BWContextHandler[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

BWContextHandler.dll
Size

62KB
MD5

f4a1b4d4ccfd8eeef0259fae58cfae5c
SHA1

0136a1323e4f85c773e86e62caeb6dc90182179b
SHA256

f686935861cbebc11b7a857346c041b4d39dddc79560fdf89663e557d87c6ee8
SHA512

3f65cce672f98114ef64092668996ea9ce749c951fbeece77557c05a57085b1f3c338f5bc6451772fc27d0627bd5160623f4a342469d07a718a1701e65f32d39
SSDEEP

1536:ruo/6FwHWbNShEPPVaYd/JgB5gXcCeJzgTg:rdOVmEP9aGCBqCWg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BWContextHandler.dll

Files

BWContextHandler.dll
.dll regsvr32 windows:6 windows x86 arch:x86

ae0fc47a7fe723e63a60fee1ae73d947

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

BWContextHandler.pdb

Imports

msvcrt

wcscpy_s
wcsncpy_s
memcpy_s
malloc
_vsnwprintf
_mktime64
memmove_s
memset
_purecall
??_U@YAPAXI@Z
??2@YAPAXI@Z
wcsftime
_localtime64_s
_XcptFilter
free
_amsg_exit
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
realloc
_errno
??_V@YAXPAX@Z
_initterm
??3@YAXPAX@Z
wcscat_s

advapi32

CheckTokenMembership
AllocateAndInitializeSid
FreeSid
RegEnumKeyExW
EventWrite
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW
EventUnregister
EventRegister
RegCloseKey
RegOpenKeyExW

kernel32

GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetThreadLocale
LoadLibraryA
lstrcmpiW
SetEvent
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FileTimeToSystemTime
FileTimeToLocalFileTime
LoadLibraryExW
CompareStringOrdinal
CloseHandle
WaitForSingleObject
CreateEventW
CreateThread
FreeLibrary
MultiByteToWideChar
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLocaleInfoW

ole32

StringFromGUID2
CoCreateInstance
PropVariantClear
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoGetObject
CoAllowSetForegroundWindow
CoUninitialize
CoInitializeEx

oleaut32

SysStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString

shell32

ShellExecuteW
ord727
ord77
ord18
DuplicateIcon
SHCreateItemFromIDList
ord730
SHGetItemFromObject
ord155
ord893

shlwapi

SHStrDupW
ord16

user32

CharNextW
LoadStringW
SendMessageW
DestroyIcon
AllowSetForegroundWindow
GetForegroundWindow
GetDlgItemTextW
ShowWindow
EnableWindow
GetDlgItem
SetDlgItemTextW
SetWindowLongW
GetParent
GetWindowLongW
PostMessageW
UnregisterClassA

winspool.drv

ord204
ord203

propsys

PropVariantToStringAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae0fc47a7fe723e63a60fee1ae73d947

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

oleaut32

shell32

shlwapi

user32

winspool.drv

propsys

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 52KB - Virtual size: 52KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB