btpanui[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

btpanui.dll
Size

111KB
MD5

a6dcf2ee5e9271bcaf45b927d33d3a1a
SHA1

e3103da1066c303210f5f0975ba24a8ad7fbeeaa
SHA256

32184d6260d73828ca08f3d390bbff837f351c2bbafe8fa492e8c831062e6d96
SHA512

3e84a9277ae81f7d95160390d565be33121295c818e0df43d1044d7847539b04aff8f8b4493a39d6379a7b195c4873d2e2925e2930e34e927e50f044090fcdcd
SSDEEP

768:WCdeDeWw+SsfjWEgQqPmddyVEWka0k7D/6ISt3WmQb:3MDeWrfjpqeuVUZkH/6ht

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
btpanui.dll

Files

btpanui.dll
.dll regsvr32 windows:10 windows x86 arch:x86

2fb9817d5a655a55d440c9bd8a1d273b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

btpanui.pdb

Imports

msvcrt

__CxxFrameHandler3
_except_handler4_common
?terminate@@YAXXZ
_initterm
_amsg_exit
realloc
free
malloc
memcpy
_XcptFilter
memset

kernel32

FindResourceW
LoadResource
SizeofResource
FreeLibrary
CloseHandle
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
GetCurrentProcess
GetCurrentThread
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryExA
EncodePointer
DecodePointer
InterlockedPushEntrySList
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
VerSetConditionMask
lstrcpynW
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueExW
lstrcmpiW
OutputDebugStringA
GetModuleFileNameW
LoadLibraryW
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
SetLastError
GetLocalTime
LocalFree
GetLastError
FormatMessageW
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExW

advapi32

FreeSid
AllocateAndInitializeSid
DuplicateToken
EqualSid
GetTokenInformation
OpenThreadToken
OpenProcessToken
RegDeleteKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
ObjectStublessClient4
ObjectStublessClient8
ObjectStublessClient6
ObjectStublessClient5
ObjectStublessClient7
ObjectStublessClient3

oleaut32

VarI4FromStr

user32

LoadStringW
MessageBoxW
LoadImageW
SetWindowLongW
GetWindowLongW
GetParent
GetDlgItemTextW
SendDlgItemMessageW
SetDlgItemTextW
EnableWindow
GetDlgItem
CharNextW

shell32

ShellExecuteW
SHGetFolderPathW
SHCreateItemFromParsingName
ShellExecuteExW
SHGetIDListFromObject

rpcrt4

IUnknown_Release_Proxy
NdrDllUnregisterProxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrDllGetClassObject
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect

ntdll

RtlVerifyVersionInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fb9817d5a655a55d440c9bd8a1d273b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

ole32

oleaut32

user32

shell32

rpcrt4

ntdll

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 2KB - Virtual size: 1KB