BluetoothApis[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

BluetoothApis.dll
Size

140KB
MD5

67f246041e7c910091caaf464d514f0f
SHA1

547065fecd5d8c5843d6f580d4b9c845caeab2fd
SHA256

00d44c853b4885a5b4ff8454a25791605d03a2f3b3a4ba0d11e193f9bd3b6236
SHA512

bc00a99cfeb469a5c890b381f74678ed9f00ab70cff35b74eb21e03ab2c235f1b96616368ea6aaf12fac810966630bd4d2fe8a5f9d988ed3435bd10b0cf22db1
SSDEEP

3072:G+5avXRzihobcpin4pZpwkxW+D3dqf3Qy20TV3/lLF7npThMWJ9O:G1vX5ihkf3LppiWJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BluetoothApis.dll

Files

BluetoothApis.dll
.dll windows:10 windows x86 arch:x86

2d5b02b1a76334e368d4e61163607b42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

BluetoothApis.pdb

Imports

msvcrt

memmove
?terminate@@YAXXZ
??1type_info@@UAE@XZ
memcpy
_amsg_exit
_CxxThrowException
??0exception@@QAE@ABQBDH@Z
_XcptFilter
_callnewh
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
_vsnprintf_s
??0exception@@QAE@XZ
__CxxFrameHandler3
wcstombs
swscanf
wcsncmp
_wcsicmp
??3@YAXPAX@Z
memcpy_s
_vsnwprintf
_initterm
_lock
_unlock
__dllonexit
_onexit
_except_handler4_common
memcmp
malloc
free
??1exception@@UAE@XZ
memset

ntdll

RtlCompareMemory
RtlNtStatusToDosError
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlUnicodeToUTF8N

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadLocale

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventExW
WaitForSingleObject
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateSemaphoreExW
CreateMutexExW
ResetEvent
ReleaseMutex
AcquireSRWLockShared
OpenSemaphoreW
ReleaseSemaphore
CreateEventW

rpcrt4

NdrClientCall4
RpcBindingCreateW
RpcStringBindingComposeW
RpcBindingUnbind
NdrClientCall2
RpcStringFreeW
RpcBindingFromStringBindingW
RpcBindingFree
RpcBindingBind
RpcBindingSetAuthInfoExW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-com-l1-1-0

CLSIDFromString
StringFromGUID2
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitializeEx

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW
PathFileExistsW

devobj

DevObjGetDeviceInstanceId
DevObjGetClassDevs
DevObjUninstallDevice
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInfo
DevObjOpenDevRegKey
DevObjCreateDeviceInfoList

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryEx

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroup
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks

api-ms-win-devices-config-l1-1-1

CM_Register_Notification
CM_Unregister_Notification

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BluetoothAddressToString
BluetoothDisconnectDevice
BluetoothEnableDiscovery
BluetoothEnableIncomingConnections
BluetoothEnumerateInstalledServices
BluetoothEnumerateInstalledServicesEx
BluetoothEnumerateLocalServices
BluetoothFindBrowseGroupClose
BluetoothFindClassIdClose
BluetoothFindDeviceClose
BluetoothFindFirstBrowseGroup
BluetoothFindFirstClassId
BluetoothFindFirstDevice
BluetoothFindFirstProfileDescriptor
BluetoothFindFirstProtocolDescriptorStack
BluetoothFindFirstProtocolEntry
BluetoothFindFirstRadio
BluetoothFindFirstService
BluetoothFindFirstServiceEx
BluetoothFindNextBrowseGroup
BluetoothFindNextClassId
BluetoothFindNextDevice
BluetoothFindNextProfileDescriptor
BluetoothFindNextProtocolDescriptorStack
BluetoothFindNextProtocolEntry
BluetoothFindNextRadio
BluetoothFindNextService
BluetoothFindProfileDescriptorClose
BluetoothFindProtocolDescriptorStackClose
BluetoothFindProtocolEntryClose
BluetoothFindRadioClose
BluetoothFindServiceClose
BluetoothGATTAbortReliableWrite
BluetoothGATTBeginReliableWrite
BluetoothGATTEndReliableWrite
BluetoothGATTGetCharacteristicValue
BluetoothGATTGetCharacteristics
BluetoothGATTGetDescriptorValue
BluetoothGATTGetDescriptors
BluetoothGATTGetIncludedServices
BluetoothGATTGetServices
BluetoothGATTRegisterEvent
BluetoothGATTSetCharacteristicValue
BluetoothGATTSetDescriptorValue
BluetoothGATTUnregisterEvent
BluetoothGetDeviceInfo
BluetoothGetLocalServiceInfo
BluetoothGetRadioInfo
BluetoothGetServicePnpInstance
BluetoothIsConnectable
BluetoothIsDiscoverable
BluetoothIsVersionAvailable
BluetoothRegisterForAuthentication
BluetoothRegisterForAuthenticationEx
BluetoothRemoveDevice
BluetoothSdpEnumAttributes
BluetoothSdpGetAttributeValue
BluetoothSdpGetContainerElementData
BluetoothSdpGetElementData
BluetoothSdpGetString
BluetoothSendAuthenticationResponse
BluetoothSendAuthenticationResponseEx
BluetoothSetLocalServiceInfo
BluetoothSetServiceState
BluetoothSetServiceStateEx
BluetoothUnregisterAuthentication
BluetoothUpdateDeviceRecord
BthpCheckForUnsupportedGuid
BthpCleanupBRDeviceNode
BthpCleanupDeviceLocalServices
BthpCleanupDeviceRemoteServices
BthpCleanupLEDeviceNodes
BthpEnableA2DPIfPresent
BthpEnableAllServices
BthpEnableConnectableAndDiscoverable
BthpEnableRadioSoftware
BthpFindPnpInfo
BthpGATTCloseSession
BthpInnerRecord
BthpIsBluetoothServiceRunning
BthpIsConnectableByDefault
BthpIsDiscoverable
BthpIsDiscoverableByDefault
BthpIsRadioSoftwareEnabled
BthpIsTopOfServiceGroup
BthpMapStatusToErr
BthpNextRecord
BthpRegisterForAuthentication
BthpSetServiceState
BthpSetServiceStateEx
BthpTranspose16Bits
BthpTranspose32Bits
BthpTransposeAndExtendBytes
DllCanUnloadNow
FindNextOpenVCOMPort
InstallIncomingComPort
ShouldForceAuthentication

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d5b02b1a76334e368d4e61163607b42

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-handle-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

rpcrt4

api-ms-win-security-base-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

oleaut32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

devobj

api-ms-win-core-threadpool-private-l1-1-0

api-ms-win-devices-query-l1-1-1

api-ms-win-devices-query-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-synch-l1-2-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 117KB - Virtual size: 116KB

PAGE Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 64B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 117KB - Virtual size: 116KB

PAGE
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 64B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB