bthserv[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bthserv.dll
Size

63KB
MD5

1df19c96eef6c29d1c3e1a8678e07190
SHA1

5570ba554498ce055ee0c81c5d0bca589b8cd407
SHA256

1f4bb161ff3a1c5b1465bb52f3520fedb7acb1faa132466f07d16db8e394aea5
SHA512

9bc94fb413e5e7077a53c6434f9519845e93cac93fbcd23b179d68692d9727df26ee4527365b36417efdf3b496d4ef6bd8446553f0f404f020bac8164c6f930e
SSDEEP

768:Lp1xmAiRQBE0SmbsZEgJ/ouaUiHnWs9RmHyQA7Eu4VQIWQLr49gSWGJtD8BOgVTc:LpxBYtjohPHn8qJmr49gSWo58BOAc1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bthserv.dll

Files

bthserv.dll
.dll windows:6 windows x86 arch:x86

363e8818b91046db0c441660a6b8befb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

bthserv.pdb

Imports

msvcrt

memcpy
_vsnwprintf
_CxxThrowException
??3@YAXPAX@Z
memset
_XcptFilter
malloc
??1type_info@@UAE@XZ
_except_handler4_common
_amsg_exit
_initterm
free

ntdll

EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwGetTraceEnableLevel
EtwTraceMessage

api-ms-win-core-localregistry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceStatusEx

shfolder

SHGetFolderPathW

user32

KillTimer
RegisterClassExW
CreateWindowExW
TranslateMessage
DispatchMessageW
DestroyWindow
UnregisterClassW
DefWindowProcW
RegisterDeviceNotificationW
PostMessageW
UnregisterDeviceNotification
GetMessageW

rpcrt4

RpcMgmtStopServerListening
RpcBindingInqAuthClientW
RpcRaiseException
RpcRevertToSelf
RpcImpersonateClient
RpcServerUseProtseqEpW
RpcServerRegisterIf
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcStringFreeW
RpcServerListen
NdrServerCall2
RpcMgmtWaitServerListen

kernel32

GetCurrentProcess
DuplicateHandle
CreateDirectoryW
QueryPerformanceCounter
DelayLoadFailureHook
Sleep
ReleaseMutex
CreateMutexW
InterlockedExchange
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
ReadFile
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
MultiByteToWideChar
DeviceIoControl
GetOverlappedResult
OpenProcess
lstrlenW
LocalAlloc
CreateFileW
CreateEventW
GetLastError
HeapFree
GetProcessHeap
HeapAlloc
CreateWaitableTimerW
SetWaitableTimer
WaitForMultipleObjectsEx
CancelWaitableTimer
SetEvent
WaitForSingleObject
CloseHandle
LocalFree
GetSystemTime
SystemTimeToFileTime
CreateThread
CancelIo

Exports

Exports

ServiceMain

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

363e8818b91046db0c441660a6b8befb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

shfolder

user32

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 50KB

PAGE Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 51KB - Virtual size: 50KB

PAGE
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB