BthTelemetry[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

BthTelemetry.dll
Size

27KB
MD5

b6d797e918fa87e7f3bfcee1eab7e73c
SHA1

1d9d81641d5b2f4bac5e167634c98c975f90d240
SHA256

ec1e38250fb5f2306a431868a30ecc2bd9373d5cac853673131526402c07295a
SHA512

5ade4c509a5e8029c76e99c2a80effcc2a3c2089ca3d4fb671e2ee7071a511db1648fda1b649318927d8cabee44560d7ca95654197a880241c2f646dca01d74a
SSDEEP

384:Wko6NF2gGeFTy/ndbcJNFO4JDwgHFhAmYh8c66zVJooEesnbTMR0AW4N4Wx9/r:lFMeFm1IbRFjAHT7snbgRdDNr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BthTelemetry.dll

Files

BthTelemetry.dll
.dll windows:10 windows x86 arch:x86

6e82fba4572fed6957843bd1fbcf6cd9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

BthTelemetry.pdb

Imports

msvcrt

strcat_s
sprintf_s
qsort
strnlen
realloc
_itoa_s
_initterm
_ui64tow_s
malloc
free
_amsg_exit
_XcptFilter
memcpy
_vsnwprintf
_except_handler4_common
memset

ntdll

RtlUnicodeToUTF8N
RtlUTF8ToUnicodeN
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlNtStatusToDosError
EtwTraceMessage

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount
GetSystemTime

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-1

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep
CreateEventExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-io-l1-1-1

DeviceIoControl
GetOverlappedResult

api-ms-win-core-file-l1-2-1

CreateFileW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

bcrypt

BCryptCreateHash
BCryptHashData
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

BthCollectFingerprintInfo
BthProcessEventDataDword
BthProcessEventOccurrence
BthProcessEventOccurrenceBthaddr
BthProcessEventOccurrenceResult
BthProcessEventOccurrenceResultBthaddr
BthProcessRpalEventOccurrence
BthTraceLocalRadioInfo

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e82fba4572fed6957843bd1fbcf6cd9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-io-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-heap-l2-1-0

bcrypt

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

PAGE Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 964B

.idata Size: 3KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 992B

.text
Size: 18KB - Virtual size: 17KB

PAGE
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 964B

.idata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 992B