RemoveDeviceContextHandler[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

RemoveDeviceContextHandler.dll
Size

56KB
MD5

c25271a72dbcb77bccda79854bfd1a08
SHA1

d6f6570170ff4e0e720d2ce42b2fd26ef6e6ee8d
SHA256

a042fbda65e8ccc46572a4cc707d53b5adddb4b1f9d46c649fda6f6940434233
SHA512

da57e7884142d91063b385bf0ad1a84f9d5f9d855c06fac003853e4193bf6b49920af6b6344304f542bfb618ed9c422684fddcf695804496fb3cd746ada42b22
SSDEEP

1536:lwYGV8OSt9HBcQr2dV3HAnNOGx3kMZYBDFWntFKI+KrxaMQi:SM9HBcQUinNOGxUWKq9jQi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RemoveDeviceContextHandler.dll

Files

RemoveDeviceContextHandler.dll
.dll windows:10 windows x86 arch:x86

7ee2a08ced37461fc72f1b9541797fbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

RemoveDeviceContextHandler.pdb

Imports

msvcrt

realloc
_except_handler4_common
_onexit
_errno
_unlock
__dllonexit
_lock
_initterm
_amsg_exit
_XcptFilter
memcpy_s
wcsncpy_s
malloc
memset
_callnewh
_purecall
free
_vsnwprintf

shell32

ord100
ord155
SHCreateItemFromIDList
ord727
ord77

shlwapi

SHStrDupW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetProcAddress
FindResourceExW
GetModuleHandleA
LoadResource
GetModuleHandleW
LoadLibraryExW
SizeofResource
GetModuleHandleExW
GetModuleFileNameW
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
AcquireSRWLockExclusive
InitOnceBeginInitialize
InitOnceComplete
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
ReleaseSRWLockExclusive
Sleep
ReleaseSemaphore
CreateSemaphoreExW

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-1

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
CreateThread
GetCurrentProcess

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryA
LoadLibraryW

oleaut32

VarUI4FromStr

api-ms-win-core-com-l1-1-1

CoTaskMemFree
PropVariantClear
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
StringFromGUID2
CoUninitialize

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

lstrcmpiW

ole32

CoGetObject
CoAllowSetForegroundWindow

propsys

PropVariantToString

user32

AllowSetForegroundWindow
GetForegroundWindow
DestroyIcon
UnregisterClassA

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ee2a08ced37461fc72f1b9541797fbf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

shell32

shlwapi

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-2

oleaut32

api-ms-win-core-com-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-profile-l1-1-0

kernel32

ole32

propsys

user32

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 12B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 44KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 12B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB