695e3fbab18106fd29a12a02e5c955bb0f3d4871544f23262b179f73f50aa78d

Sharing

Copy URL

Twitter E-mail

General

Target

695e3fbab18106fd29a12a02e5c955bb0f3d4871544f23262b179f73f50aa78d
Size

1.1MB
MD5

9a991d4e3b8b3010e11ee835433bfe80
SHA1

f72942edc42517d3f6ad46c30a7fa2dca893b946
SHA256

695e3fbab18106fd29a12a02e5c955bb0f3d4871544f23262b179f73f50aa78d
SHA512

7c921b27850ccca4365a30ab6920a7bb62e0436137e58ec779fd5038826ed9241bf9ca671f38dc0517e5b3cbb91a72485f97289c9e7b7e8698b6ce2174842ef2
SSDEEP

24576:CmqazIFSFQ5NcQKMfmht2rR8FfBhRJUEbDk1ulUM:3q6IFSFQ5GQKrt2r4PRSEk1ul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
695e3fbab18106fd29a12a02e5c955bb0f3d4871544f23262b179f73f50aa78d

Files

695e3fbab18106fd29a12a02e5c955bb0f3d4871544f23262b179f73f50aa78d
.exe windows:6 windows x64 arch:x64

43ed088a48284effd019f96a326508d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Git\WinSpace\BTDevManager_Merge\vs2017_BTDevManager\BTDevManager\bin\x64\Win10 Release\RtkBtManServ.pdb

Imports

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSize
HeapDestroy
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree

api-ms-win-core-synch-l1-1-0

CreateEventW
LeaveCriticalSection
WaitForSingleObject
ReleaseMutex
ResetEvent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
TryEnterCriticalSection
SetEvent
CreateMutexW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
InitializeSRWLock
InitializeCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
ExitProcess
TlsSetValue
TerminateProcess
TlsFree
GetCurrentProcessId
GetCurrentProcess
ResumeThread
GetStartupInfoW
GetCurrentThreadId
ExitThread
TlsGetValue
CreateThread
OpenProcessToken
TlsAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GetTickCount64
GetSystemInfo
GetVersionExW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
FreeLibraryAndExitThread
GetModuleHandleW
GetProcAddress
LockResource
GetModuleFileNameW
LoadResource
FindResourceExW
SizeofResource
GetModuleHandleExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW

api-ms-win-devices-config-l1-1-1

CM_Register_Notification
CM_Unregister_Notification
CM_Get_DevNode_PropertyW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Enable_DevNode
CM_Disable_DevNode
CM_MapCrToWin32Err
CM_Get_DevNode_Status
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW
CM_Locate_DevNodeW
CM_Get_Device_Interface_PropertyW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
CreateFileW
SetEndOfFile
GetFileSize
ReadFile
SetFilePointerEx
WriteFile
FlushFileBuffers
GetFileType
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-service-management-l1-1-0

CreateServiceW
OpenServiceW
CloseServiceHandle
StartServiceW
OpenSCManagerW
DeleteService

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW

ws2_32

WSAStartup
WSACleanup

api-ms-win-shell-shdirectory-l1-1-0

ord290

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetFolderPathW

oleaut32

SysAllocStringLen

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
GlobalFree
LocalFree

api-ms-win-core-processenvironment-l1-1-0

SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
ExpandEnvironmentStringsW
GetStdHandle
GetCommandLineA
GetCommandLineW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-memory-l1-1-0

ReadProcessMemory

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses
K32EnumProcessModules
K32GetModuleBaseNameW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalHandle
GlobalLock

rpcrt4

UuidToStringW
RpcStringFreeW

ext-ms-win-networking-wlanapi-l1-1-0

WlanQueryInterface
WlanFreeMemory
WlanEnumInterfaces
WlanCloseHandle
WlanOpenHandle

wlanapi

WlanIhvControl

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW

dbghelp

MiniDumpWriteDump

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-localization-l1-2-0

GetOEMCP
LCMapStringW
GetCPInfo
FormatMessageW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
IsValidCodePage
GetLocaleInfoW

api-ms-win-core-string-l1-1-0

CompareStringW
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlUnwindEx
RtlUnwind
RtlVirtualUnwind
RtlPcToFileHeader
RtlCaptureContext

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsSetValue
FlsGetValue
FlsFree

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
ReadConsoleW
GetConsoleCP
GetConsoleMode
WriteConsoleW

Sections

.text
Size: 427KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

43ed088a48284effd019f96a326508d5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-util-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

ws2_32

api-ms-win-shell-shdirectory-l1-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

oleaut32

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-memory-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

rpcrt4

ext-ms-win-networking-wlanapi-l1-1-0

wlanapi

setupapi

dbghelp

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-console-l1-1-0

Sections

.text Size: 427KB - Virtual size: 426KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 4KB - Virtual size: 18KB

.pdata Size: 24KB - Virtual size: 23KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 427KB - Virtual size: 426KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 4KB - Virtual size: 18KB

.pdata
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 568KB - Virtual size: 572KB