Microsoft[.]Bluetooth[.]Proxy[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Microsoft.Bluetooth.Proxy.dll
Size

187KB
MD5

eb263c76b0363aca76785fd2e56f8fbd
SHA1

cfae8d4a3a704c0d5564b8ec0d843caa60650111
SHA256

c7fde15f226e20dc2bd14148b648febd960b09a1311ea5e03d76f88eb3ebd66d
SHA512

8fae4aec8d78e2090c7860f4451f4991430d7cbda96d78b5065cba7198c1288ce4f3834d9df0770388fb960794920a658e206e3818b3b35690f87a890537df44
SSDEEP

3072:jrTBtMz/8lNrFyLBp9hTkUJ239g2zY7W/NKa+D7mys6:vTMLBZno39g2zY7yo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Microsoft.Bluetooth.Proxy.dll

Files

Microsoft.Bluetooth.Proxy.dll
.dll windows:10 windows x86 arch:x86

a9495c36b0b92074e8deaae735897f09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Bluetooth.Proxy.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
_except_handler4_common
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler3
memcmp

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeSRWLock
WaitForSingleObjectEx
ReleaseSemaphore
AcquireSRWLockExclusive
CreateMutexExW
CreateSemaphoreExW
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
HSTRING_UserFree
HSTRING_UserUnmarshal
WindowsIsStringEmpty
HSTRING_UserSize
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsCreateString
HSTRING_UserMarshal

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoReleaseMarshalData
CoSetProxyBlanket
CoCreateFreeThreadedMarshaler
CoUnmarshalInterface
CoGetMalloc
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-2-0

RtlCompareMemory

api-ms-win-shcore-stream-l1-1-0

IStream_Write
SHCreateMemStream
IStream_Reset
IStream_Read

rpcrt4

CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
NdrOleFree
NdrDllGetClassObject
NdrOleAllocate
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrDllCanUnloadNow
CStdStubBuffer_Invoke
CStdStubBuffer_QueryInterface
NdrCStdStubBuffer2_Release
NdrStubCall2
NdrStubForwardingFunction

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient17
ObjectStublessClient10
ObjectStublessClient12
ObjectStublessClient14
ObjectStublessClient11
CStdStubBuffer2_CountRefs
ObjectStublessClient3
ObjectStublessClient15
CStdStubBuffer2_Disconnect
ObjectStublessClient7
ObjectStublessClient13
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
ObjectStublessClient16
ObjectStublessClient18
NdrProxyForwardingFunction3
NdrProxyForwardingFunction5
ObjectStublessClient6
CStdStubBuffer2_Connect
ObjectStublessClient9
ObjectStublessClient8

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9495c36b0b92074e8deaae735897f09

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-shcore-stream-l1-1-0

rpcrt4

api-ms-win-core-com-l1-1-1

api-ms-win-core-com-midlproxystub-l1-1-0

Exports

Exports

Sections

.text Size: 159KB - Virtual size: 158KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 159KB - Virtual size: 158KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB