4f561fc8529a4dcebf77ed8f3ddbd59d

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2019-Dec-30 11:52:38
Detected languages English - United States
Debug artifacts D:\jkp\workspace\BCP_HSW\4512\PHBTW00369\src\ibt_win_src\06-host_sw\win\bin\ibtsiva\Win10Release\x64\ibtsiva.pdb
Comments TIC: PHBTW00369
CompanyName Intel Corporation
FileDescription Intel(R) Wireless Bluetooth(R) iBtSiva Service
FileVersion 21.70.0.3
InternalName Intel(R) Wireless Bluetooth(R) iBtSiva Service
LegalCopyright Intel Corporation (C) 2015
OriginalFilename iBtSiva.exe
ProductName Intel(R) Wireless Bluetooth(R)
ProductVersion 21.70.0.3

Plugin Output

Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
  • LoadLibraryW
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Can access the registry:
  • RegCreateKeyExW
  • RegQueryInfoKeyW
  • RegSetValueExW
  • RegDeleteKeyW
  • RegCloseKey
  • RegQueryValueExW
  • RegOpenKeyExW
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Interacts with services:
  • DeleteService
  • QueryServiceStatus
  • ControlService
  • CreateServiceW
  • OpenServiceW
  • OpenSCManagerW
Info The PE is digitally signed. Signer: Intel(R) Wireless Connectivity Solutions
Issuer: Intel External Issuing CA 7B
Safe VirusTotal score: 0/69 (Scanned on 2020-12-18 07:33:49) All the AVs think this file is safe.

Hashes

MD5 4f561fc8529a4dcebf77ed8f3ddbd59d
SHA1 d0265e07d341eb36213c4c472ced9254b075b724
SHA256 87196018c28a46ab9b596831b276370d79aaa6e5a214ef0edcbfdbfdbfc933e3
SHA3 4623f11aa6b308eab07af73e910362b85c9fd2d93b3437a3ae895fc52adb2c9f
SSDeep 6144:hyra9BEnGX5JxXVxT0zqEujFsVP/ptzAXkNDUTq/h714oh9Jh7gWZn/Fz:+a9BEcjcqnBsd7/KshOorT7Nz
Imports Hash 454bd28cad1032d36a0abbd0a1cee9e3

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2019-Dec-30 11:52:38
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x52400
SizeOfInitializedData 0x2e000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000149A0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x86000
SizeOfHeaders 0x400
Checksum 0x8e431
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 c14c23c308e5a35579556f9227d9ccc9
SHA1 2dfd16ee0b0b9ab453ba31c8d6b83c1997dd271e
SHA256 eda304cf81dd3b38a87362b754ae197b32443160bb3972375f3ab8ac849e5774
SHA3 ffea988dd181b33ebb3b777932746f8fdd30afc789e5b73b9236cdebbc5246c2
VirtualSize 0x5221c
VirtualAddress 0x1000
SizeOfRawData 0x52400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.44618

.rdata

MD5 f053874aee55d6c899dfde6c56ca510c
SHA1 6315afa2bdf7f7301e8c93fb7868580d456aaf1f
SHA256 1522232b7da17059dd2b6ad37009068064a2ed4d03a29b8a1b1c91bf7fa42832
SHA3 53fedcce0419f188ba96fd2dc8dc3d6a21fbe2e81ca3292dc322d908a08168da
VirtualSize 0x213b6
VirtualAddress 0x54000
SizeOfRawData 0x21400
PointerToRawData 0x52800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.84721

.data

MD5 55b6a762dc23c575aaac0d549c5353ce
SHA1 0f9228363568237757579566cc0a55126e5d7fe4
SHA256 a3a59ca37e33ac6b32d0331d67dc937ae109199ab40a66d6f61bb56a41f78d1c
SHA3 8786f01e6778314e1883774cb7f99a4d9f2802654f76cc7c10a64cb3d66d4452
VirtualSize 0x616c
VirtualAddress 0x76000
SizeOfRawData 0x4400
PointerToRawData 0x73c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.34423

.pdata

MD5 c5675815296fed7dae3bd85c9414a9af
SHA1 b8571bc07945bd4d129d807905f99318882ff857
SHA256 9c858c07dd3923b79e41f22d389e4bcafe592fad843eec93fe8cd837a7a2944d
SHA3 26e866262cf326e4eb7c370bffd1f611e3b5bbf76cd64fabf32b4c4727d5f093
VirtualSize 0x4d4c
VirtualAddress 0x7d000
SizeOfRawData 0x4e00
PointerToRawData 0x78000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.72522

_RDATA

MD5 7b0ddf43623ce1a02f032026c824b892
SHA1 02b6e0d7e9dfd5df28a1c4229073ef5e64a34625
SHA256 a962226d99d70e1f00fcca17cc445cb6615ef558bac397e1db57e1ebe0fe5fe3
SHA3 eeb8083e75f4468213d0e1f342ad35e31c8bec51fdc568842d35c9056a83e952
VirtualSize 0x100
VirtualAddress 0x82000
SizeOfRawData 0x200
PointerToRawData 0x7ce00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.19421

.rsrc

MD5 c555796d2864c4ccb5dc1cfaa56e2fcf
SHA1 47eda41338d6b631762573b05da2c7d0a9a3ea49
SHA256 3d572bcfccf2398b5d1a96ab5b4e96ca93c081927d8afeee94bad57b60cca7c2
SHA3 005f4c57915bd81400b5c9f90ab41eafe63f82000c04d73dfb77ce08bda40fc5
VirtualSize 0x5e8
VirtualAddress 0x83000
SizeOfRawData 0x600
PointerToRawData 0x7d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.1012

.reloc

MD5 b26386273b8bc0e2edb427ae8c0298c3
SHA1 7493cc295436779a334b30aeffbae99d164498c0
SHA256 db0614a261bf08c45a8e523bc45fd7241452480d5707ae573c178c2526600a66
SHA3 f3f4c33200071cf62051e39decb0b23e1d70fe2646803a8db2185d6d5bce2916
VirtualSize 0x1218
VirtualAddress 0x84000
SizeOfRawData 0x1400
PointerToRawData 0x7d600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.26891

Imports

wlanapi.dll WlanFreeMemory
WlanCloseHandle
WlanEnumInterfaces
WlanOpenHandle
WlanIhvControl
SETUPAPI.dll SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetDevicePropertyW
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsExW
CM_Get_DevNode_Status
KERNEL32.dll GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcess
TerminateProcess
OutputDebugStringW
FindFirstFileExW
GetCurrentThreadId
GetCurrentProcessId
Sleep
GetModuleFileNameW
WaitForMultipleObjects
QueueUserWorkItem
SetEvent
ResetEvent
WaitForSingleObject
QueryPerformanceCounter
QueryPerformanceFrequency
CloseHandle
GetLastError
CreateEventW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW
SetUnhandledExceptionFilter
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
GetFileSizeEx
SetFilePointerEx
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapReAlloc
FindClose
ADVAPI32.dll DeleteService
QueryServiceStatus
ControlService
CreateServiceW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
DeregisterEventSource
RegisterEventSourceW
RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
ReportEventW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
TraceMessage

Delayed Imports

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x3c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.46684
MD5 829183a375efeb3f595390a59dad32c8
SHA1 2dd9be4f7e9aa0362babc46e16dbd61f37682ccf
SHA256 f225ae310f96c68b312cd39b28dbe740b4585fac7d11ec2698cbff0a24cc0d87
SHA3 9484fe30ec0b4290392db2ad72a50df740ea144886a6ca08a229e79b80d0c976

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 21.70.0.3
ProductVersion 21.70.0.3
FileFlags (EMPTY)
FileOs VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
FileType VFT_APP
Language English - United States
Comments TIC: PHBTW00369
CompanyName Intel Corporation
FileDescription Intel(R) Wireless Bluetooth(R) iBtSiva Service
FileVersion (#2) 21.70.0.3
InternalName Intel(R) Wireless Bluetooth(R) iBtSiva Service
LegalCopyright Intel Corporation (C) 2015
OriginalFilename iBtSiva.exe
ProductName Intel(R) Wireless Bluetooth(R)
ProductVersion (#2) 21.70.0.3
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2019-Dec-30 11:52:38
Version 0.0
SizeofData 137
AddressOfRawData 0x6ce0c
PointerToRawData 0x6b60c
Referenced File D:\jkp\workspace\BCP_HSW\4512\PHBTW00369\src\ibt_win_src\06-host_sw\win\bin\ibtsiva\Win10Release\x64\ibtsiva.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2019-Dec-30 11:52:38
Version 0.0
SizeofData 20
AddressOfRawData 0x6ce98
PointerToRawData 0x6b698

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2019-Dec-30 11:52:38
Version 0.0
SizeofData 1000
AddressOfRawData 0x6ceac
PointerToRawData 0x6b6ac

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2019-Dec-30 11:52:38
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x14006d2b8
EndAddressOfRawData 0x14006d2c0
AddressOfIndex 0x14007ae58
AddressOfCallbacks 0x1400545f0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x108
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140076000
GuardCFCheckFunctionPointer 5369054480
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x9ea51a1
Unmarked objects 0
C++ objects (26715) 176
ASM objects (27316) 8
C++ objects (27316) 125
C objects (27316) 30
Imports (26715) 9
Total imports 173
ASM objects (26715) 12
C objects (26715) 23
265 (27404) 8
Resource objects (27404) 1
151 1
Linker (27404) 1

Errors

<-- -->