» bthpan.sys
Overview
Analysis
File Details
Behaviors (1)

bthpan.sys

Bluetooth Personal Area Networking

NGO

It runs as a Windows 64-bit kernel mode device driver named “Bluetooth Device (Personal Area Network)”.

File name:

bthpan.sys

Publisher:

Microsoft Corporation (signed by NGO)

Product:

Microsoft® Windows® Operating System

Description:

Bluetooth Personal Area Networking

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

MD5:

06205a30006d7898df97a5e53cb12bca

SHA-1:

9271262738d98aa687107ccda90d5bb64647e268

SHA-256:

5dee1fa0a92dcd41a43c58974c86843f5796a57f7b9b3256b54c7ec4a66ef668

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 5:56:47 AM UTC (today)

File size:

117 KB (119,808 bytes)

Product version:

6.1.7600.16385

Original file name:

bthpan.sys

File type:

Driver (Win64 SYS)

Common path:

C:\Windows\System32\drivers\bthpan.sys

Digital Signature

Signed by:

NGO

Authority:

NGO

Valid from:

1/19/2011 6:59:49 PM

Valid to:

1/1/2040 3:59:59 AM

Subject:

CN=NGO

Issuer:

CN=NGO

Serial number:

36B7C81CF11865BF4EBBA55D4777B2F2

File PE Metadata

Compilation timestamp:

7/14/2009 4:07:00 AM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:dkmR95dpx7RFvDWSlW4AfRpp+fW0guZ1bTe2g7CN:zvT7RFvlmh+fWsPTB1

Entry address:

0x1D614

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, D6, F9, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 44, 72, 69, 76, 65, 72, 45, 6E, 74, 72, 79, 00, 78, D7, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, BE, DB, 01, 00, F0, 80, 01, 00, 88, D6, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 52, DE, 01, 00, 00, 80, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 2A, DE, 01, 00, 00, 00, 00, 00, 14, DE, 01, 00... 
[+]

Code size:

102 KB (104,448 bytes)

Driver

Display name:

Bluetooth Device (Personal Area Network)

Service name:

BthPan

Type:

Kernel device driver (KernelDriver)

Group:

NDIS

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.