bthci[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

bthci.dll
Size

89KB
MD5

254537eabb2d82e48e77e0b881ff6af4
SHA1

de3d32c6c7cc585db6bb448ac27cd56ef07b1b39
SHA256

18c7c0006f87d302bfc8778be5aa94aa1c88616014a55e5839d2c031765908fc
SHA512

a679c9c6b21ef80a4175df4471f7fa4268da046ea7024378919d028a5a17d56f643a1b33ff6d73aa1ef89cdc08e431abe317e9d01f0855fee5669b90f37759fb
SSDEEP

1536:efKxYFSCqLSAhv9D3k0MTgFveWbXkbTsUFncU:efKbKAhv53FbFveIkcU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bthci.dll

Files

bthci.dll
.dll windows:6 windows x64 arch:x64

4cd67e537211927c639933ca2d5522a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bthci.pdb

Imports

msvcrt

_vsnwprintf
swprintf_s
vswprintf_s
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
malloc
wcsncmp
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
free
memset

kernel32

Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
MultiByteToWideChar
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
lstrcmpiW
lstrlenW
LocalAlloc
WideCharToMultiByte
GetProcAddress
GetModuleHandleW
GetSystemFirmwareTable
CompareStringW
LocalFree
GetComputerNameW
CloseHandle
DeviceIoControl
CreateFileW
GetLastError
SetLastError
DisableThreadLibraryCalls
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
GetModuleFileNameW
LoadLibraryExW

user32

GetParent
GetWindowLongPtrW
SetWindowLongPtrW
LoadStringW
SendMessageW
EnableWindow
ShowWindow
SetWindowTextW
GetWindowTextW
IsWindowEnabled
GetDlgItem
EndDialog
DialogBoxParamW

advapi32

RegSetKeySecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW

ole32

CoTaskMemAlloc
CoTaskMemFree

shlwapi

SHDeleteKeyW

setupapi

SetupLogErrorW
SetupOpenLog
SetupDiCreateDevRegKeyW
SetupCloseLog
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassInstallParamsW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsExW
SetupDiOpenDeviceInfoW

Exports

Exports

BluetoothClassInstaller

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cd67e537211927c639933ca2d5522a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

shlwapi

setupapi

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 780B

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 55KB - Virtual size: 55KB

.reloc Size: 512B - Virtual size: 108B

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 780B

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 55KB - Virtual size: 55KB

.reloc
Size: 512B - Virtual size: 108B