Suspicious
Suspect

0dcd7003ebf3e23c9a93bc5031a37be2

PE Executable
|
MD5: 0dcd7003ebf3e23c9a93bc5031a37be2
|
Size: 15.74 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
0dcd7003ebf3e23c9a93bc5031a37be2
Sha1
236018f19013bbe7b2c4a1240f86d1ef767349d8
Sha256
bb814de523268220b4ab91c50031e54d207042b2127f0125d08733cb186454f0
Sha384
f166b14cb34d344bab7120ca3dc3c940ef0ba823bd33391b772cb522c8b15eeb7dbf41f00bb70a91f89d6f39874b693b
Sha512
f2975c1d7f7f46a19a35430ba50dea4f197821d553778c47e2160cac36049a833a3a8c9182171793f0ee66ab8c237de967d97aacf570eb9467a159e5655279de
SSDeep
196608:b8jdFofQiyyr8YuFQ2OvNWMZ/7af6XqzIRBCPMuKf970bjj08YM+sCr3xgsj:oI8Y4Ov0k/7IRMcO9Iz0v3Cm
TLSH
B5F6232BF178903FD1AD177349B39200553B7960A9068C2F43EC794DDF362A22F7A65A

PeID

Free Pascal v0.99.10
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ v6.0 DLL
Pe123 v2006.4.4-4.12
Private EXE Protector V2.30-V2.3X -> SetiSoft Team
VC8 -> Microsoft Corporation
File Structure
0dcd7003ebf3e23c9a93bc5031a37be2
7z-stream @ 0x0033A980.7z
BT
PidVid_List.dat
rtkfilter.cat
Rtkfilter.inf
rtl8821c_mp_chip_bt40_fw_asic_rom_patch_new.dat
rtl8822c_mp_chip_bt40_fw_asic_rom_patch_new.dat
RtkBtFilter.sys
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc
Resources
RT_RCDATA
ID:0000
ID:1033
RT_VERSION
ID:0001
ID:1033
RtkBtManServ.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:2052
RT_MANIFEST
ID:0001
ID:1033
Install.bat
WLAN
netrtwlane.cat
netrtwlane.inf
rtldata.txt
rtwlane.sys
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.enigma1
.enigma2
.vmp0
.vmp1
.themida
.arch
.xtls
.dsstext
.rsrc
.reloc
Resources
EXE
ID:0066
ID:1033
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.itext
.data
.bss
.idata
.didata
.edata
.tls
.rdata
.rsrc
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:1033-preview.png
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
RT_STRING
ID:0FF6
ID:0
ID:0FF7
ID:0
ID:0FF8
ID:0
ID:0FF9
ID:0
ID:0FFA
ID:0
ID:0FFB
ID:0
ID:0FFC
ID:0
ID:0FFD
ID:0
ID:0FFE
ID:0
ID:0FFF
ID:0
ID:1000
ID:0
RT_RCDATA
ID:0000
ID:0
ID:2B67
ID:0
RT_GROUP_CURSOR4
ID:0000
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
ZIP
ID:0067
ID:1033
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
RT_RCDATA
ID:0002
ID:1024
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1033
RT_GROUP_CURSOR4
ID:0001
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_GROUP_CURSOR4
ID:0065
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Artefacts
Name
 Value
PDB Path

t$mn
URLs in VB Code - #1

http://schemas.microsoft.com/SMI/2005/WindowsSettings
URLs in VB Code - #2

http://ocsp.digicert.com0A
URLs in VB Code - #3

http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
URLs in VB Code - #4

http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
URLs in VB Code - #5

http://www.digicert.com/CPS0
URLs in VB Code - #6

http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
URLs in VB Code - #7

http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
URLs in VB Code - #8

http://ocsp.digicert.com0
URLs in VB Code - #9

http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
URLs in VB Code - #10

http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
URLs in VB Code - #11

http://ocsp.digicert.com0X
URLs in VB Code - #12

http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
URLs in VB Code - #13

http://ocsp.digicert.com0C
URLs in VB Code - #14

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
URLs in VB Code - #15

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
URLs in VB Code - #1

http://ocsp.digicert.com0A
URLs in VB Code - #2

http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
URLs in VB Code - #3

http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
URLs in VB Code - #4

http://www.digicert.com/CPS0
URLs in VB Code - #5

http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
URLs in VB Code - #6

http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
URLs in VB Code - #7

http://ocsp.digicert.com0
URLs in VB Code - #8

http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
URLs in VB Code - #9

http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
URLs in VB Code - #10

http://ocsp.digicert.com0X
URLs in VB Code - #11

http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
URLs in VB Code - #12

http://ocsp.digicert.com0C
URLs in VB Code - #13

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
URLs in VB Code - #14

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
PDB Path

C:\orange_v2\orange\Windows_Server\rtwlan_trunk\PLATFORM\NDIS6\PCI\obj\x64\rtwlane.pdb
PDB Path

d:\jenkins\workspace\ReleaseBuild~ComboChip@2\SRC\RtkFilter\VS2015_RtkFilter\bin\Win10Release\x64\RtkBtfilter.pdb
PDB Path

E:\Git\WindowsDriver\BTDevManager_Merge\vs2017_BTDevManager\BTDevManager\bin\x64\Win10 Release\test\RtkBtManServ.pdb
PDB Path

t
0dcd7003ebf3e23c9a93bc5031a37be2 (15.74 MB)
File Structure
0dcd7003ebf3e23c9a93bc5031a37be2
7z-stream @ 0x0033A980.7z
BT
PidVid_List.dat
rtkfilter.cat
Rtkfilter.inf
rtl8821c_mp_chip_bt40_fw_asic_rom_patch_new.dat
rtl8822c_mp_chip_bt40_fw_asic_rom_patch_new.dat
RtkBtFilter.sys
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc
Resources
RT_RCDATA
ID:0000
ID:1033
RT_VERSION
ID:0001
ID:1033
RtkBtManServ.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:2052
RT_MANIFEST
ID:0001
ID:1033
Install.bat
WLAN
netrtwlane.cat
netrtwlane.inf
rtldata.txt
rtwlane.sys
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.enigma1
.enigma2
.vmp0
.vmp1
.themida
.arch
.xtls
.dsstext
.rsrc
.reloc
Resources
EXE
ID:0066
ID:1033
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.itext
.data
.bss
.idata
.didata
.edata
.tls
.rdata
.rsrc
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:1033-preview.png
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
RT_STRING
ID:0FF6
ID:0
ID:0FF7
ID:0
ID:0FF8
ID:0
ID:0FF9
ID:0
ID:0FFA
ID:0
ID:0FFB
ID:0
ID:0FFC
ID:0
ID:0FFD
ID:0
ID:0FFE
ID:0
ID:0FFF
ID:0
ID:1000
ID:0
RT_RCDATA
ID:0000
ID:0
ID:2B67
ID:0
RT_GROUP_CURSOR4
ID:0000
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
ZIP
ID:0067
ID:1033
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
RT_RCDATA
ID:0002
ID:1024
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1033
RT_GROUP_CURSOR4
ID:0001
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_GROUP_CURSOR4
ID:0065
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
PDB Path

t$mn

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #1

http://schemas.microsoft.com/SMI/2005/WindowsSettings

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #2

http://ocsp.digicert.com0A

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #3

http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #4

http://crl3.digicert.com/DigiCertTrustedRootG4.crl0

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #5

http://www.digicert.com/CPS0

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #6

http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #7

http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #8

http://ocsp.digicert.com0

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #9

http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #10

http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #11

http://ocsp.digicert.com0X

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #12

http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #13

http://ocsp.digicert.com0C

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #14

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #15

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0

0dcd7003ebf3e23c9a93bc5031a37be2
URLs in VB Code - #1

http://ocsp.digicert.com0A

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z
URLs in VB Code - #2

http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z
URLs in VB Code - #3

http://crl3.digicert.com/DigiCertTrustedRootG4.crl0

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z
URLs in VB Code - #4

http://www.digicert.com/CPS0

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z
URLs in VB Code - #5

http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z
URLs in VB Code - #6

http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z
URLs in VB Code - #7

http://ocsp.digicert.com0

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z
URLs in VB Code - #8

http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z
URLs in VB Code - #9

http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z
URLs in VB Code - #10

http://ocsp.digicert.com0X

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z
URLs in VB Code - #11

http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z
URLs in VB Code - #12

http://ocsp.digicert.com0C

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z
URLs in VB Code - #13

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z
URLs in VB Code - #14

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z
PDB Path

C:\orange_v2\orange\Windows_Server\rtwlan_trunk\PLATFORM\NDIS6\PCI\obj\x64\rtwlane.pdb

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z > WLAN > rtwlane.sys
PDB Path

d:\jenkins\workspace\ReleaseBuild~ComboChip@2\SRC\RtkFilter\VS2015_RtkFilter\bin\Win10Release\x64\RtkBtfilter.pdb

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z > BT > RtkBtFilter.sys
PDB Path

E:\Git\WindowsDriver\BTDevManager_Merge\vs2017_BTDevManager\BTDevManager\bin\x64\Win10 Release\test\RtkBtManServ.pdb

0dcd7003ebf3e23c9a93bc5031a37be2 > 7z-stream @ 0x0033A980.7z > BT > RtkBtManServ.exe
PDB Path

t

0dcd7003ebf3e23c9a93bc5031a37be2 > Resources > RT_RCDATA > ID:0002 > ID:1024
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙