670322413509f29cd3ec4d1803dfa3b14295ac7ea95c3d6a419b3e8690669521

Sharing

Copy URL Twitter E-mail

General

Target

670322413509f29cd3ec4d1803dfa3b14295ac7ea95c3d6a419b3e8690669521
Size

4.2MB
MD5

10f0e14b66b6b516c6042bdaa13421e6
SHA1

9f0da719aa1436cfa1e423beff3ef66b653d75ce
SHA256

670322413509f29cd3ec4d1803dfa3b14295ac7ea95c3d6a419b3e8690669521
SHA512

8c3c7279e9ffaedd1a767b97fd0076056a9408bbba7f88cdb7d900f19941e247c7922c92fa667fb253a1493c6fcccc9d26200ff53ac3f49ef685ef010f96d49d
SSDEEP

98304:pGVfiVHfYzUGCz2WLPhbiTIXuVP6gSi5jrme3iFUbvm:oMVHfUVCz2APAUX0igSi5jrzbvm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
670322413509f29cd3ec4d1803dfa3b14295ac7ea95c3d6a419b3e8690669521

Files

670322413509f29cd3ec4d1803dfa3b14295ac7ea95c3d6a419b3e8690669521
.dll windows:6 windows x86 arch:x86

0940afd84da2272633437970ae4ceb6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dev_work\bt_datachannel\_dist\Release\bt_datachannel.pdb

Imports

kernel32

WideCharToMultiByte
GetStdHandle
WriteConsoleW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CloseHandle
GetLastError
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateThread
GetExitCodeThread
GetTickCount
ReleaseSRWLockShared
TryAcquireSRWLockShared
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
AcquireSRWLockShared
Sleep
TryEnterCriticalSection
InitializeSRWLock
GetSystemTimeAsFileTime
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
SwitchToFiber
DeleteFiber
CreateFiber
QueryPerformanceCounter
GetCurrentProcessId
MultiByteToWideChar
ConvertThreadToFiber
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
SystemTimeToFileTime
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
OutputDebugStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
ConvertFiberToThread
EnterCriticalSection
PeekNamedPipe
GetFileInformationByHandle
QueryPerformanceFrequency
TryAcquireSRWLockExclusive
WakeConditionVariable
SleepConditionVariableSRW
GetStringTypeW
WaitForSingleObjectEx
SwitchToThread
RaiseException
InitializeCriticalSectionEx
EncodePointer
DecodePointer
GetLocaleInfoEx
LCMapStringEx
CompareStringEx
GetCPInfo
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
GetTimeZoneInformation
GetModuleFileNameW
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
ExitProcess
CreateFileW
GetDriveTypeW
SetEndOfFile

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

ws2_32

WSAIoctl
sendto
recvfrom
listen
getsockname
bind
accept
WSAPoll
socket
setsockopt
send
getsockopt
getpeername
ioctlsocket
connect
closesocket
ntohs
ntohl
htons
htonl
WSAGetLastError
WSACleanup
WSAStartup
getnameinfo
freeaddrinfo
getaddrinfo
WSASetLastError
recv

advapi32

RegisterEventSourceW
ReportEventW
DeregisterEventSource

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

Exports

Exports

BTDC_AddRef
BTDC_AddRemoteCandidate
BTDC_Close
BTDC_CreateDataChannel
BTDC_CreatePeerConnection
BTDC_CreateWebSocket
BTDC_GetCargo
BTDC_GetDataChannelLabel
BTDC_GetDataChannelProtocol
BTDC_GetLocalAddress
BTDC_GetLocalDescription
BTDC_GetLocalDescriptionType
BTDC_GetReceivableSize
BTDC_GetRemoteAddress
BTDC_GetRemoteDescription
BTDC_GetRemoteDescriptionType
BTDC_GetSelectedCandidatePair
BTDC_GetSendableSize
BTDC_GetType
BTDC_Initialize
BTDC_IsClosed
BTDC_IsOpen
BTDC_Receive
BTDC_Release
BTDC_SendData
BTDC_SendText
BTDC_SetCargo
BTDC_SetLocalDescription
BTDC_SetOnCandidate
BTDC_SetOnClosed
BTDC_SetOnConnection
BTDC_SetOnDataChannel
BTDC_SetOnDataMessage
BTDC_SetOnDescription
BTDC_SetOnError
BTDC_SetOnGathering
BTDC_SetOnOpen
BTDC_SetOnReceivable
BTDC_SetOnSendable
BTDC_SetOnSignaling
BTDC_SetOnTextMessage
BTDC_SetRemoteDescription
BTDC_SetSendableThreshold
BTDC_Terminate

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0940afd84da2272633437970ae4ceb6a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ws2_32

advapi32

iphlpapi

bcrypt

Exports

Exports

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 539KB - Virtual size: 539KB

.data Size: 142KB - Virtual size: 152KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 101KB - Virtual size: 100KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 539KB - Virtual size: 539KB

.data
Size: 142KB - Virtual size: 152KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 101KB - Virtual size: 100KB