BluetoothApis[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

BluetoothApis.dll
Size

93KB
MD5

8d09c988ce2ad04646bfbdda1be7c381
SHA1

4f6fc3b28d54d87f4e38ad3d54ea6659e0873cce
SHA256

e735bd2089fd6a4ff9d806f2232b6caa9f6181fffea76a26136efca4bd5349ac
SHA512

62722cf64f9e0a9c6078d566c767edf89b654eecd5dda3cd706d8f9daee6071853e2b7a92e69f135840ac77e36aac8ed7a470b3fdbbe835dd21882b9a72e909a
SSDEEP

1536:t6p6yDq0EE0ZjJ+ykamKrftXlUWISLXsTvgeIDxnLnTC8wv2:Mp6sRSjAykaVrf3UHSLXsTR8XCbv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BluetoothApis.dll

Files

BluetoothApis.dll
.dll windows:10 windows x86 arch:x86

e9ad8af70a4c02b3a694b6923eb7f857

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

BluetoothApis.pdb

Imports

msvcrt

_unlock
__dllonexit
malloc
_amsg_exit
_XcptFilter
free
_initterm
_onexit
_except_handler4_common
memcpy
memcmp
_callnewh
swscanf
_vsnwprintf
_wcsicmp
memcpy_s
wcstombs
_lock
memset

ntdll

RtlNtStatusToDosError
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
NtQueryInformationToken

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-service-winsvc-l1-2-0

QueryServiceStatus

api-ms-win-core-localization-l1-2-1

GetThreadLocale
FormatMessageW

api-ms-win-core-processthreads-l1-1-2

CreateThread
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
ResumeThread

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
GetProcAddress
FreeLibrary

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-debug-l1-1-1

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-synch-l1-2-0

OpenSemaphoreW
ReleaseSemaphore
Sleep
WaitForSingleObjectEx
CreateEventExW
WaitForMultipleObjectsEx
CreateEventW
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
SetEvent
ResetEvent
WaitForSingleObject

api-ms-win-core-heap-l1-2-0

HeapFree
GetProcessHeap
HeapAlloc

rpcrt4

MesHandleFree
MesEncodeDynBufferHandleCreate
RpcBindingSetAuthInfoExW
RpcExceptionFilter
MesBufferHandleReset
RpcStringFreeW
RpcStringBindingComposeW
NdrMesProcEncodeDecode2
NdrClientCall2
RpcBindingFree
RpcBindingFromStringBindingW

api-ms-win-security-base-l1-2-0

CreateWellKnownSid

api-ms-win-core-file-l1-2-1

CreateFileW

api-ms-win-core-io-l1-1-1

GetOverlappedResult
DeviceIoControl
CancelIoEx

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegQueryValueExW
RegEnumValueW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-com-l1-1-1

CoUninitialize
CoCreateInstance
CoInitializeEx
StringFromGUID2

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathIsRelativeW

devobj

DevObjUninstallDevice
DevObjGetClassDevs
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInfo
DevObjOpenDevRegKey
DevObjCreateDeviceInfoList
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjGetDeviceInstanceId

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

cfgmgr32

DevCreateObjectQueryEx
DevCloseObjectQuery

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l2-1-1

ReOpenFile

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

BluetoothAddressToString
BluetoothDisconnectDevice
BluetoothEnableDiscovery
BluetoothEnableIncomingConnections
BluetoothEnumerateInstalledServices
BluetoothEnumerateInstalledServicesEx
BluetoothEnumerateLocalServices
BluetoothFindBrowseGroupClose
BluetoothFindClassIdClose
BluetoothFindDeviceClose
BluetoothFindFirstBrowseGroup
BluetoothFindFirstClassId
BluetoothFindFirstDevice
BluetoothFindFirstProfileDescriptor
BluetoothFindFirstProtocolDescriptorStack
BluetoothFindFirstProtocolEntry
BluetoothFindFirstRadio
BluetoothFindFirstService
BluetoothFindFirstServiceEx
BluetoothFindNextBrowseGroup
BluetoothFindNextClassId
BluetoothFindNextDevice
BluetoothFindNextProfileDescriptor
BluetoothFindNextProtocolDescriptorStack
BluetoothFindNextProtocolEntry
BluetoothFindNextRadio
BluetoothFindNextService
BluetoothFindProfileDescriptorClose
BluetoothFindProtocolDescriptorStackClose
BluetoothFindProtocolEntryClose
BluetoothFindRadioClose
BluetoothFindServiceClose
BluetoothGATTAbortReliableWrite
BluetoothGATTBeginReliableWrite
BluetoothGATTEndReliableWrite
BluetoothGATTGetCharacteristicValue
BluetoothGATTGetCharacteristics
BluetoothGATTGetDescriptorValue
BluetoothGATTGetDescriptors
BluetoothGATTGetIncludedServices
BluetoothGATTGetServices
BluetoothGATTRegisterEvent
BluetoothGATTSetCharacteristicValue
BluetoothGATTSetDescriptorValue
BluetoothGATTUnregisterEvent
BluetoothGetDeviceInfo
BluetoothGetLocalServiceInfo
BluetoothGetRadioInfo
BluetoothGetServicePnpInstance
BluetoothIsConnectable
BluetoothIsDiscoverable
BluetoothIsVersionAvailable
BluetoothRegisterForAuthentication
BluetoothRegisterForAuthenticationEx
BluetoothRemoveDevice
BluetoothSdpEnumAttributes
BluetoothSdpGetAttributeValue
BluetoothSdpGetContainerElementData
BluetoothSdpGetElementData
BluetoothSdpGetString
BluetoothSendAuthenticationResponse
BluetoothSendAuthenticationResponseEx
BluetoothSetLocalServiceInfo
BluetoothSetServiceState
BluetoothSetServiceStateEx
BluetoothUnregisterAuthentication
BluetoothUpdateDeviceRecord
BthpCheckForUnsupportedGuid
BthpCleanupBRDeviceNode
BthpCleanupDeviceLocalServices
BthpCleanupDeviceRemoteServices
BthpCleanupLEDeviceNodes
BthpEnableA2DPIfPresent
BthpEnableAllServices
BthpEnableConnectableAndDiscoverable
BthpEnableRadioSoftware
BthpFindPnpInfo
BthpGATTCloseSession
BthpInnerRecord
BthpIsBluetoothServiceRunning
BthpIsConnectableByDefault
BthpIsDiscoverable
BthpIsDiscoverableByDefault
BthpIsRadioSoftwareEnabled
BthpIsTopOfServiceGroup
BthpMapStatusToErr
BthpNextRecord
BthpRegisterForAuthentication
BthpSetServiceState
BthpSetServiceStateEx
BthpTranspose16Bits
BthpTranspose32Bits
BthpTransposeAndExtendBytes
DllCanUnloadNow
FindNextOpenVCOMPort
InstallIncomingComPort
ShouldForceAuthentication

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9ad8af70a4c02b3a694b6923eb7f857

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-handle-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-2-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

rpcrt4

api-ms-win-security-base-l1-2-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-io-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processenvironment-l1-2-0

oleaut32

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

devobj

api-ms-win-core-threadpool-private-l1-1-0

cfgmgr32

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l2-1-1

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 72KB

PAGE Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 64B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 72KB - Virtual size: 72KB

PAGE
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 64B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB