BthMtpContextHandler[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

BthMtpContextHandler.dll
Size

26KB
MD5

1d7986b8c5a4ba5ceee2394c2126ee79
SHA1

7c8258d54b615a14cec8c18e422e1b23605b7988
SHA256

43a7d671eb293456f6ad71a16b686bdf1b7c8364bbd8f8aac0ea42980ab84ae9
SHA512

0a7148ab2aa454537d75c43a620c3c979d1a4b8bdd736b0fd6b353bfb53691e98950bdd649f18277cbee5064fa055a7bb70be25df51317e4deae8114a6d3c915
SSDEEP

768:KhINLm9eHFRncFyFIueS5YEIDlQYvKs2xx0:KWNO94Iiq7lQYCse

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BthMtpContextHandler.dll

Files

BthMtpContextHandler.dll
.dll regsvr32 windows:6 windows x86 arch:x86

55eddf87727bfb5522e2e9bfd0f3c6cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

BthMtpContextHandler.pdb

Imports

msvcrt

_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_XcptFilter
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy_s
_CxxThrowException
memmove_s
malloc
free
memset
__CxxFrameHandler3
vswprintf_s
_vscwprintf

advapi32

RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

kernel32

InterlockedExchange
GetVersionExA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
GetProcessHeap
GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection

ole32

CoTaskMemAlloc
CoGetMalloc
PropVariantClear
CoTaskMemFree
CoCreateInstance

shlwapi

ord219
ord158
SHStrDupW
ord199

user32

UnregisterClassA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55eddf87727bfb5522e2e9bfd0f3c6cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

shlwapi

user32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB