BTZ[.]exe | Triage

General

Target

BTZ.exe
Size

73KB
MD5

cff0392ac2a1d782f43f7938ea18af4f
SHA1

1dfd93a3106a1b4fd10cfaf8b8bb4bb606c4093d
SHA256

ecfed4163f7058856e1d253a29d06d808c069670e4a06cad66f42e71cbc83a2e
SHA512

134f6c8343bbcce6e23ae370193aa1b415f337790e13b2cd6171e657c775c7971a7b13146d930b5273b0ea64ee947df1cc5467e4dd52900d70f13550c6b9ae8b
SSDEEP

1536:G9LdawS6uhNSyy8siRf7JAzNOpGZUDyxPlOMA9u95cenJp:o5axvNSyy8mOaUDyxPlOMxEKH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BTZ.exe

Files

BTZ.exe
.exe windows:4 windows x86 arch:x86

827a6f15f6b2e8771ffaf1bcd8d5fbef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
CopyFileA
ReadFile
SetFileTime
GetFileTime
GetVersionExA
FreeLibrary
Sleep
lstrcmpiA
WriteFile
LoadLibraryA
MoveFileA
TerminateProcess
OpenProcess
GetModuleFileNameA
CreateProcessA
GetFileSize
SetFilePointer
GetLastError
GetLocalTime
GetSystemDirectoryA
CreateDirectoryA
GetWindowsDirectoryA
GetEnvironmentVariableA
GetTempPathA
lstrcatA
lstrlenA
DeleteFileA
CreateFileA
DeviceIoControl
CloseHandle
GetProcAddress
GetModuleHandleA
GetStartupInfoA

advapi32

DeleteService
OpenServiceA
StartServiceA
ControlService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegSetValueA
RegCloseKey
RegDeleteKeyA

user32

wsprintfA
CharLowerBuffA

msvcrt

_controlfp
time
memcmp
memset
??3@YAXPAX@Z
strrchr
strchr
strstr
__CxxFrameHandler
memcpy
??2@YAPAXI@Z
_vsnprintf
strlen
_CxxThrowException
strtok
strcpy
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

827a6f15f6b2e8771ffaf1bcd8d5fbef

Headers

File Characteristics

Imports

kernel32

advapi32

user32

msvcrt

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 56KB - Virtual size: 55KB

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 56KB - Virtual size: 55KB