RemoveDeviceContextHandler[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

RemoveDeviceContextHandler.dll
Size

55KB
MD5

44fbf10c111d052f95ea53a0abf2cf93
SHA1

0961a745ec226627153a784d8b7c19c274d40d6b
SHA256

c456f815b971047e667d9c4e61e7d799589a25b2fe525c3e5d835f64e417ba6f
SHA512

8996f48d043226f792995aa5a670e6d66bbfd6703652b3c34b907ab981836ae632024608d061804a1825dba4fe5919a12094104d58b7406663e8ba1a5d5b33e6
SSDEEP

1536:hrdIWgq4UsBVz1XgQ5wuwOyiI1JNOn96TZcSiH:lgqLsBjXgQ5wdDOnIlbiH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RemoveDeviceContextHandler.dll

Files

RemoveDeviceContextHandler.dll
.dll windows:10 windows x86 arch:x86

e893c48843b0d0105a1e67b0f5e5b5ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

RemoveDeviceContextHandler.pdb

Imports

msvcrt

_except_handler4_common
_errno
realloc
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
_purecall
free
malloc
wcsncpy_s
memcpy_s
_vsnwprintf
memset

shell32

ord77
ord100
ord155
SHCreateItemFromIDList
ord727

shlwapi

SHStrDupW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
SizeofResource
DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress
FindResourceExW
GetModuleHandleW
LoadResource
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
LoadStringW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
CreateMutexExW
InitializeCriticalSection
ReleaseSRWLockExclusive
CreateSemaphoreExW
DeleteCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VarUI4FromStr

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc
PropVariantClear
CoCreateInstance

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventRegister
EventUnregister

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
WakeAllConditionVariable
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

kernel32

lstrcmpiW

ole32

CoGetObject
CoAllowSetForegroundWindow

propsys

PropVariantToString

user32

AllowSetForegroundWindow
UnregisterClassA
GetForegroundWindow
DestroyIcon

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e893c48843b0d0105a1e67b0f5e5b5ad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

shell32

shlwapi

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

kernel32

ole32

propsys

user32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 12B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 12B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB