BWContextHandler[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

BWContextHandler.dll
Size

52KB
MD5

889b25ffa8b5b39e137281bf84fac51c
SHA1

dbc21005d364626d437aed3169e23f57a26f6682
SHA256

3874be69434ebbec5b33921552374dc073156a13b00a2fa04511c3a341919af9
SHA512

57e37d3871c702b8e608ff1a806777ee63473cd6aa43e81ce2fa689d01298c03f7bb9154fa29e7511dea90b71d4353b5aec59c1a3b6d3343b37c00fdf6a0eb73
SSDEEP

1536:eytf7ETS3LFXAMtg1IA8mfJBnk/8j6BTT:5gWXAKQLnk/8GtT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BWContextHandler.dll

Files

BWContextHandler.dll
.dll regsvr32 windows:10 windows x86 arch:x86

bafcc91fb2ec39da3f4cf5d2752fd9c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

BWContextHandler.pdb

Imports

msvcrt

__dllonexit
_onexit
_unlock
_lock
_errno
_except_handler4_common
_vsnwprintf
_initterm
_amsg_exit
_XcptFilter
_callnewh
wcscat_s
wcscpy_s
_purecall
_localtime64_s
wcsftime
memmove_s
_mktime64
free
malloc
wcsncpy_s
memcpy_s
realloc
memset

shell32

SHCreateItemFromIDList
ord77
ord727
ShellExecuteW
ord893
DuplicateIcon
SHGetItemFromObject
ord155

shlwapi

StrToInt64ExW

oleaut32

VarUI4FromStr

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
StringFromGUID2
PropVariantClear
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapReAlloc
HeapAlloc
HeapDestroy
HeapSize

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
LockResource
LoadStringW
FindResourceExW
LoadResource
SizeofResource

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegGetValueW
RegOpenKeyExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
LoadLibraryW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale
FormatMessageW
GetLocaleInfoW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
InitializeCriticalSection
CreateMutexExW
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseMutex
CreateSemaphoreExW
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

kernel32

lstrcmpiW

user32

UnregisterClassA
GetDlgItemTextW
SendMessageW
ShowWindow
GetDlgItem
EnableWindow
SetDlgItemTextW
GetParent
SetWindowLongW
GetWindowLongW
DestroyIcon

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bafcc91fb2ec39da3f4cf5d2752fd9c6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

shell32

shlwapi

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

kernel32

user32

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 40KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 41KB - Virtual size: 40KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB