fdBth[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fdBth.dll
Size

96KB
MD5

0d86a12c82264c1d449934eecd34866c
SHA1

97ac0fe2349c3c8a6658c716915c25e60b705a01
SHA256

f1ae6884a8b16b77f876d432b9bdc3a84248657291dd871a18248e472f56a48f
SHA512

5529e68564fd1bcc3534d43e4fab3087ae66ee2e2392067e8bfe5471de9259186faa398c8104dd0fa8b12f446c28e235f0920e8c81504fe0de80235ed87f02be
SSDEEP

1536:RMhQcZ6dbsw7auOaGLs9Co391VdcJBBUO68c+QUiOqep9E:G8dbsw7fAgVdcJBu+diOqE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdBth.dll

Files

fdBth.dll
.dll windows:6 windows x86 arch:x86

cf76bea55eed250b580e1f655941ae29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

fdBth.pdb

Imports

msvcrt

_XcptFilter
_vsnwprintf
memcpy
swscanf
free
malloc
wcschr
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_except_handler4_common
__CxxFrameHandler3
_amsg_exit
_initterm
memset
_callnewh
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_ftol2
wcstombs_s
_wtoi

ntdll

EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwTraceMessage
EtwGetTraceEnableFlags

api-ms-win-core-localregistry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegGetValueW
RegCreateKeyExW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

cryptsp

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

rpcrt4

UuidFromStringW

bthprops.cpl

BthpEnableAllServices
BluetoothUnregisterAuthentication
BthpFindPnpInfo
BluetoothSendAuthenticationResponseEx
BluetoothRemoveDevice
BthpMapStatusToErr
BluetoothFindFirstDevice
BluetoothFindNextRadio
BluetoothFindNextDevice
BluetoothFindDeviceClose
BluetoothFindFirstRadio
BluetoothFindRadioClose
BluetoothGetDeviceInfo
BluetoothEnumerateInstalledServicesEx
BluetoothFindFirstServiceEx
BluetoothFindNextService
BluetoothFindServiceClose
BluetoothFindFirstClassId
BluetoothAddressToString
BluetoothRegisterForAuthenticationEx
BluetoothFindClassIdClose

user32

MsgWaitForMultipleObjects
RegisterClassExW
PeekMessageW
TranslateMessage
UnregisterDeviceNotification
SetTimer
PostMessageW
UnregisterClassW
DestroyWindow
KillTimer
RegisterDeviceNotificationW
DefWindowProcW
GetWindowLongW
SetWindowLongW
MsgWaitForMultipleObjectsEx
DispatchMessageW
CreateWindowExW

kernel32

ReleaseMutex
CreateThread
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SetEvent
UnregisterWait
WaitForMultipleObjects
CancelIoEx
WaitForSingleObject
InterlockedCompareExchange
HeapAlloc
HeapSize
lstrlenW
CreateMutexW
RegisterWaitForSingleObject
DelayLoadFailureHook
GetProcAddress
FreeLibrary
LoadLibraryExA
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileW
LocalFree
GetProcessHeap
HeapFree
LocalAlloc
SystemTimeToFileTime
CreateEventW
DeviceIoControl
ResetEvent
GetOverlappedResult
CloseHandle
GetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf76bea55eed250b580e1f655941ae29

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

cryptsp

rpcrt4

bthprops.cpl

user32

kernel32

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 85KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 85KB - Virtual size: 85KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB