord1039
ord296
ord10094
ord6359

msvcr110

_CxxThrowException
memset
__CxxFrameHandler3
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except_handler4_common
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
memmove
rand
_time64
srand
_recalloc
calloc
wcscpy_s
free
_resetstkoflw
malloc
_wtoi
sprintf_s
strcat_s
wcscat_s
memcpy_s
memcpy

kernel32

CreateMutexW
SetEvent
CloseHandle
WaitForSingleObject
OutputDebugStringW
DeleteCriticalSection
LocalFree
InterlockedDecrement
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer
InitializeCriticalSectionAndSpinCount
LockResource
CreateThread
FreeLibrary
GetModuleFileNameW
LoadLibraryW
GetLastError
CreateEventW
GlobalFree
GlobalUnlock
InterlockedExchange
GlobalLock
GlobalAlloc
LoadResource
SizeofResource
FindResourceW
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetWindowsDirectoryW
GetCurrentProcess
GetModuleHandleW
GetProcAddress
Sleep
MultiByteToWideChar

user32

GetParent
GetClientRect
EnableWindow
UpdateWindow
InflateRect
GetCursor
DispatchMessageW
GetMessageW
IsChild
GetFocus
SetTimer
DrawFrameControl
OffsetRect
KillTimer
GetMessagePos
SetRectEmpty
GetSysColor
IsRectEmpty
GrayStringW
DrawTextExW
TabbedTextOutW
CopyIcon
IsWindow
DrawTextW
GetWindowRect
EqualRect
CreatePopupMenu
SetFocus
DrawIcon
GetSystemMetrics
SetPropW
LoadIconW
AppendMenuW
GetSystemMenu
RedrawWindow
SendMessageW
ShowWindow
IsIconic
EnumWindows
GetPropW
GetWindowTextW
AttachThreadInput
GetWindowThreadProcessId
SetForegroundWindow
GetForegroundWindow
GetWindowLongW
ReleaseCapture
InvalidateRect
SetCapture
GetCapture
SetRect
CopyRect
LoadCursorW
SetCursor
PtInRect
ScreenToClient
LoadStringW
SetWindowPos
GetDC
PostMessageW

gdi32

SetDIBColorTable
CreateCompatibleDC
SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
GetObjectW
CreateDIBSection
StretchBlt
CreateRectRgnIndirect
CreateFontW
CreateFontIndirectW
GetMapMode
GetStockObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
BitBlt
CreateCompatibleBitmap
GetTextExtentPoint32W
GetDIBColorTable

msimg32

TransparentBlt
AlphaBlend

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx
ImageList_Draw
ImageList_GetImageInfo
_TrackMouseEvent
ImageList_ReplaceIcon

ole32

CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
SysAllocString
VariantClear
VariantInit
SysFreeString

gdiplus

GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImageI
GdiplusShutdown
GdipDrawImageRectRectI
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromFile
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusStartup
GdipDrawImageRectI

wininet

InternetOpenW
InternetCloseHandle
InternetOpenUrlW

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ae5c3c13ad6a0746c35d5aaf296104e

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

78:72:21:a2:bf:ff:fa:99:d5:b7:19:fc:91:97:76:f0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

34:38:8e:1b:68:d7:96:3a:4c:a7:90:eb:0d:5a:d9:1c:61:1f:4d:c7Signer

Headers

DLL Characteristics

File Characteristics

Imports

bssdk

bsbledlg

bscommon

mfc110u

msvcr110

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

ole32

oleaut32

gdiplus

wininet

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 21KB - Virtual size: 20KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

78:72:21:a2:bf:ff:fa:99:d5:b7:19:fc:91:97:76:f0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

34:38:8e:1b:68:d7:96:3a:4c:a7:90:eb:0d:5a:d9:1c:61:1f:4d:c7
Signer

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 21KB - Virtual size: 20KB