bt_datachannel[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

bt_datachannel.dll
Size

4.1MB
MD5

dfca05beb0d6a31913c04b1314ca8b4a
SHA1

5fbbccf13325828016446f63d21250c723578841
SHA256

d4c4e05fade7e76f4a2d0c9c58a6b9b82b761d9951ffddd838c381549368e153
SHA512

858d4fb9d073c51c0ab7a0b896c30e35376678cc12aec189085638376d3cc74c1821495692eac378e4509ef5dcab0e8b950ad5bfab66d2c62ab31bc0a75118cf
SSDEEP

98304:tGVfiVHfYzUGCz2WLPhbiTIXuVJ6gSi5jrmn3iFUbv:cMVHfUVCz2APAUX0EgSi5jrEbv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bt_datachannel.dll

Files

bt_datachannel.dll
.dll windows:6 windows x86 arch:x86

0940afd84da2272633437970ae4ceb6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dev_work\bt_datachannel\_dist\Release\bt_datachannel.pdb

Imports

kernel32

WideCharToMultiByte
GetStdHandle
WriteConsoleW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CloseHandle
GetLastError
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateThread
GetExitCodeThread
GetTickCount
ReleaseSRWLockShared
TryAcquireSRWLockShared
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
AcquireSRWLockShared
Sleep
TryEnterCriticalSection
InitializeSRWLock
GetSystemTimeAsFileTime
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
SwitchToFiber
DeleteFiber
CreateFiber
QueryPerformanceCounter
GetCurrentProcessId
MultiByteToWideChar
ConvertThreadToFiber
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
SystemTimeToFileTime
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
OutputDebugStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
ConvertFiberToThread
EnterCriticalSection
PeekNamedPipe
GetFileInformationByHandle
QueryPerformanceFrequency
TryAcquireSRWLockExclusive
WakeConditionVariable
SleepConditionVariableSRW
GetStringTypeW
WaitForSingleObjectEx
SwitchToThread
RaiseException
InitializeCriticalSectionEx
EncodePointer
DecodePointer
GetLocaleInfoEx
LCMapStringEx
CompareStringEx
GetCPInfo
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
GetTimeZoneInformation
GetModuleFileNameW
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
ExitProcess
CreateFileW
GetDriveTypeW
SetEndOfFile

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

ws2_32

WSAIoctl
sendto
recvfrom
listen
getsockname
bind
accept
WSAPoll
socket
setsockopt
send
getsockopt
getpeername
ioctlsocket
connect
closesocket
ntohs
ntohl
htons
htonl
WSAGetLastError
WSACleanup
WSAStartup
getnameinfo
freeaddrinfo
getaddrinfo
WSASetLastError
recv

advapi32

RegisterEventSourceW
ReportEventW
DeregisterEventSource

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

Exports

Exports

BTDC_AddRef
BTDC_AddRemoteCandidate
BTDC_Close
BTDC_CreateDataChannel
BTDC_CreatePeerConnection
BTDC_CreateWebSocket
BTDC_GetCargo
BTDC_GetDataChannelLabel
BTDC_GetDataChannelProtocol
BTDC_GetLocalAddress
BTDC_GetLocalDescription
BTDC_GetLocalDescriptionType
BTDC_GetReceivableSize
BTDC_GetRemoteAddress
BTDC_GetRemoteDescription
BTDC_GetRemoteDescriptionType
BTDC_GetSelectedCandidatePair
BTDC_GetSendableSize
BTDC_GetType
BTDC_Initialize
BTDC_IsClosed
BTDC_IsOpen
BTDC_Receive
BTDC_Release
BTDC_SendData
BTDC_SendText
BTDC_SetCargo
BTDC_SetLocalDescription
BTDC_SetOnCandidate
BTDC_SetOnClosed
BTDC_SetOnConnection
BTDC_SetOnDataChannel
BTDC_SetOnDataMessage
BTDC_SetOnDescription
BTDC_SetOnError
BTDC_SetOnGathering
BTDC_SetOnOpen
BTDC_SetOnReceivable
BTDC_SetOnSendable
BTDC_SetOnSignaling
BTDC_SetOnTextMessage
BTDC_SetRemoteDescription
BTDC_SetSendableThreshold
BTDC_Terminate

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0940afd84da2272633437970ae4ceb6a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ws2_32

advapi32

iphlpapi

bcrypt

Exports

Exports

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 539KB - Virtual size: 539KB

.data Size: 142KB - Virtual size: 152KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 101KB - Virtual size: 100KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 539KB - Virtual size: 539KB

.data
Size: 142KB - Virtual size: 152KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 101KB - Virtual size: 100KB