btpanui[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

btpanui.dll
Size

65KB
MD5

c41bd5cc1d5e7e0d6a5fda668e1ade8b
SHA1

4918821c08bbf84ab13e8b1f03ee231920aa4b10
SHA256

6a89b11b7ea4e48ceefd2c0d74690cf8b65e3d14f852090e25624766f3ffab28
SHA512

2e1307b248dec97c69688e9a2f853bc5856978963fb245b2daac6bef7ad1d2918841c8ca2d117d88f71e574ffef0373978a8d42b4c37f135a58f773f8cb29341
SSDEEP

1536:mQhRzSIPa2zKHJ+0VuZ+7+uDhX7jquzQF4yKXMtzkIW8PQqyKUAKyC:fR2sa2mp+0EZOjKDr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
btpanui.dll

Files

btpanui.dll
.dll regsvr32 windows:6 windows x86 arch:x86

c941dafe7d6d85aa609eeb7edaade750

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

btpanui.pdb

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
__CxxFrameHandler3
memcpy
malloc
realloc
free
memset
_except_handler4_common

slc

SLGetWindowsInformationDWORD

kernel32

OutputDebugStringA
lstrcmpiW
MultiByteToWideChar
lstrlenW
lstrcpyW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CloseHandle
GetCurrentProcess
HeapDestroy
RegQueryInfoKeyW
GetCurrentThread
lstrcatW
LoadLibraryExW
lstrcpynW
lstrlenA
RegEnumKeyExW
RegDeleteValueW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
HeapCreate
HeapAlloc
HeapFree
GetProcessHeap
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VerifyVersionInfoW
VerSetConditionMask
GetModuleFileNameW
SetLastError
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
GetLocalTime
LocalFree
FormatMessageW
GetLastError
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection

advapi32

AllocateAndInitializeSid
FreeSid
DuplicateToken
RegDeleteKeyW
OpenThreadToken
EqualSid
OpenProcessToken
GetTokenInformation
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
LoadTypeLi
RegisterTypeLi
VarI4FromStr

user32

LoadStringW
MessageBoxW
LoadImageW
GetDlgItemTextW
SendDlgItemMessageW
SetDlgItemTextW
GetParent
GetDlgItem
SetWindowLongW
EnableWindow
CharNextW
GetWindowLongW

shell32

SHGetFolderPathW
ShellExecuteW
SHCreateItemFromParsingName
SHGetIDListFromObject
ShellExecuteExW

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c941dafe7d6d85aa609eeb7edaade750

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

slc

kernel32

advapi32

ole32

oleaut32

user32

shell32

rpcrt4

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 30KB

.orpc Size: 512B - Virtual size: 51B

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 30KB - Virtual size: 30KB

.orpc
Size: 512B - Virtual size: 51B

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 3KB