btop4win-x64[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

btop4win-x64.zip
Size

963KB
MD5

e94232b85b6e65dd8c182c8174a3f6f2
SHA1

e9ca90c5d4ade5a87088e6f7aa0ee89b43a09e4b
SHA256

d95bb671232a97ad951b7fc22813c2ea0417e164e797e5e476eedf3313d30126
SHA512

225d60333fe5a61df4c3f52c8a79dde4d44210a6b6f91932dab09367edfd6af7c937f269de16671997e30d8eed6667c11f24c2bfbbaa8d5bdc5b016a72064891
SSDEEP

12288:O5jdr4qQcK5UzUKepTtN4QiaFyc04XLYeF16uOrGJGb+rqc7zRb5xiBKWrhUClOn:OFiqQc+UzUz9f4QipEasNuc/oBKuUC1M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/btop4win/btop4win.exe

Files

btop4win-x64.zip
.zip
btop4win/CHANGELOG.md
btop4win/LICENSE
btop4win/README.md
btop4win/btop4win.exe
.exe windows:6 windows x64 arch:x64

57fe3e8d2640a4d2422ce361fd1a55b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Source\btop4win\x64\Release\btop4win.pdb

Imports

psapi

GetProcessMemoryInfo
GetPerformanceInfo

kernel32

CreateEventW
GetTickCount64
GetLastError
Process32NextW
Process32FirstW
HeapReAlloc
GetSystemInfo
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
SystemTimeToFileTime
GlobalMemoryStatusEx
WideCharToMultiByte
GetSystemTimeAsFileTime
GetDiskFreeSpaceExA
GetProcessTimes
GetStdHandle
ReadConsoleInputW
GetNumberOfConsoleInputEvents
TerminateProcess
ReadFile
GetConsoleScreenBufferInfo
SetConsoleMode
CreatePipe
WaitForSingleObject
LocalAlloc
GetConsoleMode
CreateToolhelp32Snapshot
GlobalFree
CloseHandle
LocalFree
CreateProcessW
SetConsoleOutputCP
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
OpenProcess
CreateFileW
GetVolumeInformationA
InitializeCriticalSectionEx
GetSystemPowerStatus
GetSystemTimes
GetDriveTypeA
DeviceIoControl
RegisterWaitForSingleObject
GetCurrentProcess
HeapFree
GetLogicalDrives
GetModuleFileNameW
SetConsoleTitleA
SetConsoleCtrlHandler
SetStdHandle
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
GetConsoleOutputCP
FlushFileBuffers
GetFileSizeEx
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetCommandLineW
GetCommandLineA
WriteFile
WriteConsoleW
GlobalAlloc
SetFileInformationByHandle
FreeLibraryAndExitThread
ResumeThread
FormatMessageA
GetLocaleInfoEx
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetEndOfFile
SetFileAttributesW
RtlUnwind
SetFilePointerEx
SetFileTime
GetTempPathW
AreFileApisANSI
CreateDirectoryExW
CopyFileW
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
MultiByteToWideChar
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
WaitForSingleObjectEx
Sleep
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
EncodePointer
CompareStringEx
GetCPInfo
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
OutputDebugStringW
RaiseException
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread

user32

UnregisterClassW

advapi32

QueryServiceStatusEx
RegQueryValueExW
LookupAccountSidW
CloseServiceHandle
OpenSCManagerW
ControlService
StartServiceW
ChangeServiceConfigW
OpenServiceW
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
ImpersonateSelf
OpenProcessToken
RegOpenKeyExW

ole32

CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantInit
GetErrorInfo
SysFreeString
VariantClear
SysAllocString

ntdll

NtQuerySystemInformation
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

pdh

PdhOpenQueryW
PdhCollectQueryDataEx
PdhAddEnglishCounterW
PdhGetFormattedCounterValue

ws2_32

inet_ntop

iphlpapi

GetAdaptersAddresses
GetIfEntry2

powrprof

CallNtPowerInformation

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btop4win/themes/HotPurpleTrafficLight.theme
btop4win/themes/adapta.theme
btop4win/themes/ayu.theme
btop4win/themes/dracula.theme
btop4win/themes/dusklight.theme
btop4win/themes/elementarish.theme
btop4win/themes/everforest-dark-hard.theme
btop4win/themes/flat-remix-light.theme
btop4win/themes/flat-remix.theme
btop4win/themes/greyscale.theme
btop4win/themes/gruvbox_dark.theme
btop4win/themes/gruvbox_dark_v2.theme
btop4win/themes/gruvbox_material_dark.theme
btop4win/themes/kyli0x.theme
btop4win/themes/matcha-dark-sea.theme
btop4win/themes/monokai.theme
btop4win/themes/night-owl.theme
btop4win/themes/nord.theme
btop4win/themes/onedark.theme
btop4win/themes/paper.theme
btop4win/themes/solarized_dark.theme
btop4win/themes/solarized_light.theme
btop4win/themes/tokyo-night.theme
btop4win/themes/tokyo-storm.theme
btop4win/themes/tomorrow-night.theme
btop4win/themes/whiteout.theme

Sharing

General

Malware Config

Signatures

Files

57fe3e8d2640a4d2422ce361fd1a55b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

advapi32

ole32

oleaut32

ntdll

pdh

ws2_32

iphlpapi

powrprof

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 379KB - Virtual size: 379KB

.data Size: 44KB - Virtual size: 89KB

.pdata Size: 112KB - Virtual size: 111KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 379KB - Virtual size: 379KB

.data
Size: 44KB - Virtual size: 89KB

.pdata
Size: 112KB - Virtual size: 111KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 6KB - Virtual size: 6KB